Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorize with google cloud sdk application default credentials #53

Open
Marlin-Na opened this issue Apr 26, 2021 · 3 comments
Open

Authorize with google cloud sdk application default credentials #53

Marlin-Na opened this issue Apr 26, 2021 · 3 comments

Comments

@Marlin-Na
Copy link

Hey I am glad seeing this rust binding of google cloud apis.

The python client and others implement several ways to authorize it. https://github.com/googleapis/google-auth-library-python/blob/9e1082366d113286bc063051fd76b4799791d943/google/auth/_default.py#L346-L435

  1. via GOOGLE_APPLICATION_CREDENTIALS environment variable.
  2. via google cloud sdk, i.e. gcloud auth application-default login
  3. via App Engine/ Compute Engine running environment

I am particular interested in the second way for authorization. It essentially involves checking ~/.config/gcloud/application_default_credentials.json file to get client_secret and refresh_token. For example:

> cat ~/.config/gcloud/application_default_credentials.json 
{
  "client_id": "xxx",
  "client_secret": "xxx",
  "refresh_token": "xxx",
  "type": "authorized_user"
}

It would be great if this library can implement this kind of authorization. Issue #15 is probably related.
@plippe
Copy link

plippe commented Apr 27, 2021

Hey,

I am looking for something similar.

I have an application running as a Docker container on Google Cloud Run. I want to interact with Datastore, but I can't seem to obtain the service account.

As others have suggested, it might be worth rewriting the client creation to follow Google's default credential flow and avoid duplication.

I don't mind trying to write a PR. It shouldn't be too hard as the logic already exist in all the official libraries. I should have something in a week or two.

Would anyone have any advice before I start?

@plippe
Copy link

plippe commented May 5, 2021

There doesn't seem to be much interest for my PR.
Therefore, I won't waste any time on it.

@GlenDC
Copy link

GlenDC commented Aug 23, 2021

@Hirevo is this library still being supported? Do you need help?
I would also very much like this logic as for now I am having to polyfill it myself.
And while I do not mind putting in the work (as I will be forced to anyway),
it does seem like a waste of time that all of us need to implement this ourselves.

As such, can the PR of @plippe be looked at please? If not, can you tell us why,
so that he, I or someone else can take a second look at it, either by picking up the PR,
or going for a by you approved different approach.

Either way, as it stands now, the library is auth-wise very much under-supported,
which is a shame, as all the rest does seem to be pretty neat as-is. For which,
a big thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@plippe @GlenDC @Marlin-Na