google-auth-library
Advanced tools
Comparing version 9.0.0 to 9.1.0
@@ -50,2 +50,3 @@ "use strict"; | ||
this.region = ''; | ||
this.credentialSourceType = 'aws'; | ||
// Data validators. | ||
@@ -52,0 +53,0 @@ this.validateEnvironmentId(); |
@@ -21,7 +21,19 @@ import { GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios'; | ||
/** | ||
* The default cloud universe | ||
*/ | ||
export declare const DEFAULT_UNIVERSE = "googleapis.com"; | ||
export interface SharedExternalAccountClientOptions { | ||
audience: string; | ||
token_url: string; | ||
quota_project_id?: string; | ||
/** | ||
* universe domain is the default service domain for a given Cloud universe | ||
*/ | ||
universe_domain?: string; | ||
} | ||
/** | ||
* Base external account credentials json interface. | ||
*/ | ||
export interface BaseExternalAccountClientOptions { | ||
export interface BaseExternalAccountClientOptions extends SharedExternalAccountClientOptions { | ||
type: string; | ||
audience: string; | ||
subject_token_type: string; | ||
@@ -32,9 +44,6 @@ service_account_impersonation_url?: string; | ||
}; | ||
token_url: string; | ||
token_info_url?: string; | ||
client_id?: string; | ||
client_secret?: string; | ||
quota_project_id?: string; | ||
workforce_pool_user_project?: string; | ||
universe_domain?: string; | ||
} | ||
@@ -95,3 +104,3 @@ /** | ||
private readonly workforcePoolUserProject?; | ||
private universeDomain?; | ||
universeDomain: string; | ||
projectId: string | null; | ||
@@ -101,2 +110,4 @@ projectNumber: string | null; | ||
readonly forceRefreshOnFailure: boolean; | ||
private readonly configLifetimeRequested; | ||
protected credentialSourceType?: string; | ||
/** | ||
@@ -219,3 +230,4 @@ * Instantiate a BaseExternalAccountClient instance using the provided JSON | ||
private getScopesArray; | ||
private getMetricsHeaderValue; | ||
} | ||
export {}; |
@@ -16,3 +16,3 @@ "use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.BaseExternalAccountClient = exports.CLOUD_RESOURCE_MANAGER = exports.EXTERNAL_ACCOUNT_TYPE = exports.EXPIRATION_TIME_OFFSET = void 0; | ||
exports.BaseExternalAccountClient = exports.DEFAULT_UNIVERSE = exports.CLOUD_RESOURCE_MANAGER = exports.EXTERNAL_ACCOUNT_TYPE = exports.EXPIRATION_TIME_OFFSET = void 0; | ||
const stream = require("stream"); | ||
@@ -48,4 +48,10 @@ const authclient_1 = require("./authclient"); | ||
/** The workforce audience pattern. */ | ||
const WORKFORCE_AUDIENCE_PATTERN = '//iam.googleapis.com/locations/[^/]+/workforcePools/[^/]+/providers/.+'; | ||
const WORKFORCE_AUDIENCE_PATTERN = '//iam\\.googleapis\\.com/locations/[^/]+/workforcePools/[^/]+/providers/.+'; | ||
// eslint-disable-next-line @typescript-eslint/no-var-requires | ||
const pkg = require('../../../package.json'); | ||
/** | ||
* The default cloud universe | ||
*/ | ||
exports.DEFAULT_UNIVERSE = 'googleapis.com'; | ||
/** | ||
* Base external account client. This is used to instantiate AuthClients for | ||
@@ -70,4 +76,5 @@ * exchanging external account credentials for GCP access token and authorizing | ||
constructor(options, additionalOptions) { | ||
var _a, _b; | ||
var _a; | ||
super(); | ||
this.universeDomain = exports.DEFAULT_UNIVERSE; | ||
if (options.type !== exports.EXTERNAL_ACCOUNT_TYPE) { | ||
@@ -101,3 +108,10 @@ throw new Error(`Expected "${exports.EXTERNAL_ACCOUNT_TYPE}" type but ` + | ||
this.serviceAccountImpersonationLifetime = | ||
(_b = (_a = options.service_account_impersonation) === null || _a === void 0 ? void 0 : _a.token_lifetime_seconds) !== null && _b !== void 0 ? _b : DEFAULT_TOKEN_LIFESPAN; | ||
