google-cloud-node icon indicating copy to clipboard operation
google-cloud-node copied to clipboard

Published 20 hours ago verified publisher icon googleapis

Support OAuth 2.0 authentication

Open thecodejunkie opened this issue 5 years ago • 9 comments

Since OAuth 2.0 is a supported authentication methods for Google APIs, it would be nice if these set of APIs supported it. You can already do it using google-auth-library together with the googleapis. I am currently writing an application (that supports multi-tenancy) which performs operations on behalf of the users, so the OAuth flow is the natural choice, since handling API keys or Service Accounts is a much less smooth approach.

thecodejunkie avatar Feb 04 '19 09:02 thecodejunkie

Good call. This shouldn't be terribly hard since we're using google-auth-library under the hood for auth, which has all of the corresponding OAuth2 junk. @googleapis/yoshi do any of the other cloud libraries support OAuth2 workflows out of the box?

JustinBeckwith avatar Feb 04 '19 15:02 JustinBeckwith

The .NET library has support for a few workflows out of the box. @chrisdunelm knows more than I do; docs are at https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth. We recently released an ASP.NET Core MVC package as well, which isn't documented there yet.

jskeet avatar Feb 04 '19 15:02 jskeet

@jskeet fancy meeting you here 😄

thecodejunkie avatar Feb 04 '19 18:02 thecodejunkie

Python's former library did have flows for oauth2 stuff, but the new google-auth library does not have these built-in. It has core support for using OAuth 2.0 credentials, but obtaining them is separate - you use the google-auth-oauthlib package for that.

On Mon, Feb 4, 2019 at 10:32 AM Andreas Håkansson [email protected] wrote:

@jskeet https://github.com/jskeet fancy meeting you here 😄

— You are receiving this because you are on a team that was mentioned. Reply to this email directly, view it on GitHub https://github.com/googleapis/google-cloud-node/issues/2898#issuecomment-460359377, or mute the thread https://github.com/notifications/unsubscribe-auth/AAPUc9uhI63MUczmYM02kfUzpQChF8l8ks5vKHyqgaJpZM4agyek .

theacodes avatar Feb 05 '19 00:02 theacodes

I just tried to use the new Google analytics data api with the node js library.

It worked fine when feeding it a service account credential file, however when feeding it an Oauth2 credential file it gives the following error

(node:14561) UnhandledPromiseRejectionWarning: Error: The incoming JSON object does not contain a client_email field
    at JWT.fromJSON (/home/linda/WebstormProjects/google_nodejs_samples/node_modules/google-gax/node_modules/google-auth-library/build/src/auth/jwtclient.js:195:19)
    at GoogleAuth._cacheClientFromJSON (/home/linda/WebstormProjects/google_nodejs_samples/node_modules/google-gax/node_modules/google-auth-library/build/src/auth/googleauth.js:301:16)
    at ReadStream.<anonymous> (/home/linda/WebstormProjects/google_nodejs_samples/node_modules/google-gax/node_modules/google-auth-library/build/src/auth/googleauth.js:335:36)
    at ReadStream.emit (events.js:228:7)
    at endReadableNT (_stream_readable.js:1185:12)
    at processTicksAndRejections (internal/process/task_queues.js:81:21)

As mentioned perilously in this thread the above works just fine with the .net cloud library. I find it strange that this library would only support service account authentication.

LindaLawton avatar Dec 04 '20 11:12 LindaLawton

@silvolu @bcoe is this on the roadmap?

danoscarmike avatar Feb 01 '21 19:02 danoscarmike