googleapis
feat: adding support for authentication type on UserAuthorizer
Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
- [ ] Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
- [x] Ensure the tests and linter pass
- [x] Code coverage does not decrease (if any source code was changed)
- [x] Appropriate docs were updated (if necessary)
Fixes #<issue_number_goes_here> ☕️
The change basically following the logic that NodeJS change: https://github.com/googleapis/google-auth-library-nodejs/pull/1814
The key point is telling the client how are the UserAuthorizer going to provide auth with token URI.
Our current way is to have client_secret sending as part of the post url parameter. The STS endpoint won't allow that and they are not accepting client_secret field. Instead, the STS is using basic auth which takes a base64 encoding of client_id:client_secret.
Here the change is to provide a parameter to UserAuthorizer which auth from #RFC we are using and set the POST (Current way) as default.
Then in the implementation, when sending the token request, we apply a basic auth header if the authentication type is set to BASIC.
If you write sample code, please follow the samples format.
The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
ExternalAccountAuthorizedUserCredentials won't need any changes to have the capability of BYOID. Cloud Code can choose this one if they want to switch.
Per the sync with Cloud Code, they currently using UserAuthorizer for existing flow, what we do is just adding the capability to UserAuthorizer calling token endpoint with basic auth header.
Quality Gate passed
Issues
3 New issues
0 Accepted issues
Measures
0 Security Hotspots
92.6% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
ExternalAccountAuthorizedUserCredentialswon't need any changes to have the capability of BYOID. Cloud Code can choose this one if they want to switch. Per the sync with Cloud Code, they currently usingUserAuthorizerfor existing flow, what we do is just adding the capability toUserAuthorizercalling token endpoint with basic auth header.
The method you've updated here returns UserCredentials. This is not compatible with the BYOID flow.
The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
ExternalAccountAuthorizedUserCredentialswon't need any changes to have the capability of BYOID. Cloud Code can choose this one if they want to switch. Per the sync with Cloud Code, they currently usingUserAuthorizerfor existing flow, what we do is just adding the capability toUserAuthorizercalling token endpoint with basic auth header.The method you've updated here returns UserCredentials. This is not compatible with the BYOID flow.
UserCredentials is holding clientId, tokenServerUri, refreshToken, access_token etc. That's all the user wants.
And during the authentication flow. Now with modification. We have the generate auth URL done inside the getCredentialsFromCode with the addtionalParameters properly set. That will give the auth url we need, then we make the http request to sts.googleapis.com/v1/oauthtoken and exchange the access token. The access token is going to be set in the property of UserCredentials. And this will be return to the user agent (Cloud Code in our case).
Maybe this is not the same flow with our existing BYOID flow. I believe the flow is still work as help the UserAuthorizer class able to get the access token with minimum changes.
Quality Gate passed
Issues
3 New issues
0 Accepted issues
Measures
0 Security Hotspots
92.6% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud