New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
idtoken: computeEngine should support format and license options #542
Comments
Thanks for opening the feature request. As you said switching the default might be hard to do at this point. Overall though this seems like something that we could make configurable. cc @broady |
Would it be possible to add another field into DialSettings google-api-go-client/internal/settings.go Lines 21 to 25 in d6ee425
Those are already being passed to computeTokenSource and adding a bit of logic should be trivial. google-api-go-client/idtoken/compute.go Line 20 in 62364a2
|
Added field CustomFormat to DialSettings in internal/settings.go Added field format to computerIDTokenSource in idtoken/compute.go Function computeTokenSource now sets field format to full, and if ds.CustomFormat != "" overwrites the field Method Token now uses c.format instead of string literal "full" Fixes googleapis#542
Added field CustomFormat to DialSettings in internal/settings.go Added field format to computerIDTokenSource in idtoken/compute.go Function computeTokenSource now sets field format to full, and if ds.CustomFormat != "" overwrites the field Method Token now uses c.format instead of string literal "full" Fixes googleapis#542
Added field CustomFormat to DialSettings in internal/settings.go Added field format to computerIDTokenSource in idtoken/compute.go Function computeTokenSource now sets field format to full, and if ds.CustomFormat != "" overwrites the field Method Token now uses c.format instead of string literal "full" Fixes googleapis#542
Is this a viable solution? I feel like this is the only way without things breaking for existing users. |
This is being addressed in our new auth library we will be shifting to soon. Closing as done in the new library: https://pkg.go.dev/cloud.google.com/go/auth/idtoken#ComputeTokenFormat |
id tokens set the format to
full
always which may include a lot of extra information in the tokeneg. the gce instanceid, zone, etc, see googleapis/google-auth-library-nodejs#792 (comment)
and described here
compute metadata based token uses by default
&format=standard
and does not include this extra info.FR to have an option to allow setting the format and if it should include any license info (which is another parameter). If possible, maybe make it default to standard but that may break existing users of the library.
Just note, there will be another GET parameter available soon which will allow including just the email value into the idtoken.
the settings here hardcodes it to
full
https://github.com/googleapis/google-api-go-client/blob/master/idtoken/compute.go#L41
The text was updated successfully, but these errors were encountered: