google-auth-library - npm Package Compare versions

Comparing version 9.13.0 to 9.14.0

build/src/auth/authclient.d.ts

@@ -53,2 +53,6 @@ import { EventEmitter } from 'events';
 export interface AuthClientOptions extends Partial<OriginalAndCamel<AuthJSONOptions>> {
+    /**
+     * An API key to use, optional.
+     */
+    apiKey?: string;
     credentials?: Credentials;
@@ -131,2 +135,3 @@ /**
 export declare abstract class AuthClient extends EventEmitter implements CredentialsClient {
+    apiKey?: string;
     projectId?: string | null;
@@ -133,0 +138,0 @@ /**

build/src/auth/authclient.js

@@ -41,2 +41,3 @@ "use strict";
         // Shared auth options
+        this.apiKey = opts.apiKey;
         this.projectId = (_a = options.get('project_id')) !== null && _a !== void 0 ? _a : null;
@@ -43,0 +44,0 @@ this.quotaProjectId = options.get('quota_project_id');

build/src/auth/googleauth.d.ts

 import { GaxiosOptions, GaxiosResponse } from 'gaxios';
 import * as stream from 'stream';
 import { DefaultTransporter, Transporter } from '../transporters';
-import { Compute } from './computeclient';
 import { CredentialBody, ImpersonatedJWTInput, JWTInput } from './credentials';
@@ -16,2 +15,3 @@ import { IdTokenClient } from './idtokenclient';
 import { ExternalAccountAuthorizedUserClient } from './externalAccountAuthorizedUserClient';
+import { AnyAuthClient } from '..';
 /**
@@ -37,2 +37,6 @@ * Defines all types of explicit clients that are determined via ADC JSON
     /**
+     * An API key to use, optional. Cannot be used with {@link GoogleAuthOptions.credentials `credentials`}.
+     */
+    apiKey?: string;
+    /**
      * An `AuthClient` to use
@@ -52,2 +56,3 @@ */
      * external account client options.
+     * Cannot be used with {@link GoogleAuthOptions.apiKey `apiKey`}.
      */
@@ -76,3 +81,11 @@ credentials?: JWTInput | ExternalAccountClientOptions;
 export declare const CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com";
+export declare const GoogleAuthExceptionMessages: {
+    readonly API_KEY_WITH_CREDENTIALS: "API Keys and Credentials are mutually exclusive authentication methods and cannot be used together.";
+    readonly NO_PROJECT_ID_FOUND: string;
+    readonly NO_CREDENTIALS_FOUND: string;
+    readonly NO_ADC_FOUND: "Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.";
+    readonly NO_UNIVERSE_DOMAIN_FOUND: string;
+};
 export declare class GoogleAuth<T extends AuthClient = JSONClient> {
+    #private;
     transporter?: Transporter;
@@ -91,3 +104,4 @@ /**
     jsonContent: JWTInput | ExternalAccountClientOptions | null;
-    cachedCredential: JSONClient | Impersonated | Compute | T | null;
+    apiKey: string | null;
+    cachedCredential: AnyAuthClient | T | null;
     /**
@@ -174,3 +188,2 @@ * Scopes populated by the client library by default. We differentiate between
     private getApplicationDefaultAsync;
-    private prepareAndCacheADC;
     /**
@@ -237,2 +250,4 @@ * Determines whether the auth layer is running on Google Compute Engine.
      * Create a credentials instance using the given API key string.
+     * The created client is not cached. In order to create and cache it use the {@link GoogleAuth.getClient `getClient`} method after first providing an {@link GoogleAuth.apiKey `apiKey`}.
+     *
      * @param apiKey The API key string
@@ -290,3 +305,3 @@ * @param options An optional options object.
      */
-    getClient(): Promise<Compute | JSONClient | T>;
+    getClient(): Promise<AnyAuthClient | T>;
     /**
@@ -293,0 +308,0 @@ * Creates a client which will fetch an ID token for authorization.

