Open BigTailWolf opened 4 weeks ago
The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
The library methods here return UserCredentials. Is this compatible with BYOID? We have ExternalAccountAuthorizedUserCredentials for BYOID.
ExternalAccountAuthorizedUserCredentials
won't need any changes to have the capability of BYOID. Cloud Code can choose this one if they want to switch.
Per the sync with Cloud Code, they currently using UserAuthorizer
for existing flow, what we do is just adding the capability to UserAuthorizer
calling token endpoint with basic auth header.
Issues
3 New issues
0 Accepted issues
Measures
0 Security Hotspots
92.6% Coverage on New Code
0.0% Duplication on New Code
Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:
Fixes # ☕️
The change basically following the logic that NodeJS change: https://github.com/googleapis/google-auth-library-nodejs/pull/1814
The key point is telling the client how are the
UserAuthorizer
going to provide auth with token URI. Our current way is to haveclient_secret
sending as part of the post url parameter. The STS endpoint won't allow that and they are not acceptingclient_secret
field. Instead, the STS is using basic auth which takes a base64 encoding ofclient_id:client_secret
.Here the change is to provide a parameter to
UserAuthorizer
which auth from #RFC we are using and set thePOST
(Current way) as default. Then in the implementation, when sending the token request, we apply a basic auth header if the authentication type is set toBASIC
.If you write sample code, please follow the samples format.