Comments (5)
Hi, thanks for the question!
The behavior of GKE is expected if you rely on a VM-provided credential. Access token is indeed cashed on environment level for approx. 55 min, just like you have discovered.
The documentation you referring to is for the very base class, not a specific credential you eventually use. Most likely the actual type of credential in your case in ComputeEngineCredentials. Although I agree, base class documentation is misleading in this case, we will update that refresh behavior depends on actual credential type.
Locally you are outside of GCE/GKE environment and you probably rely on some serviceaccount or usercredentials from gcloud. They don't cache.
If you want local and GKE behaviors to match you need to set up prod environment with a ServiceAccount. One way to do that, that does no require any code change in your case: set the environment variable GOOGLE_APPLICATION_CREDENTIALS to the path of the JSON file that contains your service account key.
from google-auth-library-java.
Thanks. It makes sense.
If you want local and GKE behaviors to match you need to set up prod environment with a ServiceAccount.
: In my case I was using a Service Account both in GKE (using WLI) and local environment (using json key). I am assuming caching in some layer in GKE environment when using WLI (pod/node/metadata-server etc.) Unfortunately I couldn't find a good documentation for this yet.
from google-auth-library-java.
Oh actually, even separate service account could be cached in some environments. Apparently it is true for GKE. Sorry for the confusion.
BTW, do you really need the token flow? For most services token flow is not used and SelfSignedJWT flow is used instead. In this no access token and no refresh required.
This flow should be enabled by default when used with scopes. You can check having a breakpoint here, here.
from google-auth-library-java.
@gaurav517 In general, there is no practical difference. Either way, library makes sure the token is fresh on each request. Let us know if there is any scenario that is affected by differences in behavior.
from google-auth-library-java.
please reopen if any more questions
from google-auth-library-java.
Related Issues (20)
- Allow AWS Credentials to be provided at runtime HOT 10
- Warning: a recent release failed
- Google Login: Library v1.12.1 and later are broken on Android API 21 HOT 2
- External Cloud RAD Pages are outdated and show v1.7.0 as the latest release
- Integrating google-auth-library-java into OSS-Fuzz HOT 1
- Warning: a recent release failed
- Support for GCP Application Default Credentials strategy HOT 1
- Add support for reading GOOGLE_APPLICATION_CREDENTIALS as a property HOT 1
- Authenticate with Service Account to send Gmail HOT 2
- Missing scopes using WIF when upgrading google-auth-library-java-oauth2-http from 1.13.0 to 1.14.0 HOT 8
- Add reactor Bindings HOT 3
- The horror of chain reaction (GoogleCredentials) HOT 1
- Allow usage of ExternalAccountCredentials custom implementation HOT 2
- unchecked casts are bad practice, but allowed globally in pom.xml
- Add native image support for credentials and appengine modules
- impersonated_service_account not recognized HOT 1
- ExternalAccountCredentials serialization is broken HOT 1
- com.google.firebase.messaging.FirebaseMessagingException: Unknown error while making a remote service call: Error getting access token for service account: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 405 Method Not Allowed", HOT 2
- [kms]: Missing credentials leads to misleading exception and pointless retry loop HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-auth-library-java.