google-auth-library - npm Package Compare versions

19

build/src/auth/baseexternalclient.d.ts

		@@ -19,3 +19,7 @@ import { GaxiosOptions, GaxiosPromise, GaxiosResponse } from 'gaxios';
		export declare const EXTERNAL_ACCOUNT_TYPE = "external_account";
		/** Cloud resource manager URL used to retrieve project information. */
		/**
		* Cloud resource manager URL used to retrieve project information.
		*
		* @deprecated use {@link BaseExternalAccountClient.cloudResourceManagerURL} instead
		**/
		export declare const CLOUD_RESOURCE_MANAGER = "https://cloudresourcemanager.googleapis.com/v1/projects/";
		@@ -44,2 +48,8 @@ /**
		workforce_pool_user_project?: string;
		scopes?: string[];
		/**
		* @example
		* https://cloudresourcemanager.googleapis.com/v1/projects/
		**/
		cloud_resource_manager_url?: string \| URL;
		}
		@@ -104,2 +114,9 @@ /**
		/**
		* @example
		* ```ts
		* new URL('https://cloudresourcemanager.googleapis.com/v1/projects/');
		* ```
		*/
		protected cloudResourceManagerURL: URL \| string;
		/**
		* Instantiate a BaseExternalAccountClient instance using the provided JSON
		@@ -106,0 +123,0 @@ * object loaded from an external account credentials file.

20

build/src/auth/baseexternalclient.js

		@@ -45,3 +45,7 @@ "use strict";
		exports.EXTERNAL_ACCOUNT_TYPE = 'external_account';
		/** Cloud resource manager URL used to retrieve project information. */
		/**
		* Cloud resource manager URL used to retrieve project information.
		*
		* @deprecated use {@link BaseExternalAccountClient.cloudResourceManagerURL} instead
		**/
		exports.CLOUD_RESOURCE_MANAGER = 'https://cloudresourcemanager.googleapis.com/v1/projects/';
		@@ -93,2 +97,4 @@ /** The workforce audience pattern. */
		const serviceAccountImpersonationLifetime = (0, util_1.originalOrCamelOptions)(serviceAccountImpersonation).get('token_lifetime_seconds');
		this.cloudResourceManagerURL = new URL(opts.get('cloud_resource_manager_url') \|\|
		`https://cloudresourcemanager.${this.universeDomain}/v1/projects/`);
		if (clientId) {
		@@ -102,4 +108,3 @@ this.clientAuth = {
		this.stsCredential = new sts.StsCredentials(tokenUrl, this.clientAuth);
		// Default OAuth scope. This could be overridden via public property.
		this.scopes = [DEFAULT_OAUTH_SCOPE];
		this.scopes = opts.get('scopes') \|\| [DEFAULT_OAUTH_SCOPE];
		this.cachedAccessToken = null;
		@@ -222,3 +227,3 @@ this.audience = opts.get('audience');
		headers,
		url: `${exports.CLOUD_RESOURCE_MANAGER}${projectNumber}`,
		url: `${this.cloudResourceManagerURL.toString()}${projectNumber}`,
		responseType: 'json',
		@@ -418,8 +423,3 @@ });
		}
		else if (typeof this.scopes === 'undefined') {
		return [DEFAULT_OAUTH_SCOPE];
		}
		else {
		return this.scopes;
		}
		return this.scopes \|\| [DEFAULT_OAUTH_SCOPE];
		}
		@@ -426,0 +426,0 @@ getMetricsHeaderValue() {

4

build/src/auth/downscopedclient.js

		@@ -32,4 +32,2 @@ "use strict";
		const STS_SUBJECT_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:access_token';
		/** The STS access token exchange end point. */
		const STS_ACCESS_TOKEN_URL = 'https://sts.googleapis.com/v1/token';
		/**
		@@ -97,3 +95,3 @@ * The maximum number of access boundary rules a Credential Access Boundary
		}
		this.stsCredential = new sts.StsCredentials(STS_ACCESS_TOKEN_URL);
		this.stsCredential = new sts.StsCredentials(`https://sts.${this.universeDomain}/v1/token`);
		this.cachedDownscopedAccessToken = null;
		@@ -100,0 +98,0 @@ }

