google-auth-library - npm Package Compare versions

Comparing version 8.0.1 to 8.0.2

build/src/auth/googleauth.d.ts

@@ -206,4 +206,6 @@ /// <reference types="node" />
      * client_email and private_key (if exists).
-     * getCredentials checks for these values from the user JSON at first.
-     * If it doesn't exist, and the environment is on GCE, it gets the
+     * getCredentials first checks if the client is using an external account and
+     * uses the service account email in place of client_email.
+     * If that doesn't exist, it checks for these values from the user JSON.
+     * If the user JSON doesn't exist, and the environment is on GCE, it gets the
      * client_email from the cloud metadata server.
@@ -210,0 +212,0 @@ * @param callback Callback that handles the credential object that contains

build/src/auth/googleauth.js

@@ -522,3 +522,9 @@ "use strict";
     async getCredentialsAsync() {
-        await this.getClient();
+        const client = await this.getClient();
+        if (client instanceof baseexternalclient_1.BaseExternalAccountClient) {
+            const serviceAccountEmail = client.getServiceAccountEmail();
+            if (serviceAccountEmail) {
+                return { client_email: serviceAccountEmail };
+            }
+        }
         if (this.jsonContent) {
@@ -637,12 +643,2 @@ const credential = {
         }
-        // signBlob requires a service account email and the underlying
-        // access token to have iam.serviceAccounts.signBlob permission
-        // on the specified resource name.
-        // The "Service Account Token Creator" role should cover this.
-        // As a result external account credentials can support this
-        // operation when service account impersonation is enabled.
-        if (client instanceof baseexternalclient_1.BaseExternalAccountClient &&
-            client.getServiceAccountEmail()) {
-            return this.signBlob(crypto, client.getServiceAccountEmail(), data);
-        }
         const projectId = await this.getProjectId();
@@ -649,0 +645,0 @@ if (!projectId) {

CHANGELOG.md

@@ -7,2 +7,9 @@ # Changelog
 
+### [8.0.2](https://github.com/googleapis/google-auth-library-nodejs/compare/v8.0.1...v8.0.2) (2022-04-27)
+
+
+### Bug Fixes
+
+* Fixing Implementation of GoogleAuth.sign() for external account credentials ([#1397](https://github.com/googleapis/google-auth-library-nodejs/issues/1397)) ([b0ddb75](https://github.com/googleapis/google-auth-library-nodejs/commit/b0ddb7512fb9ed1e51b6874b7376d7e1f26be644))
+
 ### [8.0.1](https://github.com/googleapis/google-auth-library-nodejs/compare/v8.0.0...v8.0.1) (2022-04-22)
@@ -9,0 +16,0 @@

package.json

 {
   "name": "google-auth-library",
-  "version": "8.0.1",
+  "version": "8.0.2",
   "author": "Google Inc.",
@@ -5,0 +5,0 @@ "description": "Google APIs Authentication Client Library for Node.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

424510

increased by0.06%

Worsened metrics

Lines of code

7179

decreased by-0.03%

No dependency changes