Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

idtoken package has been broken since v0.49.0 when service_account credential is used #1092

Closed
apstndb opened this issue Jun 28, 2021 · 5 comments · Fixed by #1096
Closed

idtoken package has been broken since v0.49.0 when service_account credential is used #1092

apstndb opened this issue Jun 28, 2021 · 5 comments · Fixed by #1096
Assignees
@codyoss
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@apstndb
Copy link

apstndb commented Jun 28, 2021
edited

Environment details

  • Programming language: Go
  • OS: macOS
  • Language runtime version: Go 1.16.2
  • Package version: v0.49.0

Steps to reproduce

Minimal reproducible code.

package main

import (
	"context"
	"log"

	"google.golang.org/api/idtoken"
)

func main() {
	_, err := idtoken.NewTokenSource(context.Background(), "https://example.com")
	if err != nil {
		log.Fatalln(err)
	}
}

In v0.49.0:

$ GOOGLE_APPLICATION_CREDENTIALS=sa.json go run ./
2021/06/28 18:28:33 neither scopes or audience are available for the self-signed JWT

In v0.48.0, it succeed.

It seems to be related with this comment #1075 (comment) and idtoken package doesn't specify WithAudience.
@apstndb apstndb added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Jun 28, 2021
@apstndb apstndb changed the title idtoken package shows error when service_account credential is used idtoken package has broken since v0.49.0 when service_account credential is used Jun 28, 2021
@apstndb apstndb changed the title idtoken package has broken since v0.49.0 when service_account credential is used idtoken package has been broken since v0.49.0 when service_account credential is used Jun 28, 2021
@bweston92
Copy link

I opened an issue on the docs that is a temporary work around for this: GoogleCloudPlatform/golang-samples#2125

@codyoss
Copy link
Member

codyoss commented Jun 29, 2021

Thank you for the report, I will investigate why this is happening.

This was referenced Jun 29, 2021
Merged
Closed
@codyoss codyoss added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. labels Jun 29, 2021
codyoss added a commit that referenced this issue Jun 30, 2021
@codyoss
fix(internal): fix self-signed detection with scopes (#1096)
ff1d20b 
Removed the requirement on length of scopes passed. Checking the EnableJwtWithScope internal option should be sufficient since it will only be passed with our generated clients that will always include at least the platform scope and a default audience.
Fixes: #1092
@codyoss
Copy link
Member

codyoss commented Jun 30, 2021

https://github.com/googleapis/google-api-go-client/releases/tag/v0.50.0 includes the fix!

@bweston92
Copy link

Hey @codyoss thanks for taking the time to put a fix in :) appreciated.

@codyoss
Copy link
Member

codyoss commented Jun 30, 2021

Of course! 😸

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(internal): fix self-signed detection with scopes
3 participants
@apstndb @bweston92 @codyoss