google-auth-library
Advanced tools
Comparing version 9.12.0 to 9.13.0
@@ -176,2 +176,3 @@ import { Gaxios, GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios'; | ||
export declare abstract class BaseExternalAccountClient extends AuthClient { | ||
#private; | ||
/** | ||
@@ -178,0 +179,0 @@ * OAuth scopes for the GCP access token to use. When not provided, |
@@ -15,2 +15,14 @@ "use strict"; | ||
// limitations under the License. | ||
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) { | ||
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); | ||
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); | ||
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); | ||
}; | ||
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) { | ||
if (kind === "m") throw new TypeError("Private method is not writable"); | ||
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter"); | ||
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it"); | ||
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value; | ||
}; | ||
var _BaseExternalAccountClient_instances, _BaseExternalAccountClient_pendingAccessToken, _BaseExternalAccountClient_internalRefreshAccessTokenAsync; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
@@ -86,2 +98,7 @@ exports.BaseExternalAccountClient = exports.DEFAULT_UNIVERSE = exports.CLOUD_RESOURCE_MANAGER = exports.EXTERNAL_ACCOUNT_TYPE = exports.EXPIRATION_TIME_OFFSET = void 0; | ||
super({ ...options, ...additionalOptions }); | ||
_BaseExternalAccountClient_instances.add(this); | ||
/** | ||
* A pending access token request. Used for concurrent calls. | ||
*/ | ||
_BaseExternalAccountClient_pendingAccessToken.set(this, null); | ||
const opts = (0, util_1.originalOrCamelOptions)(options); | ||
@@ -298,63 +315,11 @@ const type = opts.get('type'); | ||
async refreshAccessTokenAsync() { | ||
// Retrieve the external credential. | ||
const subjectToken = await this.retrieveSubjectToken(); | ||
// Construct the STS credentials options. | ||
const stsCredentialsOptions = { | ||
grantType: STS_GRANT_TYPE, | ||
audience: this.audience, | ||
requestedTokenType: STS_REQUEST_TOKEN_TYPE, | ||
subjectToken, | ||
subjectTokenType: this.subjectTokenType, | ||
// generateAccessToken requires the provided access token to have | ||
// scopes: | ||
// https://www.googleapis.com/auth/iam or | ||
// https://www.googleapis.com/auth/cloud-platform | ||
// The new service account access token scopes will match the user | ||
// provided ones. | ||
scope: this.serviceAccountImpersonationUrl | ||
? [DEFAULT_OAUTH_SCOPE] | ||
: this.getScopesArray(), | ||
}; | ||
// Exchange the external credentials for a GCP access token. | ||
// Client auth is prioritized over passing the workforcePoolUserProject | ||
// parameter for STS token exchange. | ||
const additionalOptions = !this.clientAuth && this.workforcePoolUserProject | ||
? { userProject: this.workforcePoolUserProject } | ||
: undefined; | ||
const additionalHeaders = { | ||
'x-goog-api-client': this.getMetricsHeaderValue(), | ||
}; | ||
const stsResponse = await this.stsCredential.exchangeToken(stsCredentialsOptions, additionalHeaders, additionalOptions); | ||
if (this.serviceAccountImpersonationUrl) { | ||
this.cachedAccessToken = await this.getImpersonatedAccessToken(stsResponse.access_token); | ||
// Use an existing access token request, or cache a new one | ||
__classPrivateFieldSet(this, _BaseExternalAccountClient_pendingAccessToken, __classPrivateFieldGet(this, _BaseExternalAccountClient_pendingAccessToken, "f") || __classPrivateFieldGet(this, _BaseExternalAccountClient_instances, "m", _BaseExternalAccountClient_internalRefreshAccessTokenAsync).call(this), "f"); | ||
try { | ||
return await __classPrivateFieldGet(this, _BaseExternalAccountClient_pendingAccessToken, "f"); | ||
} | ||
else if (stsResponse.expires_in) { | ||
// Save response in cached access token. | ||
this.cachedAccessToken = { | ||
access_token: stsResponse.access_token, | ||