(_a = options.service_account_impersonation) === null || _a === void 0 ? void 0 : _a.token_lifetime_seconds; | ||
if (this.serviceAccountImpersonationLifetime) { | ||
this.configLifetimeRequested = true; | ||
} | ||
else { | ||
this.configLifetimeRequested = false; | ||
this.serviceAccountImpersonationLifetime = DEFAULT_TOKEN_LIFESPAN; | ||
} | ||
// As threshold could be zero, | ||
@@ -116,3 +130,5 @@ // eagerRefreshThresholdMillis || EXPIRATION_TIME_OFFSET will override the | ||
this.projectNumber = this.getProjectNumber(this.audience); | ||
this.universeDomain = options.universe_domain; | ||
if (options.universe_domain) { | ||
this.universeDomain = options.universe_domain; | ||
} | ||
} | ||
@@ -295,3 +311,6 @@ /** The service account email to be impersonated, if available. */ | ||
: undefined; | ||
const stsResponse = await this.stsCredential.exchangeToken(stsCredentialsOptions, undefined, additionalOptions); | ||
const additionalHeaders = { | ||
'x-goog-api-client': this.getMetricsHeaderValue(), | ||
}; | ||
const stsResponse = await this.stsCredential.exchangeToken(stsCredentialsOptions, additionalHeaders, additionalOptions); | ||
if (this.serviceAccountImpersonationUrl) { | ||
@@ -407,4 +426,12 @@ this.cachedAccessToken = await this.getImpersonatedAccessToken(stsResponse.access_token); | ||
} | ||
getMetricsHeaderValue() { | ||
const nodeVersion = process.version.replace(/^v/, ''); | ||
const saImpersonation = this.serviceAccountImpersonationUrl !== undefined; | ||
const credentialSourceType = this.credentialSourceType | ||
? this.credentialSourceType | ||
: 'unknown'; | ||
return `gl-node/${nodeVersion} auth/${pkg.version} google-byoid-sdk source/${credentialSourceType} sa-impersonation/${saImpersonation} config-lifetime/${this.configLifetimeRequested}`; | ||
} | ||
} | ||
exports.BaseExternalAccountClient = BaseExternalAccountClient; | ||
//# sourceMappingURL=baseexternalclient.js.map |
@@ -17,3 +17,3 @@ import { GaxiosError } from 'gaxios'; | ||
export declare class Compute extends OAuth2Client { | ||
private serviceAccountEmail; | ||
readonly serviceAccountEmail: string; | ||
scopes: string[]; | ||
@@ -20,0 +20,0 @@ /** |
@@ -6,21 +6,19 @@ import { AuthClient } from './authclient'; | ||
import { Credentials } from './credentials'; | ||
import { SharedExternalAccountClientOptions } from './baseexternalclient'; | ||
/** | ||
* The credentials JSON file type for external account authorized user clients. | ||
*/ | ||
export declare const EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE = "external_account_authorized_user"; | ||
/** | ||
* External Account Authorized User Credentials JSON interface. | ||
*/ | ||
export interface ExternalAccountAuthorizedUserClientOptions { | ||
export interface ExternalAccountAuthorizedUserClientOptions extends SharedExternalAccountClientOptions { | ||
type: typeof EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE; | ||
audience: string; | ||
client_id: string; | ||
client_secret: string; | ||
refresh_token: string; | ||
token_url: string; | ||
token_info_url: string; | ||
revoke_url?: string; | ||
quota_project_id?: string; | ||
} | ||
/** | ||
* The credentials JSON file type for external account authorized user clients. | ||
*/ | ||
export declare const EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE = "external_account_authorized_user"; | ||
/** | ||
* Internal interface for tracking the access token expiration time. | ||
@@ -41,2 +39,3 @@ */ | ||
private refreshToken; | ||
universeDomain: string; | ||
/** | ||
@@ -43,0 +42,0 @@ * Instantiates an ExternalAccountAuthorizedUserClient instances using the |
