Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate using ServiceAccountJwtAccessCredentials vs ServiceAccountCredentials #1459

Open
lqiu96 opened this issue Aug 7, 2024 · 0 comments
Open

Investigate using ServiceAccountJwtAccessCredentials vs ServiceAccountCredentials #1459

lqiu96 opened this issue Aug 7, 2024 · 0 comments
Assignees
@zhumin8
Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@lqiu96
Copy link
Contributor

lqiu96 commented Aug 7, 2024
edited by zhumin8
Loading

Issue stemmed from b/354698601

ServiceAccountJwtAccessCredentials may be setting the incorrect audience (not the default audience that is passed in to the Credentials). It may be using the URI for the http request instead of the shortened URI.

For example, the audience from this sample: https://cloud.google.com/bigquery/docs/json-web-tokens#java_example is https://bigquery.googleapis.com/bigquery/v2/... instead of https://bigquery.googleapis.com/. Previous attempts to use the shortened URI resulted in downstream failures in Spring-Cloud-GCP and java samples(see comments in #572).

Our guidance is to use ServiceAccountCredentials with SSJWT whenever possible.

Scope

  1. Investigate the use cases of ServiceAccountJwtAccessCredentials
  2. Try to migrate any samples + recommendations of ServiceAccountJwtAccessCredentials to ServiceAccountCredentials with SSJWT
  3. Try to patch ServiceAccountJwtAccessCredentials to use the correct audience

edits:
by @zhumin8 Minor corrections and provided more context links.
@lqiu96 lqiu96 added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p2 Moderately-important priority. Fix may not be included in next release. labels Aug 7, 2024
@zhumin8 zhumin8 mentioned this issue Aug 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zhumin8 zhumin8

Labels
priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zhumin8 @lqiu96