expiry_date: new Date().getTime() + stsResponse.expires_in * 1000, | ||
res: stsResponse.res, | ||
}; | ||
finally { | ||
// clear pending access token for future requests | ||
__classPrivateFieldSet(this, _BaseExternalAccountClient_pendingAccessToken, null, "f"); | ||
} | ||
else { | ||
// Save response in cached access token. | ||
this.cachedAccessToken = { | ||
access_token: stsResponse.access_token, | ||
res: stsResponse.res, | ||
}; | ||
} | ||
// Save credentials. | ||
this.credentials = {}; | ||
Object.assign(this.credentials, this.cachedAccessToken); | ||
delete this.credentials.res; | ||
// Trigger tokens event to notify external listeners. | ||
this.emit('tokens', { | ||
refresh_token: null, | ||
expiry_date: this.cachedAccessToken.expiry_date, | ||
access_token: this.cachedAccessToken.access_token, | ||
token_type: 'Bearer', | ||
id_token: null, | ||
}); | ||
// Return the cached access token. | ||
return this.cachedAccessToken; | ||
} | ||
@@ -444,1 +409,64 @@ /** | ||
exports.BaseExternalAccountClient = BaseExternalAccountClient; | ||
_BaseExternalAccountClient_pendingAccessToken = new WeakMap(), _BaseExternalAccountClient_instances = new WeakSet(), _BaseExternalAccountClient_internalRefreshAccessTokenAsync = async function _BaseExternalAccountClient_internalRefreshAccessTokenAsync() { | ||
// Retrieve the external credential. | ||
const subjectToken = await this.retrieveSubjectToken(); | ||
// Construct the STS credentials options. | ||
const stsCredentialsOptions = { | ||
grantType: STS_GRANT_TYPE, | ||
audience: this.audience, | ||
requestedTokenType: STS_REQUEST_TOKEN_TYPE, | ||
subjectToken, | ||
subjectTokenType: this.subjectTokenType, | ||
// generateAccessToken requires the provided access token to have | ||
// scopes: | ||
// https://www.googleapis.com/auth/iam or | ||
// https://www.googleapis.com/auth/cloud-platform | ||
// The new service account access token scopes will match the user | ||
// provided ones. | ||
scope: this.serviceAccountImpersonationUrl | ||
? [DEFAULT_OAUTH_SCOPE] | ||
: this.getScopesArray(), | ||
}; | ||
// Exchange the external credentials for a GCP access token. | ||
// Client auth is prioritized over passing the workforcePoolUserProject | ||
// parameter for STS token exchange. | ||
const additionalOptions = !this.clientAuth && this.workforcePoolUserProject | ||
? { userProject: this.workforcePoolUserProject } | ||
: undefined; | ||
const additionalHeaders = { | ||
'x-goog-api-client': this.getMetricsHeaderValue(), | ||
}; | ||
const stsResponse = await this.stsCredential.exchangeToken(stsCredentialsOptions, additionalHeaders, additionalOptions); | ||
if (this.serviceAccountImpersonationUrl) { | ||
this.cachedAccessToken = await this.getImpersonatedAccessToken(stsResponse.access_token); | ||
} | ||
else if (stsResponse.expires_in) { | ||
// Save response in cached access token. | ||
this.cachedAccessToken = { | ||
access_token: stsResponse.access_token, | ||
expiry_date: new Date().getTime() + stsResponse.expires_in * 1000, | ||
res: stsResponse.res, | ||
}; | ||
} | ||
else { | ||
// Save response in cached access token. | ||
this.cachedAccessToken = { | ||
access_token: stsResponse.access_token, | ||
res: stsResponse.res, | ||
}; | ||
} | ||
// Save credentials. | ||
this.credentials = {}; | ||
Object.assign(this.credentials, this.cachedAccessToken); | ||
delete this.credentials.res; | ||
// Trigger tokens event to notify external listeners. | ||
this.emit('tokens', { | ||
refresh_token: null, | ||
expiry_date: this.cachedAccessToken.expiry_date, | ||
access_token: this.cachedAccessToken.access_token, | ||
token_type: 'Bearer', | ||
id_token: null, | ||
}); | ||
// Return the cached access token. | ||
return this.cachedAccessToken; | ||
}; |
{ | ||
"name": "google-auth-library", | ||
"version": "9.12.0", | ||
"version": "9.13.0", | ||
"author": "Google Inc.", | ||
@@ -5,0 +5,0 @@ "description": "Google APIs Authentication Client Library for Node.js", |
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
596804
9909