Open olefirenque opened 2 weeks ago
codyoss
commented
1 week ago Would you mind raising an issue on https://github.com/googleapis/google-cloud-go instead. This package google package is slowly being phased out in favor of https://pkg.go.dev/cloud.google.com/go/auth/credentials
olefirenque
commented
1 week ago Sure, I can bring this up, but I would like to point out that in my case I use both client_credentials and token-exchange from oauth2 (I don't actually use any Google cloud infrastructure). It would be more convenient to use this enhancement here, since it allows to handle token issuance errors in a more general way (in particular, they will have a common type for the error).
Can the attached MR still be considered?
codyoss
commented
1 week ago (I don't actually use any Google cloud infrastructure)
Your PR and issue mention the google sub-directory that is used for Google clients. This package will soon be deprecated in favor of the one I liked above. We don't plan on adding any more features to this google package at this time.
Hello!
The standard implementation of
client_credentialsgrant_type uses aRetrieveError, which is really useful because it provides the raw response body and error code.https://github.com/golang/oauth2/blob/3e6480915d39dd1a80fa460e56413857f02cc1b9/token.go#L184-L198
As I noticed, the
stsexchangeimplementation wraps the raw error message, which makes it difficult to properly handle custom errors from different OIDC providers.https://github.com/golang/oauth2/blob/3e6480915d39dd1a80fa460e56413857f02cc1b9/google/internal/stsexchange/sts_exchange.go#L89-L91
It would be great if
stsexchangewrapped errors the same wayclient_credentialsdo.