google-auth-library - npm Package Compare versions

Comparing version 9.12.0 to 9.13.0

build/src/auth/baseexternalclient.d.ts

@@ -176,2 +176,3 @@ import { Gaxios, GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios';
 export declare abstract class BaseExternalAccountClient extends AuthClient {
+    #private;
     /**
@@ -178,0 +179,0 @@ * OAuth scopes for the GCP access token to use. When not provided,

build/src/auth/baseexternalclient.js

@@ -15,2 +15,14 @@ "use strict";
 // limitations under the License.
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _BaseExternalAccountClient_instances, _BaseExternalAccountClient_pendingAccessToken, _BaseExternalAccountClient_internalRefreshAccessTokenAsync;
 Object.defineProperty(exports, "__esModule", { value: true });
@@ -86,2 +98,7 @@ exports.BaseExternalAccountClient = exports.DEFAULT_UNIVERSE = exports.CLOUD_RESOURCE_MANAGER = exports.EXTERNAL_ACCOUNT_TYPE = exports.EXPIRATION_TIME_OFFSET = void 0;
         super({ ...options, ...additionalOptions });
+        _BaseExternalAccountClient_instances.add(this);
+        /**
+         * A pending access token request. Used for concurrent calls.
+         */
+        _BaseExternalAccountClient_pendingAccessToken.set(this, null);
         const opts = (0, util_1.originalOrCamelOptions)(options);
@@ -298,63 +315,11 @@ const type = opts.get('type');
     async refreshAccessTokenAsync() {
-        // Retrieve the external credential.
-        const subjectToken = await this.retrieveSubjectToken();
-        // Construct the STS credentials options.
-        const stsCredentialsOptions = {
-            grantType: STS_GRANT_TYPE,
-            audience: this.audience,
-            requestedTokenType: STS_REQUEST_TOKEN_TYPE,
-            subjectToken,
-            subjectTokenType: this.subjectTokenType,
-            // generateAccessToken requires the provided access token to have
-            // scopes:
-            // https://www.googleapis.com/auth/iam or
-            // https://www.googleapis.com/auth/cloud-platform
-            // The new service account access token scopes will match the user
-            // provided ones.
-            scope: this.serviceAccountImpersonationUrl
-                ? [DEFAULT_OAUTH_SCOPE]
-                : this.getScopesArray(),
-        };
-        // Exchange the external credentials for a GCP access token.
-        // Client auth is prioritized over passing the workforcePoolUserProject
-        // parameter for STS token exchange.
-        const additionalOptions = !this.clientAuth && this.workforcePoolUserProject
-            ? { userProject: this.workforcePoolUserProject }
-            : undefined;
-        const additionalHeaders = {
-            'x-goog-api-client': this.getMetricsHeaderValue(),
-        };
-        const stsResponse = await this.stsCredential.exchangeToken(stsCredentialsOptions, additionalHeaders, additionalOptions);
-        if (this.serviceAccountImpersonationUrl) {
-            this.cachedAccessToken = await this.getImpersonatedAccessToken(stsResponse.access_token);
+        // Use an existing access token request, or cache a new one
+        __classPrivateFieldSet(this, _BaseExternalAccountClient_pendingAccessToken, __classPrivateFieldGet(this, _BaseExternalAccountClient_pendingAccessToken, "f") || __classPrivateFieldGet(this, _BaseExternalAccountClient_instances, "m", _BaseExternalAccountClient_internalRefreshAccessTokenAsync).call(this), "f");
+        try {
+            return await __classPrivateFieldGet(this, _BaseExternalAccountClient_pendingAccessToken, "f");
         }
-        else if (stsResponse.expires_in) {
-            // Save response in cached access token.
-            this.cachedAccessToken = {
-                access_token: stsResponse.access_token,
-                expiry_date: new Date().getTime() + stsResponse.expires_in * 1000,
-                res: stsResponse.res,
-            };
+        finally {
+            // clear pending access token for future requests
+            __classPrivateFieldSet(this, _BaseExternalAccountClient_pendingAccessToken, null, "f");
         }
