google-auth-library - npm Package Compare versions

Comparing version 9.2.0 to 9.3.0

build/src/auth/credentials.d.ts

		@@ -63,2 +63,3 @@ export interface Credentials {
		quota_project_id?: string;
		universe_domain?: string;
		}
		@@ -74,2 +75,3 @@ export interface ImpersonatedJWTInput {
		private_key?: string;
		universe_domain?: string;
		}

build/src/auth/googleauth.d.ts

		@@ -68,2 +68,3 @@ /// <reference types="node" />
		export declare class GoogleAuth<T extends AuthClient = JSONClient> {
		#private;
		transporter?: Transporter;
		@@ -132,2 +133,11 @@ /**
		/**
		* Retrieves, caches, and returns the universe domain in the following order
		* of precedence:
		* - The universe domain in {@link GoogleAuth.clientOptions}
		* - {@link gcpMetadata.universe}
		*
		* @returns The universe domain
		*/
		getUniverseDomain(): Promise<string>;
		/**
		* @returns Any scopes (user-specified or default scopes specified by the
		@@ -134,0 +144,0 @@ * client library) that need to be set on the current Auth client.

121

build/src/auth/googleauth.js

		@@ -15,2 +15,14 @@ "use strict";
		// limitations under the License.
		var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) \|\| function (receiver, state, kind, f) {
		if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
		if (typeof state === "function" ? receiver !== state \|\| !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
		return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
		};
		var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) \|\| function (receiver, state, value, kind, f) {
		if (kind === "m") throw new TypeError("Private method is not writable");
		if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
		if (typeof state === "function" ? receiver !== state \|\| !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
		return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
		};
		var _GoogleAuth_instances, _GoogleAuth_universeDomain, _GoogleAuth_getUniverseFromMetadataServer;
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -20,2 +32,3 @@ exports.GoogleAuth = exports.CLOUD_SDK_CLIENT_ID = void 0;
		const fs = require("fs");
		const gaxios_1 = require("gaxios");
		const gcpMetadata = require("gcp-metadata");
		@@ -34,3 +47,5 @@ const os = require("os");
		const baseexternalclient_1 = require("./baseexternalclient");
		const authclient_1 = require("./authclient");
		const externalAccountAuthorizedUserClient_1 = require("./externalAccountAuthorizedUserClient");
		const util_1 = require("../util");
		exports.CLOUD_SDK_CLIENT_ID = '764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com';
		@@ -41,2 +56,8 @@ const GoogleAuthExceptionMessages = {
		'https://cloud.google.com/docs/authentication/getting-started',
		NO_CREDENTIALS_FOUND: 'Unable to find credentials in current environment. \n' +
		'To learn more about authentication and Google APIs, visit: \n' +
		'https://cloud.google.com/docs/authentication/getting-started',
		NO_UNIVERSE_DOMAIN_FOUND: 'Unable to detect a Universe Domain in the current environment.\n' +
		'To learn more about Universe Domain retrieval, visit: \n' +
		'https://cloud.google.com/compute/docs/metadata/predefined-metadata-keys',
		};
		@@ -61,2 +82,3 @@ class GoogleAuth {
		constructor(opts) {
		_GoogleAuth_instances.add(this);
		/**
		@@ -71,2 +93,8 @@ * Caches a value indicating whether the auth layer is running on Google
		this.cachedCredential = null;
		/**
		* The cached universe domain.
		*
		* @see {@link GoogleAuth.getUniverseDomain}
		*/
		_GoogleAuth_universeDomain.set(this, undefined);
		opts = opts \|\| {};
		@@ -154,2 +182,16 @@ this._cachedProjectId = opts.projectId \|\| null;
		/**
		* Retrieves, caches, and returns the universe domain in the following order
		* of precedence:
		* - The universe domain in {@link GoogleAuth.clientOptions}
		* - {@link gcpMetadata.universe}
		*
		* @returns The universe domain
		*/
		async getUniverseDomain() {
		var _a, _b;
		__classPrivateFieldSet(this, _GoogleAuth_universeDomain, (_a = __classPrivateFieldGet(this, _GoogleAuth_universeDomain, "f")) !== null && _a !== void 0 ? _a : (0, util_1.originalOrCamelOptions)(this.clientOptions).get('universe_domain'), "f");
		__classPrivateFieldSet(this, _GoogleAuth_universeDomain, (_b = __classPrivateFieldGet(this, _GoogleAuth_universeDomain, "f")) !== null && _b !== void 0 ? _b : await __classPrivateFieldGet(this, _GoogleAuth_instances, "m", _GoogleAuth_getUniverseFromMetadataServer).call(this), "f");
