google-auth-library
Advanced tools
Comparing version 9.13.0 to 9.14.0
@@ -53,2 +53,6 @@ import { EventEmitter } from 'events'; | ||
export interface AuthClientOptions extends Partial<OriginalAndCamel<AuthJSONOptions>> { | ||
/** | ||
* An API key to use, optional. | ||
*/ | ||
apiKey?: string; | ||
credentials?: Credentials; | ||
@@ -131,2 +135,3 @@ /** | ||
export declare abstract class AuthClient extends EventEmitter implements CredentialsClient { | ||
apiKey?: string; | ||
projectId?: string | null; | ||
@@ -133,0 +138,0 @@ /** |
@@ -41,2 +41,3 @@ "use strict"; | ||
// Shared auth options | ||
this.apiKey = opts.apiKey; | ||
this.projectId = (_a = options.get('project_id')) !== null && _a !== void 0 ? _a : null; | ||
@@ -43,0 +44,0 @@ this.quotaProjectId = options.get('quota_project_id'); |
import { GaxiosOptions, GaxiosResponse } from 'gaxios'; | ||
import * as stream from 'stream'; | ||
import { DefaultTransporter, Transporter } from '../transporters'; | ||
import { Compute } from './computeclient'; | ||
import { CredentialBody, ImpersonatedJWTInput, JWTInput } from './credentials'; | ||
@@ -16,2 +15,3 @@ import { IdTokenClient } from './idtokenclient'; | ||
import { ExternalAccountAuthorizedUserClient } from './externalAccountAuthorizedUserClient'; | ||
import { AnyAuthClient } from '..'; | ||
/** | ||
@@ -37,2 +37,6 @@ * Defines all types of explicit clients that are determined via ADC JSON | ||
/** | ||
* An API key to use, optional. Cannot be used with {@link GoogleAuthOptions.credentials `credentials`}. | ||
*/ | ||
apiKey?: string; | ||
/** | ||
* An `AuthClient` to use | ||
@@ -52,2 +56,3 @@ */ | ||
* external account client options. | ||
* Cannot be used with {@link GoogleAuthOptions.apiKey `apiKey`}. | ||
*/ | ||
@@ -76,3 +81,11 @@ credentials?: JWTInput | ExternalAccountClientOptions; | ||
export declare const CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com"; | ||
export declare const GoogleAuthExceptionMessages: { | ||
readonly API_KEY_WITH_CREDENTIALS: "API Keys and Credentials are mutually exclusive authentication methods and cannot be used together."; | ||
readonly NO_PROJECT_ID_FOUND: string; | ||
readonly NO_CREDENTIALS_FOUND: string; | ||
readonly NO_ADC_FOUND: "Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information."; | ||
readonly NO_UNIVERSE_DOMAIN_FOUND: string; | ||
}; | ||
export declare class GoogleAuth<T extends AuthClient = JSONClient> { | ||
#private; | ||
transporter?: Transporter; | ||
@@ -91,3 +104,4 @@ /** | ||
jsonContent: JWTInput | ExternalAccountClientOptions | null; | ||
cachedCredential: JSONClient | Impersonated | Compute | T | null; | ||
apiKey: string | null; | ||
cachedCredential: AnyAuthClient | T | null; | ||
/** | ||
@@ -174,3 +188,2 @@ * Scopes populated by the client library by default. We differentiate between | ||
private getApplicationDefaultAsync; | ||
private prepareAndCacheADC; | ||
/** | ||
@@ -237,2 +250,4 @@ * Determines whether the auth layer is running on Google Compute Engine. | ||
* Create a credentials instance using the given API key string. | ||
* The created client is not cached. In order to create and cache it use the {@link GoogleAuth.getClient `getClient`} method after first providing an {@link GoogleAuth.apiKey `apiKey`}. | ||
* | ||
* @param apiKey The API key string | ||
@@ -290,3 +305,3 @@ * @param options An optional options object. | ||
*/ | ||
getClient(): Promise<Compute | JSONClient | T>; | ||
getClient(): Promise<AnyAuthClient | T>; | ||
/** | ||
@@ -293,0 +308,0 @@ * Creates a client which will fetch an ID token for authorization. |
