rvilgalys
commented
1 year ago Hi @ErikBooijMB! Thanks for sending this. We also heard about this issue from a couple of our CEs who passed along the other correspondence.
Unfortunately I can't merge this directly as this Repo is now maintained and published from google's internal source control, so we'll have to make the changes internally along with adding more tests to confirm the new auth is working. We might also look into using the option package wrapping the transport package that you're using here as that offers other ways of auth as well.
Since I don't want to hold you up waiting for me here, I'd suggest using a fork with this change until we can get it released. Will update #24 with this info and also when we have anything more to share on this.
ErikBooijMB
Currently the Webrisk client requires authentication with an API key, which can be inconvenient or even impossible in certain circumstances/environments. In our case we need to authenticate through our application default credentials, and this change aims to make that possible.
By substituting the raw
*http.Clientfor the client provided by Google's own API Client package, this becomes possible with no change required for consumers of the client.For users authenticating with an API key, that continues to function as-is, for users starting to use this client, they can choose between API key or ADC.
I think it would also resolve this issue: https://github.com/google/webrisk/issues/24