Add Google Bearer Token Flow #378
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Not sure if what you mentioned above is the cause of this (cayenne) or will block me from implementing the advised remedy when I transition to Manzano: https://discord.com/channels/896185694857343026/1197596414541303848 |
|
do we still need this @glitch003 ? |
|
Closing for now due to inactivity. cc @glitch003 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update: AuthMethod 5 - "Google" is broken on the nodes too. so, this PR is kind of pointless.
Original description:
Ok so apologies since this is kind of confusing.
We support 2 google auth methods:
5 - "Google" - Traditional Bearer Token Oauth. The nodes resolve and verify the access token by sending it to google and using the response from Google
6 - "GoogleJwt" - JWT token auth. The nodes resolve the data in the token by parsing the JWT. The nodes verify the access token by retrieving the google certificates and checking against them.
Right now on Habanero and Manzano, 6 - "GoogleJwt" is broken, because the folder that should hold the google certificates doesn't exist and the node wasn't programmed to create it. This is already fixed in the node, but those changes haven't been deployed yet.
5 - "Google" should still work though! So, we can either deploy a whole network upgrade to fix auth method 6 - "GoogleJwt", or we can try and get users to use auth method 5 - "Google"
This PR is an attempt at adding support for auth method 5 - "Google". We've only ever implemented auth method 6 - "GoogleJwt" in the SDK since it's more efficient and better for the nodes to use this auth method. So therefore, when the user asks for an auth provider of type "google" it actually uses auth method 6 - "GoogleJwt".
I don't want to break this for existing users, so instead I added two new ProviderTypes: "googleJwt" which uses auth method 6 - "GoogleJwt" and"googleBearer" which uses auth method 5 - "Google". ProviderType "google" still maps to 6 - "GoogleJwt" which retains backward compatibility, but is indeed confusing.