lsirac
commented
3 weeks ago The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
Open BigTailWolf opened 4 weeks ago
lsirac
commented
3 weeks ago The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
BigTailWolf
commented
3 weeks ago The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
ExternalAccountAuthorizedUserCredentials won't need any changes to have the capability of BYOID. Cloud Code can choose this one if they want to switch.
Per the sync with Cloud Code, they currently using UserAuthorizer for existing flow, what we do is just adding the capability to UserAuthorizer calling token endpoint with basic auth header.
sonarcloud[bot]
commented
3 weeks ago 
Quality Gate passedIssues
3 New issues
0 Accepted issues
Measures
0 Security Hotspots
92.6% Coverage on New Code
0.0% Duplication on New Code
Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
Fixes # ☕️
The change basically following the logic that NodeJS change: https://github.com/googleapis/google-auth-library-nodejs/pull/1814
The key point is telling the client how are the
UserAuthorizergoing to provide auth with token URI. Our current way is to haveclient_secretsending as part of the post url parameter. The STS endpoint won't allow that and they are not acceptingclient_secretfield. Instead, the STS is using basic auth which takes a base64 encoding ofclient_id:client_secret.Here the change is to provide a parameter to
UserAuthorizerwhich auth from #RFC we are using and set thePOST(Current way) as default. Then in the implementation, when sending the token request, we apply a basic auth header if the authentication type is set toBASIC.If you write sample code, please follow the samples format.