@@ -15,4 +15,16 @@ "use strict"; | ||
// limitations under the License. | ||
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) { | ||
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter"); | ||
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it"); | ||
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver); | ||
}; | ||
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) { | ||
if (kind === "m") throw new TypeError("Private method is not writable"); | ||
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter"); | ||
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it"); | ||
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value; | ||
}; | ||
var _GoogleAuth_instances, _GoogleAuth_pendingAuthClient, _GoogleAuth_prepareAndCacheClient, _GoogleAuth_determineClient; | ||
Object.defineProperty(exports, "__esModule", { value: true }); | ||
exports.GoogleAuth = exports.CLOUD_SDK_CLIENT_ID = void 0; | ||
exports.GoogleAuth = exports.GoogleAuthExceptionMessages = exports.CLOUD_SDK_CLIENT_ID = void 0; | ||
const child_process_1 = require("child_process"); | ||
@@ -37,3 +49,4 @@ const fs = require("fs"); | ||
exports.CLOUD_SDK_CLIENT_ID = '764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com'; | ||
const GoogleAuthExceptionMessages = { | ||
exports.GoogleAuthExceptionMessages = { | ||
API_KEY_WITH_CREDENTIALS: 'API Keys and Credentials are mutually exclusive authentication methods and cannot be used together.', | ||
NO_PROJECT_ID_FOUND: 'Unable to detect a Project Id in the current environment. \n' + | ||
@@ -45,2 +58,3 @@ 'To learn more about authentication and Google APIs, visit: \n' + | ||
'https://cloud.google.com/docs/authentication/getting-started', | ||
NO_ADC_FOUND: 'Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.', | ||
NO_UNIVERSE_DOMAIN_FOUND: 'Unable to detect a Universe Domain in the current environment.\n' + | ||
@@ -51,3 +65,3 @@ 'To learn more about Universe Domain retrieval, visit: \n' + | ||
class GoogleAuth { | ||
// Note: this properly is only public to satisify unit tests. | ||
// Note: this properly is only public to satisfy unit tests. | ||
// https://github.com/Microsoft/TypeScript/issues/5228 | ||
@@ -68,3 +82,4 @@ get isGCE() { | ||
*/ | ||
constructor(opts) { | ||
constructor(opts = {}) { | ||
_GoogleAuth_instances.add(this); | ||
/** | ||
@@ -79,4 +94,7 @@ * Caches a value indicating whether the auth layer is running on Google | ||
this.cachedCredential = null; | ||
/** | ||
* A pending {@link AuthClient}. Used for concurrent {@link GoogleAuth.getClient} calls. | ||
*/ | ||
_GoogleAuth_pendingAuthClient.set(this, null); | ||
this.clientOptions = {}; | ||
opts = opts || {}; | ||
this._cachedProjectId = opts.projectId || null; | ||
@@ -86,4 +104,9 @@ this.cachedCredential = opts.authClient || null; | ||
this.scopes = opts.scopes; | ||
this.clientOptions = opts.clientOptions || {}; | ||
this.jsonContent = opts.credentials || null; | ||
this.clientOptions = opts.clientOptions || {}; | ||
this.apiKey = opts.apiKey || this.clientOptions.apiKey || null; | ||
// Cannot use both API Key + Credentials | ||
if (this.apiKey && (this.jsonContent || this.clientOptions.credentials)) { | ||
throw new RangeError(exports.GoogleAuthExceptionMessages.API_KEY_WITH_CREDENTIALS); | ||
} | ||
if (opts.universeDomain) { | ||
@@ -123,3 +146,3 @@ this.clientOptions.universeDomain = opts.universeDomain; | ||
if (e instanceof Error && | ||
e.message === GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND) { | ||
