Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add difference between default and user-defined scope #306

Merged
merged 8 commits into from
Sep 23, 2020
Merged

feat: add difference between default and user-defined scope #306

merged 8 commits into from
Sep 23, 2020

Conversation

bshaffer
Copy link
Contributor

@bshaffer bshaffer commented Sep 15, 2020
edited

This PR allows the calling libraries (GAPIC, veneer, Apiary) to pass $defaultScope in separately from $scope. This allows ServiceAccountCredentials to use self-signed JWTs more frequently. Before, default scopes were preferred to self-signed JWTs, but if we can differentiate between user-defined and default scopes, we can prefer user-defined scopes to self-signed JWTs, but self-signed JWTs to default scopes.

So in effect, our clients can use self-signed JWTs when:

  • A service account is being used
  • A scope has not been set by the user
  • A target_audience has not been set by the user
  • An api_endpoint has not been set by the user

Related PRs:

Note: In this implementation, ServiceAccountCredentials no longer calls fetchAuthToken with default scopes. If they are invoked without an $authUri, no credentials will be provided. This is not a BC break, as it only will take place if $defaultScopes is utilized by the calling party. But we need to verify this is the correct behavior.

@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Sep 15, 2020
@bshaffer bshaffer mentioned this pull request Sep 16, 2020
Merged
@bshaffer bshaffer requested a review from a team September 23, 2020 16:51
jdpedrie
jdpedrie approved these changes Sep 23, 2020
View reviewed changes
Copy link
Contributor

@jdpedrie jdpedrie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit.

src/CredentialsLoader.php Show resolved Hide resolved
@bshaffer bshaffer merged commit 9ccaea6 into master Sep 23, 2020
@bshaffer bshaffer deleted the accomodate-default-scope branch September 23, 2020 23:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdpedrie jdpedrie jdpedrie approved these changes

Assignees
No one assigned
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bshaffer @jdpedrie