Comments (2)
Yes, I've been thinking about what we should do here. In the short run the Java library just passes the URI straight through as the Audience with no processing.
What I think we should do here:
- Have the transport pass in the full URI of the method call.
- Have the ServiceAccountJwtAccessCredentials trim this down the just the entry point to use as the Audience field.
The thinking is that while Jwt Access Credentials does not happen to use the method, a theoretical credential might. Also, the Jwt Accses Credential probably needs some caching, so it needs to truncate this as a key for the caching as well.
We should discuss with other implementers of the auth libraries. If this is the way to go, we should implement the truncation in the auth library first. When that version is consumed by grpc-java, the truncation can be removed from that layer.
from google-auth-library-java.
Is this a breaking change?
from google-auth-library-java.
Related Issues (20)
- Allow AWS Credentials to be provided at runtime HOT 10
- Warning: a recent release failed
- Google Login: Library v1.12.1 and later are broken on Android API 21 HOT 2
- External Cloud RAD Pages are outdated and show v1.7.0 as the latest release
- Integrating google-auth-library-java into OSS-Fuzz HOT 1
- Warning: a recent release failed
- Support for GCP Application Default Credentials strategy HOT 1
- Add support for reading GOOGLE_APPLICATION_CREDENTIALS as a property HOT 1
- Authenticate with Service Account to send Gmail HOT 2
- Missing scopes using WIF when upgrading google-auth-library-java-oauth2-http from 1.13.0 to 1.14.0 HOT 8
- google-auth-library-java-oauth2-http: refresh() doesn't generate new token on each call in GKE HOT 5
- Add reactor Bindings HOT 3
- The horror of chain reaction (GoogleCredentials) HOT 1
- Allow usage of ExternalAccountCredentials custom implementation HOT 2
- unchecked casts are bad practice, but allowed globally in pom.xml
- Add native image support for credentials and appengine modules
- impersonated_service_account not recognized HOT 1
- ExternalAccountCredentials serialization is broken HOT 1
- com.google.firebase.messaging.FirebaseMessagingException: Unknown error while making a remote service call: Error getting access token for service account: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 405 Method Not Allowed", HOT 2
- [kms]: Missing credentials leads to misleading exception and pointless retry loop HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-auth-library-java.