		return __classPrivateFieldGet(this, _GoogleAuth_universeDomain, "f") \|\| authclient_1.DEFAULT_UNIVERSE;
		}
		/**
		* @returns Any scopes (user-specified or default scopes specified by the
		@@ -214,20 +256,11 @@ * client library) that need to be set on the current Auth client.
		// Determine if we're running on GCE.
		let isGCE;
		try {
		isGCE = await this._checkIsGCE();
		}
		catch (e) {
		if (e instanceof Error) {
		e.message = `Unexpected error determining execution environment: ${e.message}`;
		if (await this._checkIsGCE()) {
		// set universe domain for Compute client
		if (!(0, util_1.originalOrCamelOptions)(options).get('universe_domain')) {
		options.universeDomain = await this.getUniverseDomain();
		}
		throw e;
		options.scopes = this.getAnyScopes();
		return await this.prepareAndCacheADC(new computeclient_1.Compute(options), quotaProjectIdOverride);
		}
		if (!isGCE) {
		// We failed to find the default credentials. Bail out with an error.
		throw new Error('Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.');
		}
		// For GCE, just return a default ComputeClient. It will take care of
		// the rest.
		options.scopes = this.getAnyScopes();
		return await this.prepareAndCacheADC(new computeclient_1.Compute(options), quotaProjectIdOverride);
		throw new Error('Could not load the default credentials. Browse to https://cloud.google.com/docs/authentication/getting-started for more information.');
		}
		@@ -605,31 +638,29 @@ async prepareAndCacheADC(credential, quotaProjectIdOverride) {
		const client = await this.getClient();
		if (client instanceof impersonated_1.Impersonated) {
		return { client_email: client.getTargetPrincipal() };
		}
		if (client instanceof baseexternalclient_1.BaseExternalAccountClient) {
		const serviceAccountEmail = client.getServiceAccountEmail();
		if (serviceAccountEmail) {
		return { client_email: serviceAccountEmail };
		return {
		client_email: serviceAccountEmail,
		universe_domain: client.universeDomain,
		};
		}
		}
		if (this.jsonContent) {
		const credential = {
		return {
		client_email: this.jsonContent.client_email,
		private_key: this.jsonContent.private_key,
		universe_domain: this.jsonContent.universe_domain,
		};
		return credential;
		}
		const isGCE = await this._checkIsGCE();
		if (!isGCE) {
		throw new Error('Unknown error.');
		if (await this._checkIsGCE()) {
		const [client_email, universe_domain] = await Promise.all([
		gcpMetadata.instance('service-accounts/default/email'),
		this.getUniverseDomain(),
		]);
		return { client_email, universe_domain };
		}
		// For GCE, return the service account details from the metadata server
		// NOTE: The trailing '/' at the end of service-accounts/ is very important!
		// The GCF metadata server doesn't respect querystring params if this / is
		// not included.
		const data = await gcpMetadata.instance({
		property: 'service-accounts/',
		params: { recursive: 'true' },
		});
		if (!data \|\| !data.default \|\| !data.default.email) {
		throw new Error('Failure from metadata server.');
		}
		return { client_email: data.default.email };
		throw new Error(GoogleAuthExceptionMessages.NO_CREDENTIALS_FOUND);
		}
		@@ -721,2 +752,6 @@ /**
		const client = await this.getClient();
		if (client instanceof impersonated_1.Impersonated) {
		const signed = await client.sign(data);
		return signed.signedBlob;
		}
		const crypto = (0, crypto_1.createCrypto)();
		@@ -747,2 +782,20 @@ if (client instanceof jwtclient_1.JWT && client.key) {
		exports.GoogleAuth = GoogleAuth;
		_GoogleAuth_universeDomain = new WeakMap(), _GoogleAuth_instances = new WeakSet(), _GoogleAuth_getUniverseFromMetadataServer = async function _GoogleAuth_getUniverseFromMetadataServer() {
		if (!(await this._checkIsGCE()))
		return;
		let universeDomain;
		try {
		universeDomain = await gcpMetadata.universe('universe_domain');
		universeDomain \|\| (universeDomain = authclient_1.DEFAULT_UNIVERSE);
		}
		catch (e) {
		if (e instanceof gaxios_1.GaxiosError && e.status === 404) {
		universeDomain = authclient_1.DEFAULT_UNIVERSE;
		}
		else {
		throw e;
		}
		}
		return universeDomain;
		};
		/**
		@@ -749,0 +802,0 @@ * Export DefaultTransporter as a static property of the class.