@@ -108,2 +108,3 @@ "use strict"; | ||
super(); | ||
this.universeDomain = baseexternalclient_1.DEFAULT_UNIVERSE; | ||
this.refreshToken = options.refresh_token; | ||
@@ -130,2 +131,5 @@ const clientAuth = { | ||
this.forceRefreshOnFailure = !!(additionalOptions === null || additionalOptions === void 0 ? void 0 : additionalOptions.forceRefreshOnFailure); | ||
if (options.universe_domain) { | ||
this.universeDomain = options.universe_domain; | ||
} | ||
} | ||
@@ -132,0 +136,0 @@ async getAccessToken() { |
@@ -94,2 +94,13 @@ /// <reference types="node" /> | ||
static DefaultTransporter: typeof DefaultTransporter; | ||
/** | ||
* Configuration is resolved in the following order of precedence: | ||
* - {@link GoogleAuthOptions.credentials `credentials`} | ||
* - {@link GoogleAuthOptions.keyFilename `keyFilename`} | ||
* - {@link GoogleAuthOptions.keyFile `keyFile`} | ||
* | ||
* {@link GoogleAuthOptions.clientOptions `clientOptions`} are passed to the | ||
* {@link AuthClient `AuthClient`s}. | ||
* | ||
* @param opts | ||
*/ | ||
constructor(opts?: GoogleAuthOptions<T>); | ||
@@ -99,4 +110,9 @@ setGapicJWTValues(client: JWT): void; | ||
* Obtains the default project ID for the application. | ||
* @param callback Optional callback | ||
* @returns Promise that resolves with project Id (if used without callback) | ||
* | ||
* Retrieves in the following order of precedence: | ||
* - The `projectId` provided in this object's construction | ||
* - GCLOUD_PROJECT or GOOGLE_CLOUD_PROJECT environment variable | ||
* - GOOGLE_APPLICATION_CREDENTIALS JSON file | ||
* - Cloud SDK: `gcloud config config-helper --format json` | ||
* - GCE project ID from metadata server | ||
*/ | ||
@@ -242,4 +258,5 @@ getProjectId(): Promise<string>; | ||
/** | ||
* Automatically obtain a client based on the provided configuration. If no | ||
* options were passed, use Application Default Credentials. | ||
* Automatically obtain an {@link AuthClient `AuthClient`} based on the | ||
* provided configuration. If no options were passed, use Application | ||
* Default Credentials. | ||
*/ | ||
@@ -246,0 +263,0 @@ getClient(): Promise<Compute | JSONClient | T>; |
@@ -45,2 +45,13 @@ "use strict"; | ||
} | ||
/** | ||
* Configuration is resolved in the following order of precedence: | ||
* - {@link GoogleAuthOptions.credentials `credentials`} | ||
* - {@link GoogleAuthOptions.keyFilename `keyFilename`} | ||
* - {@link GoogleAuthOptions.keyFile `keyFile`} | ||
* | ||
* {@link GoogleAuthOptions.clientOptions `clientOptions`} are passed to the | ||
* {@link AuthClient `AuthClient`s}. | ||
* | ||
* @param opts | ||
*/ | ||
constructor(opts) { | ||
@@ -611,4 +622,5 @@ /** | ||
/** | ||
* Automatically obtain a client based on the provided configuration. If no | ||
* options were passed, use Application Default Credentials. | ||
* Automatically obtain an {@link AuthClient `AuthClient`} based on the | ||
* provided configuration. If no options were passed, use Application | ||
* Default Credentials. | ||
*/ | ||
@@ -615,0 +627,0 @@ async getClient() { |
@@ -51,5 +51,14 @@ "use strict"; | ||
this.headers = options.credential_source.headers; | ||
if (!this.file && !this.url) { | ||
throw new Error('No valid Identity Pool "credential_source" provided'); | ||
if (this.file && this.url) { | ||
throw new Error('No valid Identity Pool "credential_source" provided, must be either file or url.'); | ||
} | ||
else if (this.file && !this.url) { | ||
this.credentialSourceType = 'file'; | ||
} | ||
else if (!this.file && this.url) { | ||
