ServiceAccountCredential on .NET Core

googleapis / google-api-dotnet-client

Google APIs Client Library for .NET

https://developers.google.com/api-client-library/dotnet

Apache License 2.0

1.34k stars 523 forks source link

ServiceAccountCredential on .NET Core #797

Closed henkmollema closed 8 years ago

henkmollema commented 8 years ago

Are there any plans on supporting server-to-server access to Google API's using the ServiceAccountCredential class on .NET Core (including Linux)?

Currently it's still not available due to RSACryptoServiceProvider not being available on Linux (see this).

I understand this is problematic since RSACryptoServiceProvider is part of the public API, but I still hope a solution can be found.

Related: #695, #758

chrisdunelm commented 8 years ago

System.Security.Cryptography.Cng is not available on Linux, so an alternative RSA implementation will need finding/writing.

henkmollema commented 8 years ago

@chrisdunelm there is an OpenSSL implementation: https://www.nuget.org/packages/System.Security.Cryptography.OpenSsl. I've been using it to call Google API's succesfully using an X509 certificate.

chrisdunelm commented 8 years ago

Unfortunately System.Security.Cryptography.OpenSsl requires netstandard >=1.6, whereas we're targetting netstanard1.3, so we can't use this unless we re-target.

henkmollema commented 8 years ago

@chrisdunelm why no support for the FromCertificate method in .NET Standard? The implementation is pretty straightforward:

Just call the GetRSAPrivateKey() extension method on the X509Certificate2 which returns an RSA instance.

Key = certificate.GetRSAPrivateKey();

chrisdunelm commented 8 years ago

@henkmollema Yes, the implementation is straightforward, but I'm not sure if the returned RSA instance will be supported on non-Windows platforms (Linux), and I haven't yet implemented the test that would ensure it's OK. If you can work out how to add a netstandard1.3 test of X509Certificate in ServiceAccountCredentialTests.cs please let me know :)

chrisdunelm commented 8 years ago

Created #807 for X509Certificate initialization.

ghost commented 8 years ago

Hi @henkmollema a .NET Core newbie question: Do you know why this doesn't work even if I'm targeting net452 on project.json? As I understand this would use the full framework and Windows APIs, no? I'm using the GoogleCredential.FromStream and I get the Service Account credentials are not supported in .NET Core. exception :disappointed:

chrisdunelm commented 8 years ago

@nicolocodev Exactly which Google library(s) and version are you depending on?

ghost commented 8 years ago

@chrisdunelm my project.json looks like:

  "frameworks": {
    "net452": {
      "dependencies":{
        "Google.Apis.Vision.v1" : "1.15.0.572"        
      }
    }
  }

chrisdunelm commented 8 years ago

@nicolocodev odd, yes, I would expect it to use the full net45 library in the Google.Apis.Auth package. Please can you update to version 1.16.0.593 (the latest version) and restore/build again and let me know what happens? Thanks.

LindaLawton commented 8 years ago

I agree it's odd. Mind posting your Auth code as well?

ghost commented 8 years ago

@chrisdunelm updated, now it works!

chrisdunelm commented 8 years ago

Great :) Glad to hear it.

ghost commented 8 years ago

umm but now works on netcoreapp1.0 also.

chrisdunelm commented 8 years ago

@nicolocodev yes, support has been added for service credentials on .NET Core in the 1.16.0 release. Is this causing a problem?

ghost commented 8 years ago

No, it works well, thank you!