google-auth-library - npm Package Compare versions

Comparing version 7.7.0 to 7.8.0-beta.0

build/src/auth/jwtaccess.d.ts

@@ -27,2 +27,10 @@ /// <reference types="node" />
     /**
+     * Ensures that we're caching a key appropriately, giving precedence to scopes vs. url
+     *
+     * @param url The URI being authorized.
+     * @param scopes The scope or scopes being authorized
+     * @returns A string that returns the cached key.
+     */
+    getCachedKey(url?: string, scopes?: string | string[]): string;
+    /**
      * Get a non-expired access token, after refreshing if necessary.
@@ -35,3 +43,3 @@ *
      */
-    getRequestHeaders(url: string, additionalClaims?: Claims): Headers;
+    getRequestHeaders(url?: string, additionalClaims?: Claims, scopes?: string | string[]): Headers;
     /**
@@ -38,0 +46,0 @@ * Returns an expiration time for the JWT token.

build/src/auth/jwtaccess.js

@@ -45,2 +45,22 @@ "use strict";
     /**
+     * Ensures that we're caching a key appropriately, giving precedence to scopes vs. url
+     *
+     * @param url The URI being authorized.
+     * @param scopes The scope or scopes being authorized
+     * @returns A string that returns the cached key.
+     */
+    getCachedKey(url, scopes) {
+        let cacheKey = url;
+        if (scopes && Array.isArray(scopes) && scopes.length) {
+            cacheKey = url ? `${url}_${scopes.join('_')}` : `${scopes.join('_')}`;
+        }
+        else if (typeof scopes === 'string') {
+            cacheKey = url ? `${url}_${scopes}` : scopes;
+        }
+        if (!cacheKey) {
+            throw Error('Scopes or url must be provided');
+        }
+        return cacheKey;
+    }
+    /**
      * Get a non-expired access token, after refreshing if necessary.
@@ -53,6 +73,7 @@ *
      */
-    getRequestHeaders(url, additionalClaims) {
+    getRequestHeaders(url, additionalClaims, scopes) {
         // Return cached authorization headers, unless we are within
         // eagerRefreshThresholdMillis ms of them expiring:
-        const cachedToken = this.cache.get(url);
+        const key = this.getCachedKey(url, scopes);
+        const cachedToken = this.cache.get(key);
         const now = Date.now();
@@ -65,12 +86,26 @@ if (cachedToken &&
         const exp = JWTAccess.getExpirationTime(iat);
-        // The payload used for signed JWT headers has:
-        // iss == sub == <client email>
-        // aud == <the authorization uri>
-        const defaultClaims = {
-            iss: this.email,
-            sub: this.email,
-            aud: url,
-            exp,
-            iat,
-        };
+        let defaultClaims;
+        // Turn scopes into space-separated string
+        if (Array.isArray(scopes)) {
+            scopes = scopes.join(' ');
+        }
+        // If scopes are specified, sign with scopes
+        if (scopes) {
+            defaultClaims = {
+                iss: this.email,
+                sub: this.email,
+                scope: scopes,
+                exp,
+                iat,
+            };
+        }
+        else {
+            defaultClaims = {
+                iss: this.email,
+                sub: this.email,
+                aud: url,
+                exp,
+                iat,
+            };
+        }
         // if additionalClaims are provided, ensure they do not collide with
@@ -92,3 +127,3 @@ // other required claims.
         const headers = { Authorization: `Bearer ${signedJWT}` };
-        this.cache.set(url, {
+        this.cache.set(key, {
             expiration: exp * 1000,
@@ -95,0 +130,0 @@ headers,

build/src/auth/jwtclient.js

@@ -60,3 +60,6 @@ "use strict";
     async getRequestMetadataAsync(url) {
-        if (!this.apiKey && !this.hasUserScopes() && url) {
+        url = this.defaultServicePath ? `https://${this.defaultServicePath}/` : url;
+        const useSelfSignedJWT = (!this.hasUserScopes() && url) ||
+            (this.useJWTAccessWithScope && this.hasAnyScopes());
+        if (!this.apiKey && useSelfSignedJWT) {
             if (this.additionalClaims &&
@@ -77,3 +80,13 @@ this.additionalClaims.target_audience) {
                 }
-                const headers = await this.access.getRequestHeaders(url, this.additionalClaims);
+                let scopes;
+                if (this.hasUserScopes()) {
+                    scopes = this.scopes;
+                }
+                else if (!url) {
+                    scopes = this.defaultScopes;
+                }
+                const headers = await this.access.getRequestHeaders(url !== null && url !== void 0 ? url : undefined, this.additionalClaims, 
+                // Scopes take precedent over audience for signing,
+                // so we only provide them if useJWTAccessWithScope is on
+                this.useJWTAccessWithScope ? scopes : undefined);
                 return { headers: this.addSharedMetadataHeaders(headers) };
@@ -80,0 +93,0 @@ }

package.json

 {
   "name": "google-auth-library",
-  "version": "7.7.0",
+  "version": "7.8.0-beta.0",
   "author": "Google Inc.",
@@ -5,0 +5,0 @@ "description": "Google APIs Authentication Client Library for Node.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

403539

increased by0.55%

Lines of code

7011

increased by0.81%

Worsened metrics

Number of low quality alerts

2

increased by100%

No dependency changes