google-auth-library-java icon indicating copy to clipboard operation
google-auth-library-java copied to clipboard
verified publisher icon googleapis

AppEngineCredential depends on legacy bundled service

Open yonghaoy opened this issue 1 year ago • 9 comments

Hello, we are upgrading GAE from Java 8 to 11 and also trying to get ride of legacy bundled service .

Here is how we generate default AccessToken today.

GoogleCredentials credentials = AppEngineCredentials.newBuilder().setScopes(scopes).setAppIdentityService(AppIdentityServiceFactory.getAppIdentityService()).build();

The reason we do it this way is because if using GoogleCredentials.getDefaulCredential, because the call to .createScoped will silently proceed by doing nothing?

Question: 1: How to use AppEngineCredentials without turning on legacy bundle? Because I get feature not enabled error when calling without turning it on 2: Do we still need to include appengine-sdk1.0 in our dependency? As those imports are there:

import com.google.appengine.api.appidentity.AppIdentityService;
import com.google.appengine.api.appidentity.AppIdentityService.GetAccessTokenResult;
import com.google.appengine.api.appidentity.AppIdentityServiceFactory;

Thanks

yonghaoy avatar Apr 11 '24 13:04 yonghaoy

And why GoogleCredentials.getDefaulCredential does not work, I suspect it's related with https://github.com/googleapis/google-auth-library-java/issues/1274

yonghaoy avatar Apr 11 '24 14:04 yonghaoy

I guess you meant GoogleCredentials.getApplicationDefault method.

From the code, it looks like createScoped should work with GoogleCredentials.getApplicationDefault, if it returns an app engine credentials.

The getApplicationDefault code to get app engine cred: https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L197-L199

App engine code to add scopes: https://github.com/googleapis/google-auth-library-java/blob/main/appengine/java/com/google/auth/appengine/AppEngineCredentials.java#L94

For the Java specific question, I will leave it to our Java expert.

arithmetic1728 avatar Apr 13 '24 22:04 arithmetic1728

createScoped does not work after upgrading from 1.11 to 1.24. I suspect that is similar to https://github.com/googleapis/google-auth-library-java/issues/1274...

For now, we have to bring back legacy service and use the old way to get a token that with scopes. https://github.com/all-of-us/workbench/blob/727be385a0c5b3895ddf8650c4900aef4875a278/api/src/main/java/org/pmiops/workbench/auth/ServiceAccounts.java#L39L53

yonghaoy avatar Apr 17 '24 13:04 yonghaoy

Also for the code you pointed above: https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L197-L199 seems it only works for GAE 7 standard env? Is that right?

yonghaoy avatar Apr 19 '24 20:04 yonghaoy