e.message === exports.GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND) { | ||
return null; | ||
@@ -155,3 +178,3 @@ } | ||
else { | ||
throw new Error(GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND); | ||
throw new Error(exports.GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND); | ||
} | ||
@@ -238,7 +261,5 @@ } | ||
if (this.cachedCredential) { | ||
return await this.prepareAndCacheADC(this.cachedCredential); | ||
// cache, while preserving existing quota project preferences | ||
return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, this.cachedCredential, null); | ||
} | ||
// Since this is a 'new' ADC to cache we will use the environment variable | ||
// if it's available. We prefer this value over the value from ADC. | ||
const quotaProjectIdOverride = process.env['GOOGLE_CLOUD_QUOTA_PROJECT']; | ||
let credential; | ||
@@ -257,3 +278,3 @@ // Check for the existence of a local environment variable pointing to the | ||
} | ||
return await this.prepareAndCacheADC(credential, quotaProjectIdOverride); | ||
return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, credential); | ||
} | ||
@@ -270,3 +291,3 @@ // Look in the well-known credential file location. | ||
} | ||
return await this.prepareAndCacheADC(credential, quotaProjectIdOverride); | ||
return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, credential); | ||
} | ||
@@ -281,14 +302,6 @@ // Determine if we're running on GCE. | ||
options.scopes = this.getAnyScopes(); | ||
return await this.prepareAndCacheADC(new computeclient_1.Compute(options), quotaProjectIdOverride); | ||
return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, new computeclient_1.Compute(options)); | ||
} | ||
throw new Error('Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.'); | ||
throw new Error(exports.GoogleAuthExceptionMessages.NO_ADC_FOUND); | ||
} | ||
async prepareAndCacheADC(credential, quotaProjectIdOverride) { | ||
const projectId = await this.getProjectIdOptional(); | ||
if (quotaProjectIdOverride) { | ||
credential.quotaProjectId = quotaProjectIdOverride; | ||
} | ||
this.cachedCredential = credential; | ||
return { credential, projectId }; | ||
} | ||
/** | ||
@@ -542,2 +555,4 @@ * Determines whether the auth layer is running on Google Compute Engine. | ||
* Create a credentials instance using the given API key string. | ||
* The created client is not cached. In order to create and cache it use the {@link GoogleAuth.getClient `getClient`} method after first providing an {@link GoogleAuth.apiKey `apiKey`}. | ||
* | ||
* @param apiKey The API key string | ||
@@ -547,7 +562,4 @@ * @param options An optional options object. | ||
*/ | ||
fromAPIKey(apiKey, options) { | ||
options = options || {}; | ||
const client = new jwtclient_1.JWT(options); | ||
client.fromAPIKey(apiKey); | ||
return client; | ||
fromAPIKey(apiKey, options = {}) { | ||
return new jwtclient_1.JWT({ ...options, apiKey }); | ||
} | ||
@@ -692,3 +704,3 @@ /** | ||
} | ||
throw new Error(GoogleAuthExceptionMessages.NO_CREDENTIALS_FOUND); | ||
throw new Error(exports.GoogleAuthExceptionMessages.NO_CREDENTIALS_FOUND); | ||
} | ||
@@ -701,16 +713,14 @@ /** | ||
async getClient() { | ||
if (!this.cachedCredential) { | ||
if (this.jsonContent) { | ||
this._cacheClientFromJSON(this.jsonContent, this.clientOptions); | ||
} | ||
else if (this.keyFilename) { | ||
const filePath = path.resolve(this.keyFilename); | ||
const stream = fs.createReadStream(filePath); | ||
await this.fromStreamAsync(stream, this.clientOptions); | ||
} | ||
else { | ||
await this.getApplicationDefaultAsync(this.clientOptions); | ||
