Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AppEngineCredential depends on legacy bundled service #1384

Open
yonghaoy opened this issue Apr 11, 2024 · 4 comments
Open

AppEngineCredential depends on legacy bundled service #1384

yonghaoy opened this issue Apr 11, 2024 · 4 comments

Comments

@yonghaoy
Copy link

yonghaoy commented Apr 11, 2024
edited

Hello, we are upgrading GAE from Java 8 to 11 and also trying to get ride of legacy bundled service .

Here is how we generate default AccessToken today.

GoogleCredentials credentials = AppEngineCredentials.newBuilder().setScopes(scopes).setAppIdentityService(AppIdentityServiceFactory.getAppIdentityService()).build();

The reason we do it this way is because if using GoogleCredentials.getDefaulCredential, because the call to .createScoped will silently proceed by doing nothing?

Question:
1: How to use AppEngineCredentials without turning on legacy bundle? Because I get feature not enabled error when calling without turning it on
2: Do we still need to include appengine-sdk1.0 in our dependency? As those imports are there:

import com.google.appengine.api.appidentity.AppIdentityService;
import com.google.appengine.api.appidentity.AppIdentityService.GetAccessTokenResult;
import com.google.appengine.api.appidentity.AppIdentityServiceFactory;

Thanks
@yonghaoy
Copy link
Author

And why GoogleCredentials.getDefaulCredential does not work, I suspect it's related with
#1274

@yonghaoy yonghaoy changed the title AppendineCredential depends on legacy bundled service AppEngineCredential depends on legacy bundled service Apr 11, 2024
@yonghaoy yonghaoy mentioned this issue Apr 11, 2024
Merged
12 tasks
@arithmetic1728
Copy link
Collaborator

I guess you meant GoogleCredentials.getApplicationDefault method.

From the code, it looks like createScoped should work with GoogleCredentials.getApplicationDefault, if it returns an app engine credentials.

The getApplicationDefault code to get app engine cred:
https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L197-L199

App engine code to add scopes:
https://github.com/googleapis/google-auth-library-java/blob/main/appengine/java/com/google/auth/appengine/AppEngineCredentials.java#L94

For the Java specific question, I will leave it to our Java expert.

@yonghaoy
Copy link
Author

createScoped does not work after upgrading from 1.11 to 1.24. I suspect that is similar to #1274...

For now, we have to bring back legacy service and use the old way to get a token that with scopes.
https://github.com/all-of-us/workbench/blob/727be385a0c5b3895ddf8650c4900aef4875a278/api/src/main/java/org/pmiops/workbench/auth/ServiceAccounts.java#L39L53

@yonghaoy
Copy link
Author

Also for the code you pointed above: https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java#L197-L199
seems it only works for GAE 7 standard env? Is that right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yonghaoy @arithmetic1728