8

build/src/auth/googleauth.d.ts

		@@ -322,4 +322,10 @@ /// <reference types="node" />
		* @param data The data to be signed.
		* @param endpoint A custom endpoint to use.
		*
		* @example
		* ```
		* sign('data', 'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/');
		* ```
		*/
		sign(data: string): Promise<string>;
		sign(data: string, endpoint?: string): Promise<string>;
		private signBlob;
		@@ -326,0 +332,0 @@ }

21

build/src/auth/googleauth.js

		@@ -744,5 +744,15 @@ "use strict";
		* @param data The data to be signed.
		* @param endpoint A custom endpoint to use.
		*
		* @example
		* ```
		* sign('data', 'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/');
		* ```
		*/
		async sign(data) {
		async sign(data, endpoint) {
		const client = await this.getClient();
		const universe = await this.getUniverseDomain();
		endpoint =
		endpoint \|\|
		`https://iamcredentials.${universe}/v1/projects/-/serviceAccounts/`;
		if (client instanceof impersonated_1.Impersonated) {
		@@ -761,10 +771,9 @@ const signed = await client.sign(data);
		}
		return this.signBlob(crypto, creds.client_email, data);
		return this.signBlob(crypto, creds.client_email, data, endpoint);
		}
		async signBlob(crypto, emailOrUniqueId, data) {
		const url = 'https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/' +
		`${emailOrUniqueId}:signBlob`;
		async signBlob(crypto, emailOrUniqueId, data, endpoint) {
		const url = new URL(endpoint + `${emailOrUniqueId}:signBlob`);
		const res = await this.request({
		method: 'POST',
		url,
		url: url.href,
		data: {
		@@ -771,0 +780,0 @@ payload: crypto.encodeBase64StringUtf8(data),

7

build/src/auth/jwtclient.js

		@@ -20,2 +20,3 @@ "use strict";
		const oauth2client_1 = require("./oauth2client");
		const authclient_1 = require("./authclient");
		class JWT extends oauth2client_1.OAuth2Client {
		@@ -56,3 +57,7 @@ constructor(optionsOrEmail, keyFile, key, scopes, subject, keyId) {
		const useSelfSignedJWT = (!this.hasUserScopes() && url) \|\|
		(this.useJWTAccessWithScope && this.hasAnyScopes());
		(this.useJWTAccessWithScope && this.hasAnyScopes()) \|\|
		this.universeDomain !== authclient_1.DEFAULT_UNIVERSE;
		if (this.subject && this.universeDomain !== authclient_1.DEFAULT_UNIVERSE) {
		throw new RangeError(`Service Account user is configured for the credential. Domain-wide delegation is not supported in universes other than ${authclient_1.DEFAULT_UNIVERSE}`);
		}
		if (!this.apiKey && useSelfSignedJWT) {
		@@ -59,0 +64,0 @@ if (this.additionalClaims &&