} | ||
if (this.cachedCredential) { | ||
return this.cachedCredential; | ||
} | ||
return this.cachedCredential; | ||
// Use an existing auth client request, or cache a new one | ||
__classPrivateFieldSet(this, _GoogleAuth_pendingAuthClient, __classPrivateFieldGet(this, _GoogleAuth_pendingAuthClient, "f") || __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_determineClient).call(this), "f"); | ||
try { | ||
return await __classPrivateFieldGet(this, _GoogleAuth_pendingAuthClient, "f"); | ||
} | ||
finally { | ||
// reset the pending auth client in case it is changed later | ||
__classPrivateFieldSet(this, _GoogleAuth_pendingAuthClient, null, "f"); | ||
} | ||
} | ||
@@ -823,2 +833,29 @@ /** | ||
exports.GoogleAuth = GoogleAuth; | ||
_GoogleAuth_pendingAuthClient = new WeakMap(), _GoogleAuth_instances = new WeakSet(), _GoogleAuth_prepareAndCacheClient = async function _GoogleAuth_prepareAndCacheClient(credential, quotaProjectIdOverride = process.env['GOOGLE_CLOUD_QUOTA_PROJECT'] || null) { | ||
const projectId = await this.getProjectIdOptional(); | ||
if (quotaProjectIdOverride) { | ||
credential.quotaProjectId = quotaProjectIdOverride; | ||
} | ||
this.cachedCredential = credential; | ||
return { credential, projectId }; | ||
}, _GoogleAuth_determineClient = async function _GoogleAuth_determineClient() { | ||
if (this.jsonContent) { | ||
return this._cacheClientFromJSON(this.jsonContent, this.clientOptions); | ||
} | ||
else if (this.keyFilename) { | ||
const filePath = path.resolve(this.keyFilename); | ||
const stream = fs.createReadStream(filePath); | ||
return await this.fromStreamAsync(stream, this.clientOptions); | ||
} | ||
else if (this.apiKey) { | ||
const client = await this.fromAPIKey(this.apiKey, this.clientOptions); | ||
client.scopes = this.scopes; | ||
const { credential } = await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, client); | ||
return credential; | ||
} | ||
else { | ||
const { credential } = await this.getApplicationDefaultAsync(this.clientOptions); | ||
return credential; | ||
} | ||
}; | ||
/** | ||
@@ -825,0 +862,0 @@ * Export DefaultTransporter as a static property of the class. |
@@ -394,3 +394,2 @@ import { GaxiosError, GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios'; | ||
_clientSecret?: string; | ||
apiKey?: string; | ||
refreshHandler?: GetRefreshHandlerCallback; | ||
@@ -397,0 +396,0 @@ /** |
import { GoogleAuth } from './auth/googleauth'; | ||
export * as gcpMetadata from 'gcp-metadata'; | ||
export * as gaxios from 'gaxios'; | ||
import { AuthClient } from './auth/authclient'; | ||
export { AuthClient, DEFAULT_UNIVERSE } from './auth/authclient'; | ||
@@ -26,3 +27,8 @@ export { Compute, ComputeOptions } from './auth/computeclient'; | ||
export { DefaultTransporter } from './transporters'; | ||
type ALL_EXPORTS = (typeof import('./'))[keyof typeof import('./')]; | ||
/** | ||
* A union type for all {@link AuthClient `AuthClient`}s. | ||
*/ | ||
export type AnyAuthClient = InstanceType<Extract<ALL_EXPORTS, typeof AuthClient>>; | ||
declare const auth: GoogleAuth<import("./auth/googleauth").JSONClient>; | ||
export { auth, GoogleAuth }; |
{ | ||
"name": "google-auth-library", | ||
"version": "9.13.0", | ||
"version": "9.14.0", | ||
"author": "Google Inc.", | ||
@@ -40,2 +40,3 @@ "description": "Google APIs Authentication Client Library for Node.js", | ||
"chai": "^4.2.0", | ||
"cheerio": "1.0.0-rc.12", | ||
"codecov": "^3.0.2", | ||
@@ -42,0 +43,0 @@ "execa": "^5.0.0", |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
603391
9972
1443
37