this.credentialSourceType = 'url'; | ||
} | ||
else { | ||
throw new Error('No valid Identity Pool "credential_source" provided, must be either file or url.'); | ||
} | ||
// Text is the default format type. | ||
@@ -56,0 +65,0 @@ this.formatType = ((_a = options.credential_source.format) === null || _a === void 0 ? void 0 : _a.type) || 'text'; |
@@ -303,2 +303,6 @@ /// <reference types="node" /> | ||
} | ||
export interface RefreshOptions { | ||
eagerRefreshThresholdMillis?: number; | ||
forceRefreshOnFailure?: boolean; | ||
} | ||
export interface OAuth2ClientOptions extends RefreshOptions { | ||
@@ -308,7 +312,4 @@ clientId?: string; | ||
redirectUri?: string; | ||
credentials?: Credentials; | ||
} | ||
export interface RefreshOptions { | ||
eagerRefreshThresholdMillis?: number; | ||
forceRefreshOnFailure?: boolean; | ||
} | ||
export declare class OAuth2Client extends AuthClient { | ||
@@ -315,0 +316,0 @@ private redirectUri?; |
@@ -50,2 +50,3 @@ "use strict"; | ||
this.forceRefreshOnFailure = !!opts.forceRefreshOnFailure; | ||
this.credentials = opts.credentials || {}; | ||
} | ||
@@ -52,0 +53,0 @@ /** |
@@ -145,2 +145,3 @@ "use strict"; | ||
}); | ||
this.credentialSourceType = 'executable'; | ||
} | ||
@@ -147,0 +148,0 @@ /** |
import { GoogleAuth } from './auth/googleauth'; | ||
export * as gcpMetadata from 'gcp-metadata'; | ||
export { AuthClient } from './auth/authclient'; | ||
@@ -3,0 +4,0 @@ export { Compute, ComputeOptions } from './auth/computeclient'; |
"use strict"; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.GoogleAuth = exports.auth = exports.DefaultTransporter = exports.PluggableAuthClient = exports.DownscopedClient = exports.BaseExternalAccountClient = exports.ExternalAccountClient = exports.IdentityPoolClient = exports.AwsClient = exports.UserRefreshClient = exports.LoginTicket = exports.OAuth2Client = exports.CodeChallengeMethod = exports.Impersonated = exports.JWT = exports.JWTAccess = exports.IdTokenClient = exports.IAMAuth = exports.GCPEnv = exports.Compute = exports.AuthClient = void 0; | ||
exports.GoogleAuth = exports.auth = exports.DefaultTransporter = exports.PluggableAuthClient = exports.DownscopedClient = exports.BaseExternalAccountClient = exports.ExternalAccountClient = exports.IdentityPoolClient = exports.AwsClient = exports.UserRefreshClient = exports.LoginTicket = exports.OAuth2Client = exports.CodeChallengeMethod = exports.Impersonated = exports.JWT = exports.JWTAccess = exports.IdTokenClient = exports.IAMAuth = exports.GCPEnv = exports.Compute = exports.AuthClient = exports.gcpMetadata = void 0; | ||
// Copyright 2017 Google LLC | ||
@@ -19,2 +19,3 @@ // | ||
Object.defineProperty(exports, "GoogleAuth", { enumerable: true, get: function () { return googleauth_1.GoogleAuth; } }); | ||
exports.gcpMetadata = require("gcp-metadata"); | ||
var authclient_1 = require("./auth/authclient"); | ||
@@ -21,0 +22,0 @@ Object.defineProperty(exports, "AuthClient", { enumerable: true, get: function () { return authclient_1.AuthClient; } }); |
{ | ||
"name": "google-auth-library", | ||
"version": "9.0.0", | ||
"version": "9.1.0", | ||
"author": "Google Inc.", | ||
@@ -44,3 +44,3 @@ "description": "Google APIs Authentication Client Library for Node.js", | ||
"execa": "^5.0.0", | ||
"gts": "^3.1.1", | ||
"gts": "^5.0.0", | ||
"is-docker": "^2.0.0", | ||
@@ -61,3 +61,3 @@ "karma": "^6.0.0", | ||
"null-loader": "^4.0.0", | ||
"puppeteer": "^19.0.0", | ||
"puppeteer": "^21.0.0", | ||
"sinon": "^15.0.0", | ||
@@ -64,0 +64,0 @@ "ts-loader": "^8.0.0", |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
522429
8557
1293