build/src/auth/googleauth.js

@@ -15,4 +15,16 @@ "use strict";
 // limitations under the License.
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _GoogleAuth_instances, _GoogleAuth_pendingAuthClient, _GoogleAuth_prepareAndCacheClient, _GoogleAuth_determineClient;
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.GoogleAuth = exports.CLOUD_SDK_CLIENT_ID = void 0;
+exports.GoogleAuth = exports.GoogleAuthExceptionMessages = exports.CLOUD_SDK_CLIENT_ID = void 0;
 const child_process_1 = require("child_process");
@@ -37,3 +49,4 @@ const fs = require("fs");
 exports.CLOUD_SDK_CLIENT_ID = '764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com';
-const GoogleAuthExceptionMessages = {
+exports.GoogleAuthExceptionMessages = {
+    API_KEY_WITH_CREDENTIALS: 'API Keys and Credentials are mutually exclusive authentication methods and cannot be used together.',
     NO_PROJECT_ID_FOUND: 'Unable to detect a Project Id in the current environment. \n' +
@@ -45,2 +58,3 @@ 'To learn more about authentication and Google APIs, visit: \n' +
         'https://cloud.google.com/docs/authentication/getting-started',
+    NO_ADC_FOUND: 'Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.',
     NO_UNIVERSE_DOMAIN_FOUND: 'Unable to detect a Universe Domain in the current environment.\n' +
@@ -51,3 +65,3 @@ 'To learn more about Universe Domain retrieval, visit: \n' +
 class GoogleAuth {
-    // Note:  this properly is only public to satisify unit tests.
+    // Note:  this properly is only public to satisfy unit tests.
     // https://github.com/Microsoft/TypeScript/issues/5228
@@ -68,3 +82,4 @@ get isGCE() {
      */
-    constructor(opts) {
+    constructor(opts = {}) {
+        _GoogleAuth_instances.add(this);
         /**
@@ -79,4 +94,7 @@ * Caches a value indicating whether the auth layer is running on Google
         this.cachedCredential = null;
+        /**
+         * A pending {@link AuthClient}. Used for concurrent {@link GoogleAuth.getClient} calls.
+         */
+        _GoogleAuth_pendingAuthClient.set(this, null);
         this.clientOptions = {};
-        opts = opts || {};
         this._cachedProjectId = opts.projectId || null;
@@ -86,4 +104,9 @@ this.cachedCredential = opts.authClient || null;
         this.scopes = opts.scopes;
+        this.clientOptions = opts.clientOptions || {};
         this.jsonContent = opts.credentials || null;
-        this.clientOptions = opts.clientOptions || {};
+        this.apiKey = opts.apiKey || this.clientOptions.apiKey || null;
+        // Cannot use both API Key + Credentials
+        if (this.apiKey && (this.jsonContent || this.clientOptions.credentials)) {
+            throw new RangeError(exports.GoogleAuthExceptionMessages.API_KEY_WITH_CREDENTIALS);
+        }
         if (opts.universeDomain) {
@@ -123,3 +146,3 @@ this.clientOptions.universeDomain = opts.universeDomain;
             if (e instanceof Error &&
-                e.message === GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND) {
+                e.message === exports.GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND) {
                 return null;
@@ -155,3 +178,3 @@ }
         else {
-            throw new Error(GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND);
+            throw new Error(exports.GoogleAuthExceptionMessages.NO_PROJECT_ID_FOUND);
         }
@@ -238,7 +261,5 @@ }
         if (this.cachedCredential) {
-            return await this.prepareAndCacheADC(this.cachedCredential);
+            // cache, while preserving existing quota project preferences
+            return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, this.cachedCredential, null);
         }
-        // Since this is a 'new' ADC to cache we will use the environment variable
-        // if it's available. We prefer this value over the value from ADC.
-        const quotaProjectIdOverride = process.env['GOOGLE_CLOUD_QUOTA_PROJECT'];
         let credential;
@@ -257,3 +278,3 @@ // Check for the existence of a local environment variable pointing to the
             }
-            return await this.prepareAndCacheADC(credential, quotaProjectIdOverride);
+            return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, credential);
         }
@@ -270,3 +291,3 @@ // Look in the well-known credential file location.
             }
-            return await this.prepareAndCacheADC(credential, quotaProjectIdOverride);
+            return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, credential);
         }
@@ -281,14 +302,6 @@ // Determine if we're running on GCE.
             options.scopes = this.getAnyScopes();
-            return await this.prepareAndCacheADC(new computeclient_1.Compute(options), quotaProjectIdOverride);
+            return await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, new computeclient_1.Compute(options));
         }
-        throw new Error('Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.');
+        throw new Error(exports.GoogleAuthExceptionMessages.NO_ADC_FOUND);
     }
-    async prepareAndCacheADC(credential, quotaProjectIdOverride) {
-        const projectId = await this.getProjectIdOptional();
-        if (quotaProjectIdOverride) {
-            credential.quotaProjectId = quotaProjectIdOverride;
-        }
-        this.cachedCredential = credential;
-        return { credential, projectId };
-    }
     /**
@@ -542,2 +555,4 @@ * Determines whether the auth layer is running on Google Compute Engine.
      * Create a credentials instance using the given API key string.
+     * The created client is not cached. In order to create and cache it use the {@link GoogleAuth.getClient `getClient`} method after first providing an {@link GoogleAuth.apiKey `apiKey`}.
+     *
      * @param apiKey The API key string
@@ -547,7 +562,4 @@ * @param options An optional options object.
      */
-    fromAPIKey(apiKey, options) {
-        options = options || {};
-        const client = new jwtclient_1.JWT(options);
-        client.fromAPIKey(apiKey);
-        return client;
+    fromAPIKey(apiKey, options = {}) {
+        return new jwtclient_1.JWT({ ...options, apiKey });
     }
@@ -692,3 +704,3 @@ /**
         }
-        throw new Error(GoogleAuthExceptionMessages.NO_CREDENTIALS_FOUND);
+        throw new Error(exports.GoogleAuthExceptionMessages.NO_CREDENTIALS_FOUND);
     }
@@ -701,16 +713,14 @@ /**
     async getClient() {
-        if (!this.cachedCredential) {
-            if (this.jsonContent) {
-                this._cacheClientFromJSON(this.jsonContent, this.clientOptions);
-            }
-            else if (this.keyFilename) {
-                const filePath = path.resolve(this.keyFilename);
-                const stream = fs.createReadStream(filePath);
-                await this.fromStreamAsync(stream, this.clientOptions);
-            }
-            else {
-                await this.getApplicationDefaultAsync(this.clientOptions);
-            }
+        if (this.cachedCredential) {
+            return this.cachedCredential;
         }
-        return this.cachedCredential;
+        // Use an existing auth client request, or cache a new one
+        __classPrivateFieldSet(this, _GoogleAuth_pendingAuthClient, __classPrivateFieldGet(this, _GoogleAuth_pendingAuthClient, "f") || __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_determineClient).call(this), "f");
+        try {
+            return await __classPrivateFieldGet(this, _GoogleAuth_pendingAuthClient, "f");
+        }
+        finally {
+            // reset the pending auth client in case it is changed later
+            __classPrivateFieldSet(this, _GoogleAuth_pendingAuthClient, null, "f");
+        }
     }
@@ -823,2 +833,29 @@ /**
 exports.GoogleAuth = GoogleAuth;
+_GoogleAuth_pendingAuthClient = new WeakMap(), _GoogleAuth_instances = new WeakSet(), _GoogleAuth_prepareAndCacheClient = async function _GoogleAuth_prepareAndCacheClient(credential, quotaProjectIdOverride = process.env['GOOGLE_CLOUD_QUOTA_PROJECT'] || null) {
+    const projectId = await this.getProjectIdOptional();
+    if (quotaProjectIdOverride) {
+        credential.quotaProjectId = quotaProjectIdOverride;
+    }
+    this.cachedCredential = credential;
+    return { credential, projectId };
+}, _GoogleAuth_determineClient = async function _GoogleAuth_determineClient() {
+    if (this.jsonContent) {
+        return this._cacheClientFromJSON(this.jsonContent, this.clientOptions);
+    }
+    else if (this.keyFilename) {
+        const filePath = path.resolve(this.keyFilename);
+        const stream = fs.createReadStream(filePath);
+        return await this.fromStreamAsync(stream, this.clientOptions);
+    }
+    else if (this.apiKey) {
+        const client = await this.fromAPIKey(this.apiKey, this.clientOptions);
+        client.scopes = this.scopes;
+        const { credential } = await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_prepareAndCacheClient).call(this, client);
+        return credential;
+    }
+    else {
+        const { credential } = await this.getApplicationDefaultAsync(this.clientOptions);
+        return credential;
+    }
+};
 /**
@@ -825,0 +862,0 @@ * Export DefaultTransporter as a static property of the class.

