Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: allow set lifetime for service account creds #516

Merged
merged 12 commits into from Jan 12, 2021
Merged

Conversation

arithmetic1728
Copy link
Collaborator

Fixes #474 for service account credentials.

For self-signed JWT, this doc explains the constraints on exp claim in the assertion.

The exp (expiration time) claim must be no more than 12 hours in the future. 
If you are calling a Google API, the exp claim must be set no more than 1 hour in the future.

This PR removes the hard-coded 1 hour lifetime, allows users to provide a custom lifetime up to 12 hours.

@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Dec 10, 2020
@codecov
Copy link

codecov bot commented Dec 10, 2020

Codecov Report

Merging #516 (6ed887a) into master (af21727) will increase coverage by 0.08%.
The diff coverage is 88.23%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #516      +/-   ##
============================================
+ Coverage     80.05%   80.13%   +0.08%     
- Complexity      421      424       +3     
============================================
  Files            28       28              
  Lines          1965     1978      +13     
  Branches        209      212       +3     
============================================
+ Hits           1573     1585      +12     
  Misses          283      283              
- Partials        109      110       +1     
Impacted Files Coverage Δ Complexity Δ
.../google/auth/oauth2/ServiceAccountCredentials.java 82.94% <88.23%> (+0.49%) 52.00 <6.00> (+3.00)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af21727...6ed887a. Read the comment docs.

@arithmetic1728
Copy link
Collaborator Author

The format / format-code failure is not related to this PR.

@arithmetic1728 arithmetic1728 marked this pull request as ready for review December 10, 2020 07:18
@arithmetic1728 arithmetic1728 requested a review from a team as a code owner December 10, 2020 07:18
@arithmetic1728
Copy link
Collaborator Author

Just did a new commit to use the default lifetime (3600) if lifetime is set to 0.

@chingor13 chingor13 merged commit 427f2d5 into master Jan 12, 2021
@chingor13 chingor13 deleted the lifespan_srv branch January 12, 2021 23:12
gcf-merge-on-green bot pushed a commit that referenced this pull request Jan 26, 2021
🤖 I have created a release \*beep\* \*boop\* 
---
## [0.23.0](https://www.github.com/googleapis/google-auth-library-java/compare/v0.22.2...v0.23.0) (2021-01-26)


### ⚠ BREAKING CHANGES

* privatize deprecated constructor (#473)

### Features

* allow custom lifespan for impersonated creds ([#515](https://www.github.com/googleapis/google-auth-library-java/issues/515)) ([0707ed4](https://www.github.com/googleapis/google-auth-library-java/commit/0707ed4bbb40fb775f196004ee30f8c695fe662b))
* allow custom scopes for compute engine creds ([#514](https://www.github.com/googleapis/google-auth-library-java/issues/514)) ([edc8d6e](https://www.github.com/googleapis/google-auth-library-java/commit/edc8d6e0e7ca2c6749d026ba42854a09c4879fd6))
* allow set lifetime for service account creds ([#516](https://www.github.com/googleapis/google-auth-library-java/issues/516)) ([427f2d5](https://www.github.com/googleapis/google-auth-library-java/commit/427f2d5610f0e8184a21b24531d2549a68c0b546))
* promote IdToken and JWT features ([#538](https://www.github.com/googleapis/google-auth-library-java/issues/538)) ([b514fe0](https://www.github.com/googleapis/google-auth-library-java/commit/b514fe0cebe5a294e0cf97b7b5349e6a523dc7b2))


### Bug Fixes

* per google style, logger is lower case ([#529](https://www.github.com/googleapis/google-auth-library-java/issues/529)) ([ecfc6a2](https://www.github.com/googleapis/google-auth-library-java/commit/ecfc6a2ea6060e06629b5d422b23b842b917f55e))
* privatize deprecated constructor ([#473](https://www.github.com/googleapis/google-auth-library-java/issues/473)) ([5804ff0](https://www.github.com/googleapis/google-auth-library-java/commit/5804ff03a531268831ac797ab262638a3119c14f))
* remove deprecated methods ([#537](https://www.github.com/googleapis/google-auth-library-java/issues/537)) ([427963e](https://www.github.com/googleapis/google-auth-library-java/commit/427963e04702d8b73eca5ed555539b11bbe97342))
* replace non-precondition use of Preconditions ([#539](https://www.github.com/googleapis/google-auth-library-java/issues/539)) ([f2ab4f1](https://www.github.com/googleapis/google-auth-library-java/commit/f2ab4f14262d54de0fde85494cfd92cf01a30cbe))
* switch to GSON ([#531](https://www.github.com/googleapis/google-auth-library-java/issues/531)) ([1b98d5c](https://www.github.com/googleapis/google-auth-library-java/commit/1b98d5c86fc5e56187c977e7f43c39bb62483d40))
* use default timeout if given 0 for ImpersonatedCredentials ([#527](https://www.github.com/googleapis/google-auth-library-java/issues/527)) ([ec74870](https://www.github.com/googleapis/google-auth-library-java/commit/ec74870c372a33d4157b45bb5d59ad7464fb2238))


### Dependencies

* update dependency com.google.appengine:appengine-api-1.0-sdk to v1.9.84 ([#422](https://www.github.com/googleapis/google-auth-library-java/issues/422)) ([b262c45](https://www.github.com/googleapis/google-auth-library-java/commit/b262c4587b058e6837429ee05f1b6a63620ee598))
* update dependency com.google.guava:guava to v30.1-android ([#522](https://www.github.com/googleapis/google-auth-library-java/issues/522)) ([4090d1c](https://www.github.com/googleapis/google-auth-library-java/commit/4090d1cb50041bceb1cd975d1a9249a412df936f))


### Documentation

* fix wording in jwtWithClaims Javadoc ([#536](https://www.github.com/googleapis/google-auth-library-java/issues/536)) ([af21727](https://www.github.com/googleapis/google-auth-library-java/commit/af21727815263fb5ffc07ede953cf042fac3ac2b))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for generating a OAuth 2.0 access tokens with lifespan > 1 hour
4 participants