103

build/src/auth/oauth2client.d.ts

		@@ -303,2 +303,54 @@ /// <reference types="node" />
		}
		export interface OAuth2ClientEndpoints {
		/**
		* The endpoint for viewing access token information
		*
		* @example
		* 'https://oauth2.googleapis.com/tokeninfo'
		*/
		tokenInfoUrl: string \| URL;
		/**
		* The base URL for auth endpoints.
		*
		* @example
		* 'https://accounts.google.com/o/oauth2/v2/auth'
		*/
		oauth2AuthBaseUrl: string \| URL;
		/**
		* The base endpoint for token retrieval
		* .
		* @example
		* 'https://oauth2.googleapis.com/token'
		*/
		oauth2TokenUrl: string \| URL;
		/**
		* The base endpoint to revoke tokens.
		*
		* @example
		* 'https://oauth2.googleapis.com/revoke'
		*/
		oauth2RevokeUrl: string \| URL;
		/**
		* Sign on certificates in PEM format.
		*
		* @example
		* 'https://www.googleapis.com/oauth2/v1/certs'
		*/
		oauth2FederatedSignonPemCertsUrl: string \| URL;
		/**
		* Sign on certificates in JWK format.
		*
		* @example
		* 'https://www.googleapis.com/oauth2/v3/certs'
		*/
		oauth2FederatedSignonJwkCertsUrl: string \| URL;
		/**
		* IAP Public Key URL.
		* This URL contains a JSON dictionary that maps the `kid` claims to the public key values.
		*
		* @example
		* 'https://www.gstatic.com/iap/verify/public_key'
		*/
		oauth2IapPublicKeyUrl: string \| URL;
		}
		export interface OAuth2ClientOptions extends AuthClientOptions {
		@@ -308,2 +360,10 @@ clientId?: string;
		redirectUri?: string;
		/**
		* Customizable endpoints.
		*/
		endpoints?: Partial<OAuth2ClientEndpoints>;
		/**
		* The allowed OAuth2 token issuers.
		*/
		issuers?: string[];
		}
		@@ -317,2 +377,4 @@ export type RefreshOptions = Pick<AuthClientOptions, 'eagerRefreshThresholdMillis' \| 'forceRefreshOnFailure'>;
		protected refreshTokenPromises: Map<string, Promise<GetTokenResponse>>;
		readonly endpoints: Readonly<OAuth2ClientEndpoints>;
		readonly issuers: string[];
		_clientId?: string;
		@@ -334,28 +396,7 @@ _clientSecret?: string;
		constructor(clientId?: string, clientSecret?: string, redirectUri?: string);
		protected static readonly GOOGLE_TOKEN_INFO_URL = "https://oauth2.googleapis.com/tokeninfo";
		/**
		* The base URL for auth endpoints.
		* @deprecated use instance's {@link OAuth2Client.endpoints}
		*/
		private static readonly GOOGLE_OAUTH2_AUTH_BASE_URL_;
		protected static readonly GOOGLE_TOKEN_INFO_URL = "https://oauth2.googleapis.com/tokeninfo";
		/**
		* The base endpoint for token retrieval.
		*/
		private static readonly GOOGLE_OAUTH2_TOKEN_URL_;
		/**
		* The base endpoint to revoke tokens.
		*/
		private static readonly GOOGLE_OAUTH2_REVOKE_URL_;
		/**
		* Google Sign on certificates in PEM format.
		*/
		private static readonly GOOGLE_OAUTH2_FEDERATED_SIGNON_PEM_CERTS_URL_;
		/**
		* Google Sign on certificates in JWK format.
		*/
		private static readonly GOOGLE_OAUTH2_FEDERATED_SIGNON_JWK_CERTS_URL_;
		/**
		* Google Sign on certificates in JWK format.
		*/
		private static readonly GOOGLE_OAUTH2_IAP_PUBLIC_KEY_URL_;
		/**
		* Clock skew - five minutes in seconds
		@@ -365,10 +406,6 @@ */
		/**
		* Max Token Lifetime is one day in seconds
		* The default max Token Lifetime is one day in seconds
		*/
		private static readonly MAX_TOKEN_LIFETIME_SECS_;
		private static readonly DEFAULT_MAX_TOKEN_LIFETIME_SECS_;
		/**
		* The allowed oauth token issuers.
		*/
		private static readonly ISSUERS_;
		/**
		* Generates URL for consent page landing.
		@@ -436,5 +473,13 @@ * @param opts Options.
		* @param token The existing token to be revoked.
		*
		* @deprecated use instance method {@link OAuth2Client.getRevokeTokenURL}
		*/
		static getRevokeTokenUrl(token: string): string;
		/**
		* Generates a URL to revoke the given token.
		*
		* @param token The existing token to be revoked.
		*/
		getRevokeTokenURL(token: string): URL;
		/**
		* Revokes the access given to token.
		@@ -441,0 +486,0 @@ * @param token The existing token to be revoked.