-        else {
-            // Save response in cached access token.
-            this.cachedAccessToken = {
-                access_token: stsResponse.access_token,
-                res: stsResponse.res,
-            };
-        }
-        // Save credentials.
-        this.credentials = {};
-        Object.assign(this.credentials, this.cachedAccessToken);
-        delete this.credentials.res;
-        // Trigger tokens event to notify external listeners.
-        this.emit('tokens', {
-            refresh_token: null,
-            expiry_date: this.cachedAccessToken.expiry_date,
-            access_token: this.cachedAccessToken.access_token,
-            token_type: 'Bearer',
-            id_token: null,
-        });
-        // Return the cached access token.
-        return this.cachedAccessToken;
     }
@@ -444,1 +409,64 @@ /**
 exports.BaseExternalAccountClient = BaseExternalAccountClient;
+_BaseExternalAccountClient_pendingAccessToken = new WeakMap(), _BaseExternalAccountClient_instances = new WeakSet(), _BaseExternalAccountClient_internalRefreshAccessTokenAsync = async function _BaseExternalAccountClient_internalRefreshAccessTokenAsync() {
+    // Retrieve the external credential.
+    const subjectToken = await this.retrieveSubjectToken();
+    // Construct the STS credentials options.
+    const stsCredentialsOptions = {
+        grantType: STS_GRANT_TYPE,
+        audience: this.audience,
+        requestedTokenType: STS_REQUEST_TOKEN_TYPE,
+        subjectToken,
+        subjectTokenType: this.subjectTokenType,
+        // generateAccessToken requires the provided access token to have
+        // scopes:
+        // https://www.googleapis.com/auth/iam or
+        // https://www.googleapis.com/auth/cloud-platform
+        // The new service account access token scopes will match the user
+        // provided ones.
+        scope: this.serviceAccountImpersonationUrl
+            ? [DEFAULT_OAUTH_SCOPE]
+            : this.getScopesArray(),
+    };
+    // Exchange the external credentials for a GCP access token.
+    // Client auth is prioritized over passing the workforcePoolUserProject
+    // parameter for STS token exchange.
+    const additionalOptions = !this.clientAuth && this.workforcePoolUserProject
+        ? { userProject: this.workforcePoolUserProject }
+        : undefined;
+    const additionalHeaders = {
+        'x-goog-api-client': this.getMetricsHeaderValue(),
+    };
+    const stsResponse = await this.stsCredential.exchangeToken(stsCredentialsOptions, additionalHeaders, additionalOptions);
+    if (this.serviceAccountImpersonationUrl) {
+        this.cachedAccessToken = await this.getImpersonatedAccessToken(stsResponse.access_token);
+    }
+    else if (stsResponse.expires_in) {
+        // Save response in cached access token.
+        this.cachedAccessToken = {
+            access_token: stsResponse.access_token,
+            expiry_date: new Date().getTime() + stsResponse.expires_in * 1000,
+            res: stsResponse.res,
+        };
+    }
+    else {
+        // Save response in cached access token.
+        this.cachedAccessToken = {
+            access_token: stsResponse.access_token,
+            res: stsResponse.res,
+        };
+    }
+    // Save credentials.
+    this.credentials = {};
+    Object.assign(this.credentials, this.cachedAccessToken);
+    delete this.credentials.res;
+    // Trigger tokens event to notify external listeners.
+    this.emit('tokens', {
+        refresh_token: null,
+        expiry_date: this.cachedAccessToken.expiry_date,
+        access_token: this.cachedAccessToken.access_token,
+        token_type: 'Bearer',
+        id_token: null,
+    });
+    // Return the cached access token.
+    return this.cachedAccessToken;
+};

package.json

 {
   "name": "google-auth-library",
-  "version": "9.12.0",
+  "version": "9.13.0",
   "author": "Google Inc.",
@@ -5,0 +5,0 @@ "description": "Google APIs Authentication Client Library for Node.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

596804

increased by0.43%

Lines of code

9909

increased by0.3%

No dependency changes