Comments (14)
Internally we have a hacked together "DefaultApplicationCredentials" thing (as per https://developers.google.com/identity/protocols/application-default-credentials). We'd be happy to open source it, but it needs a bit of cleaning up. Could do this over Christmas if there's interest.
from yup-oauth2.
This is what I wrote for this use case, seems to work:
header! { (MetadataFlavor, "Metadata-Flavor") => [String] }
struct MetadataServerProvider {
client: HyperClient,
token: Token,
}
impl GetToken for MetadataServerProvider {
fn api_key(&mut self) -> Option<String> {
None
}
fn token<'b, I, T>(&mut self, _scopes: I) -> Result<Token, Box<StdError>>
where T: AsRef<str> + Ord + 'b,
I: IntoIterator<Item = &'b T>
{
if !self.token.access_token.is_empty() && !self.token.expired() {
return Ok(self.token.clone());
}
let client = HyperClient::new();
debug!("DefaultApplicationCredentials: checking metadata server...");
let mut error;
for _ in 0..3 {
let response = client.get("http://metadata.google.\
internal/computeMetadata/v1/instance/service-accounts/default/token")
.header(MetadataFlavor("Google".to_owned()))
.send();
match response {
Ok(response) => {
self.token = serde_json::from_reader(response)?;
return Ok(self.token.clone());
}
Err(new_error) => error = new_error,
}
}
Err(error.into())
}
}
``
from yup-oauth2.
Unfortunately I cannot comment on this, as I don't know exactly how this would be useful with oauth just because I am not aware of everything the protocol offers.
from yup-oauth2.
@cristicbz I sure find it interesting, even though I wouldn't have a use for it myself. What does @dermesser think about it?
from yup-oauth2.
Hey @cristicbz! Thanks for your proposal, I've been meaning to do it but am not a user of GCE myself (so it's down my priority list). The way you implemented it is definitely similar to how I would've done it. I'd be happy to accept it as addition to this project.
(that is, if @Byron is ok with such vendor-specific code in what is originally his work; although I'm definitely not innocent with regards to that either...)
from yup-oauth2.
I am totally fine with that, as I believe we should implement what people need. Given that yup-oauth2 is primarily used by the google-apis-rs project, I think it's alright to cater to google more than to others.
If other usecases show up, we can invest time to generalize once again.
from yup-oauth2.
ping, @cristicbz -- are you still interested in implementing this?
from yup-oauth2.
I have created a small bare bones impl of this and would requests comments/contributions on it before creating an pull request: https://github.com/braincow/yup-oauth2/tree/gcp_instance_metadata
from yup-oauth2.
@braincow thank you, this looks interesting! I'd encourage you to directly create a PR anyway, it's easier to see and evaluate the diff that way :)
from yup-oauth2.
@dermesser #156 here you go. Its a draft for now since I did not have time currently to properly go through the projects guidelines on opening pull requests. I hope you dont mind my haste :)
from yup-oauth2.
This is something I really want to see. I went ahead and rebased @braincow s draft onto the current master and fixed the failing tests in #164 .
from yup-oauth2.
nice work @ingwinlu! and thanks for updating/rebasing the code since I have been busy with other things to follow up on this. still would love to see this merged into yup-oauth2
from yup-oauth2.
@dermesser i think this and the original pr can be closed now.
from yup-oauth2.
I concur. The PR draft and subsequent updated PR by @ingwinlu are now merged so this feature is implemented.
from yup-oauth2.
Related Issues (20)
- Accept custom connectors HOT 2
- The DefaultHyperClient does not support http - Issue with metadata server authentication HOT 1
- Is there a way to stub authenticators? HOT 3
- Service account impersonation HOT 2
- Can we make the structs JSONToken & JSONTokens Public? HOT 2
- Custom redirect URI HOT 10
- [Question] - Get the signin link (custom message) HOT 1
- API improvements for Flows HOT 3
- HttpError occur during get token HOT 2
- Support for workload identity federation HOT 3
- PKCE
- Support for login_hint parameter
- Providing a RefreshToken for the AccessTokenAuthenticator HOT 1
- redirect_url to return String not &str HOT 4
- Method to retrieve the OAuth URL or opening the URL in the browser using the `open` crate HOT 1
- ADC Service Impersonation missing client_id HOT 2
- Upgrade to Hyper 1 HOT 2
- Is it possible to use static API key for simple usage HOT 1
- Latest release 10.0.0 does not compile HOT 2
- rustls panics when initializing DefaultConnection HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yup-oauth2.