86

build/src/auth/oauth2client.js

		@@ -47,2 +47,17 @@ "use strict";
		this.redirectUri = opts.redirectUri;
		this.endpoints = {
		tokenInfoUrl: 'https://oauth2.googleapis.com/tokeninfo',
		oauth2AuthBaseUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
		oauth2TokenUrl: 'https://oauth2.googleapis.com/token',
		oauth2RevokeUrl: 'https://oauth2.googleapis.com/revoke',
		oauth2FederatedSignonPemCertsUrl: 'https://www.googleapis.com/oauth2/v1/certs',
		oauth2FederatedSignonJwkCertsUrl: 'https://www.googleapis.com/oauth2/v3/certs',
		oauth2IapPublicKeyUrl: 'https://www.gstatic.com/iap/verify/public_key',
		...opts.endpoints,
		};
		this.issuers = opts.issuers \|\| [
		'accounts.google.com',
		'https://accounts.google.com',
		this.universeDomain,
		];
		}
		@@ -65,3 +80,3 @@ /**
		}
		const rootUrl = OAuth2Client.GOOGLE_OAUTH2_AUTH_BASE_URL_;
		const rootUrl = this.endpoints.oauth2AuthBaseUrl.toString();
		return (rootUrl +
		@@ -115,3 +130,3 @@ '?' +
		async getTokenAsync(options) {
		const url = OAuth2Client.GOOGLE_OAUTH2_TOKEN_URL_;
		const url = this.endpoints.oauth2TokenUrl.toString();
		const values = {
		@@ -168,3 +183,3 @@ code: options.code,
		}
		const url = OAuth2Client.GOOGLE_OAUTH2_TOKEN_URL_;
		const url = this.endpoints.oauth2TokenUrl.toString();
		const data = {
		@@ -322,10 +337,21 @@ refresh_token: refreshToken,
		* @param token The existing token to be revoked.
		*
		* @deprecated use instance method {@link OAuth2Client.getRevokeTokenURL}
		*/
		static getRevokeTokenUrl(token) {
		const parameters = querystring.stringify({ token });
		return `${OAuth2Client.GOOGLE_OAUTH2_REVOKE_URL_}?${parameters}`;
		return new OAuth2Client().getRevokeTokenURL(token).toString();
		}
		/**
		* Generates a URL to revoke the given token.
		*
		* @param token The existing token to be revoked.
		*/
		getRevokeTokenURL(token) {
		const url = new URL(this.endpoints.oauth2RevokeUrl);
		url.searchParams.append('token', token);
		return url;
		}
		revokeToken(token, callback) {
		const opts = {
		url: OAuth2Client.getRevokeTokenUrl(token),
		url: this.getRevokeTokenURL(token).toString(),
		method: 'POST',
		@@ -460,3 +486,3 @@ };
		const response = await this.getFederatedSignonCertsAsync();
		const login = await this.verifySignedJwtWithCertsAsync(options.idToken, response.certs, options.audience, OAuth2Client.ISSUERS_, options.maxExpiry);
		const login = await this.verifySignedJwtWithCertsAsync(options.idToken, response.certs, options.audience, this.issuers, options.maxExpiry);
		return login;
		@@ -478,3 +504,3 @@ }
		},
		url: OAuth2Client.GOOGLE_TOKEN_INFO_URL,
		url: this.endpoints.tokenInfoUrl.toString(),
		});
		@@ -511,6 +537,6 @@ const info = Object.assign({
		case CertificateFormat.PEM:
		url = OAuth2Client.GOOGLE_OAUTH2_FEDERATED_SIGNON_PEM_CERTS_URL_;
		url = this.endpoints.oauth2FederatedSignonPemCertsUrl.toString();
		break;
		case CertificateFormat.JWK:
		url = OAuth2Client.GOOGLE_OAUTH2_FEDERATED_SIGNON_JWK_CERTS_URL_;