build/src/auth/oauth2client.d.ts

@@ -394,3 +394,2 @@ import { GaxiosError, GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios';
     _clientSecret?: string;
-    apiKey?: string;
     refreshHandler?: GetRefreshHandlerCallback;
@@ -397,0 +396,0 @@ /**

build/src/index.d.ts

 import { GoogleAuth } from './auth/googleauth';
 export * as gcpMetadata from 'gcp-metadata';
 export * as gaxios from 'gaxios';
+import { AuthClient } from './auth/authclient';
 export { AuthClient, DEFAULT_UNIVERSE } from './auth/authclient';
@@ -26,3 +27,8 @@ export { Compute, ComputeOptions } from './auth/computeclient';
 export { DefaultTransporter } from './transporters';
+type ALL_EXPORTS = (typeof import('./'))[keyof typeof import('./')];
+/**
+ * A union type for all {@link AuthClient `AuthClient`}s.
+ */
+export type AnyAuthClient = InstanceType<Extract<ALL_EXPORTS, typeof AuthClient>>;
 declare const auth: GoogleAuth<import("./auth/googleauth").JSONClient>;
 export { auth, GoogleAuth };

package.json

 {
   "name": "google-auth-library",
-  "version": "9.13.0",
+  "version": "9.14.0",
   "author": "Google Inc.",
@@ -40,2 +40,3 @@ "description": "Google APIs Authentication Client Library for Node.js",
     "chai": "^4.2.0",
+    "cheerio": "1.0.0-rc.12",
     "codecov": "^3.0.2",
@@ -42,0 +43,0 @@ "execa": "^5.0.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

603391

increased by1.1%

Lines of code

9972

increased by0.64%

Number of lines in readme file

1443

increased by1.62%

Worsened metrics

Dev dependency count

37

increased by2.78%

No dependency changes