Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

idtoken: computeEngine should support format and license options #542

Closed
salrashid123 opened this issue Jun 18, 2020 · 4 comments · May be fixed by #1665
Closed

idtoken: computeEngine should support format and license options #542

salrashid123 opened this issue Jun 18, 2020 · 4 comments · May be fixed by #1665
Assignees
@codyoss
Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@salrashid123
Copy link

id tokens set the format to full always which may include a lot of extra information in the token

eg. the gce instanceid, zone, etc, see googleapis/google-auth-library-nodejs#792 (comment)

and described here

compute metadata based token uses by default &format=standard and does not include this extra info.

FR to have an option to allow setting the format and if it should include any license info (which is another parameter). If possible, maybe make it default to standard but that may break existing users of the library.

Just note, there will be another GET parameter available soon which will allow including just the email value into the idtoken.

the settings here hardcodes it to full

https://github.com/googleapis/google-api-go-client/blob/master/idtoken/compute.go#L41
@codyoss
Copy link
Member

codyoss commented Jun 19, 2020

Thanks for opening the feature request. As you said switching the default might be hard to do at this point. Overall though this seems like something that we could make configurable. cc @broady

@codyoss codyoss self-assigned this Jun 19, 2020
@codyoss codyoss added the type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. label Jun 19, 2020
@codyoss codyoss changed the title idToken from computeEngine should support format and license options idtoken: computeEngine should support format and license options Jul 21, 2020
@eisandbar
Copy link
Contributor

Would it be possible to add another field into DialSettings

google-api-go-client/internal/settings.go

Lines 21 to 25 in d6ee425

type DialSettings struct {
Endpoint string
DefaultEndpoint string
DefaultMTLSEndpoint string
Scopes []string

Those are already being passed to computeTokenSource and adding a bit of logic should be trivial.

google-api-go-client/idtoken/compute.go

Line 20 in 62364a2

func computeTokenSource(audience string, ds *internal.DialSettings) (oauth2.TokenSource, error) {

eisandbar added a commit to eisandbar/google-api-go-client that referenced this issue Aug 16, 2022
@eisandbar
feat(idtoken):Allow format options
a482422 
Added field CustomFormat to DialSettings in internal/settings.go
Added field format to computerIDTokenSource in idtoken/compute.go
Function computeTokenSource now sets field format to full, and if ds.CustomFormat != "" overwrites the field
Method Token now uses c.format instead of string literal "full"

Fixes googleapis#542
eisandbar added a commit to eisandbar/google-api-go-client that referenced this issue Aug 16, 2022
@eisandbar
feat(idtoken):Allow format options
e76c68c 
Added field CustomFormat to DialSettings in internal/settings.go
Added field format to computerIDTokenSource in idtoken/compute.go
Function computeTokenSource now sets field format to full, and if ds.CustomFormat != "" overwrites the field
Method Token now uses c.format instead of string literal "full"

Fixes googleapis#542
@eisandbar eisandbar mentioned this issue Aug 16, 2022
Open
eisandbar added a commit to eisandbar/google-api-go-client that referenced this issue Aug 16, 2022
@eisandbar
feat(idtoken): Allow format options
62af93a 
Added field CustomFormat to DialSettings in internal/settings.go
Added field format to computerIDTokenSource in idtoken/compute.go
Function computeTokenSource now sets field format to full, and if ds.CustomFormat != "" overwrites the field
Method Token now uses c.format instead of string literal "full"

Fixes googleapis#542
@eisandbar
Copy link
Contributor

#1665 (comment)

Is this a viable solution? I feel like this is the only way without things breaking for existing users.

@codyoss
Copy link
Member

codyoss commented Apr 23, 2024
edited

This is being addressed in our new auth library we will be shifting to soon. Closing as done in the new library: https://pkg.go.dev/cloud.google.com/go/auth/idtoken#ComputeTokenFormat

@codyoss codyoss closed this as completed Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(idtoken): Allow format options eisandbar/google-api-go-client
3 participants
@codyoss @salrashid123 @eisandbar