		url = this.endpoints.oauth2FederatedSignonJwkCertsUrl.toString();
		break;
		@@ -569,3 +595,3 @@ default:
		let res;
		const url = OAuth2Client.GOOGLE_OAUTH2_IAP_PUBLIC_KEY_URL_;
		const url = this.endpoints.oauth2IapPublicKeyUrl.toString();
		try {
		@@ -600,3 +626,3 @@ res = await this.transporter.request({ url });
		if (!maxExpiry) {
		maxExpiry = OAuth2Client.MAX_TOKEN_LIFETIME_SECS_;
		maxExpiry = OAuth2Client.DEFAULT_MAX_TOKEN_LIFETIME_SECS_;
		}
		@@ -733,28 +759,7 @@ const segments = jwt.split('.');
		exports.OAuth2Client = OAuth2Client;
		OAuth2Client.GOOGLE_TOKEN_INFO_URL = 'https://oauth2.googleapis.com/tokeninfo';
		/**
		* The base URL for auth endpoints.
		* @deprecated use instance's {@link OAuth2Client.endpoints}
		*/
		OAuth2Client.GOOGLE_OAUTH2_AUTH_BASE_URL_ = 'https://accounts.google.com/o/oauth2/v2/auth';
		OAuth2Client.GOOGLE_TOKEN_INFO_URL = 'https://oauth2.googleapis.com/tokeninfo';
		/**
		* The base endpoint for token retrieval.
		*/
		OAuth2Client.GOOGLE_OAUTH2_TOKEN_URL_ = 'https://oauth2.googleapis.com/token';
		/**
		* The base endpoint to revoke tokens.
		*/
		OAuth2Client.GOOGLE_OAUTH2_REVOKE_URL_ = 'https://oauth2.googleapis.com/revoke';
		/**
		* Google Sign on certificates in PEM format.
		*/
		OAuth2Client.GOOGLE_OAUTH2_FEDERATED_SIGNON_PEM_CERTS_URL_ = 'https://www.googleapis.com/oauth2/v1/certs';
		/**
		* Google Sign on certificates in JWK format.
		*/
		OAuth2Client.GOOGLE_OAUTH2_FEDERATED_SIGNON_JWK_CERTS_URL_ = 'https://www.googleapis.com/oauth2/v3/certs';
		/**
		* Google Sign on certificates in JWK format.
		*/
		OAuth2Client.GOOGLE_OAUTH2_IAP_PUBLIC_KEY_URL_ = 'https://www.gstatic.com/iap/verify/public_key';
		/**
		* Clock skew - five minutes in seconds
		@@ -764,11 +769,4 @@ */
		/**
		* Max Token Lifetime is one day in seconds
		* The default max Token Lifetime is one day in seconds
		*/
		OAuth2Client.MAX_TOKEN_LIFETIME_SECS_ = 86400;
		/**
		* The allowed oauth token issuers.
		*/
		OAuth2Client.ISSUERS_ = [
		'accounts.google.com',
		'https://accounts.google.com',
		];
		OAuth2Client.DEFAULT_MAX_TOKEN_LIFETIME_SECS_ = 86400;

2

build/src/auth/stscredentials.d.ts

		@@ -97,3 +97,3 @@ import { GaxiosResponse } from 'gaxios';
		*/
		constructor(tokenExchangeEndpoint: string, clientAuthentication?: ClientAuthentication);
		constructor(tokenExchangeEndpoint: string \| URL, clientAuthentication?: ClientAuthentication);
		/**
		@@ -100,0 +100,0 @@ * Exchanges the provided token for another type of token based on the

2

build/src/auth/stscredentials.js

		@@ -81,3 +81,3 @@ "use strict";
		const opts = {
		url: this.tokenExchangeEndpoint,
		url: this.tokenExchangeEndpoint.toString(),
		method: 'POST',
		@@ -84,0 +84,0 @@ headers,

2

package.json

		{
		"name": "google-auth-library",
		"version": "9.5.0",
		"version": "9.6.0",
		"author": "Google Inc.",
		@@ -5,0 +5,0 @@ "description": "Google APIs Authentication Client Library for Node.js",

CHANGELOG.md

Sorry, the diff of this file is too big to display

Improved metrics