build/src/auth/impersonated.d.ts

		@@ -19,2 +19,3 @@ /**
		import { IdTokenProvider } from './idtokenclient';
		import { SignBlobResponse } from './googleauth';
		export interface ImpersonatedOptions extends OAuth2ClientOptions {
		@@ -103,2 +104,12 @@ /**
		/**
		* Signs some bytes.
		*
		* {@link https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob Reference Documentation}
		* @param blobToSign String to sign.
		* @return <SignBlobResponse> denoting the keyyID and signedBlob in base64 string
		*/
		sign(blobToSign: string): Promise<SignBlobResponse>;
		/** The service account email to be impersonated. */
		getTargetPrincipal(): string;
		/**
		* Refreshes the access token.
		@@ -105,0 +116,0 @@ * @param refreshToken Unused parameter

build/src/auth/impersonated.js

		@@ -72,2 +72,28 @@ "use strict";
		/**
		* Signs some bytes.
		*
		* {@link https://cloud.google.com/iam/docs/reference/credentials/rest/v1/projects.serviceAccounts/signBlob Reference Documentation}
		* @param blobToSign String to sign.
		* @return <SignBlobResponse> denoting the keyyID and signedBlob in base64 string
		*/
		async sign(blobToSign) {
		await this.sourceClient.getAccessToken();
		const name = `projects/-/serviceAccounts/${this.targetPrincipal}`;
		const u = `${this.endpoint}/v1/${name}:signBlob`;
		const body = {
		delegates: this.delegates,
		payload: Buffer.from(blobToSign).toString('base64'),
		};
		const res = await this.sourceClient.request({
		url: u,
		data: body,
		method: 'POST',
		});
		return res.data;
		}
		/** The service account email to be impersonated. */
		getTargetPrincipal() {
		return this.targetPrincipal;
		}
		/**
		* Refreshes the access token.
		@@ -74,0 +100,0 @@ * @param refreshToken Unused parameter

build/src/crypto/node/crypto.js

		@@ -26,3 +26,3 @@ "use strict";
		async verify(pubkey, data, signature) {
		const verifier = crypto.createVerify('sha256');
		const verifier = crypto.createVerify('RSA-SHA256');
		verifier.update(data);
		@@ -29,0 +29,0 @@ verifier.end();

package.json

		{
		"name": "google-auth-library",
		"version": "9.2.0",
		"version": "9.3.0",
		"author": "Google Inc.",
		@@ -5,0 +5,0 @@ "description": "Google APIs Authentication Client Library for Node.js",

CHANGELOG.md

Sorry, the diff of this file is too big to display

README.md

Sorry, the diff of this file is too big to display

google-auth-library - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics