googleapis / google-auth-library-python

Google Auth Python Library
https://googleapis.dev/python/google-auth/latest/
Apache License 2.0
778 stars 307 forks source link

publicly expose _default._load_credentials_from_info #1313

Closed kapilt closed 1 year ago

kapilt commented 1 year ago

at the moment the public interface is just google.auth.default() and load_credentials_from_file, but if we have a data dictionary already due to it being loaded from a non file source it would be nice to pass it directly to load_credentials_from_info https://github.com/googleapis/google-auth-library-python/blob/main/google/auth/_default.py#L133

the load from file function is just a super thin wrapper to load from info.

afaics load_credentials_from_info is the most compatible across all the auth forms that gcp supports. (user default app, service account, external).

clundin25 commented 1 year ago

Hey @kapilt, can you expand on your use case a bit more? How is this dict being created?

kapilt commented 1 year ago

we're typically storing the credential info in a big table style data store, we want to be able to use service accounts, or workload identity federation information directly from the data store. using load_credentials_from_info would allow that, serializing to a temp file to using the existing interface is fairly extraneous.

clundin25 commented 1 year ago

@kapilt,

That sounds reasonable. I'll chat with the team and propose adding an API load_credentials_from_dict that will let applications use a dictionary instead of a file