Merge branch 'main' into awsfix

samples/idTokenFromServiceAccount.js

@@ -35,16 +35,18 @@ function main(targetAudience, jsonCredentialsPath) {
   // are described here:
   // https://cloud.google.com/docs/authentication/external/set-up-adc
 
-  const {auth} = require('google-auth-library');
-  const jsonConfig = require(jsonCredentialsPath);
+  const {GoogleAuth} = require('google-auth-library');
+  const credentials = require(jsonCredentialsPath);
 
   async function getIdTokenFromServiceAccount() {
-    const client = auth.fromJSON(jsonConfig);
+    const auth = new GoogleAuth({credentials});
+
+    // Get an ID token client.
+    // The client can be used to make authenticated requests or you can use the
+    // provider to fetch an id token.
+    const client = await auth.getIdTokenClient(targetAudience);
+    await client.idTokenProvider.fetchIdToken(targetAudience);
 
-    // Get the ID token.
-    // Once you've obtained the ID token, use it to make an authenticated call
-    // to the target audience.
-    await client.fetchIdToken(targetAudience);
     console.log('Generated ID token.');
   }
 

src/auth/googleauth.ts

@@ -29,7 +29,11 @@ import {IdTokenClient} from './idtokenclient';
 import {GCPEnv, getEnv} from './envDetect';
 import {JWT, JWTOptions} from './jwtclient';
 import {Headers, OAuth2ClientOptions, RefreshOptions} from './oauth2client';
-import {UserRefreshClient, UserRefreshClientOptions} from './refreshclient';
+import {
+  UserRefreshClient,
+  UserRefreshClientOptions,
+  USER_REFRESH_ACCOUNT_TYPE,
+} from './refreshclient';
 import {
   Impersonated,
   ImpersonatedOptions,
@@ -569,16 +573,12 @@ export class GoogleAuth<T extends AuthClient = JSONClient> {
    */
   fromJSON(
     json: JWTInput | ImpersonatedJWTInput,
-    options?: RefreshOptions
+    options: RefreshOptions = {}
   ): JSONClient {
     let client: JSONClient;
-    if (!json) {
-      throw new Error(
-        'Must pass in a JSON object containing the Google auth settings.'
-      );
-    }
+
     options = options || {};
-    if (json.type === 'authorized_user') {
+    if (json.type === USER_REFRESH_ACCOUNT_TYPE) {
       client = new UserRefreshClient(options);
       client.fromJSON(json);
     } else if (json.type === IMPERSONATED_ACCOUNT_TYPE) {
@@ -609,26 +609,8 @@ export class GoogleAuth<T extends AuthClient = JSONClient> {
     json: JWTInput,
     options?: RefreshOptions
   ): JSONClient {
-    let client: JSONClient;
-    // create either a UserRefreshClient or JWT client.
-    options = options || {};
-    if (json.type === 'authorized_user') {
-      client = new UserRefreshClient(options);
-      client.fromJSON(json);
-    } else if (json.type === IMPERSONATED_ACCOUNT_TYPE) {
-      client = this.fromImpersonatedJSON(json as ImpersonatedJWTInput);
-    } else if (json.type === EXTERNAL_ACCOUNT_TYPE) {
-      client = ExternalAccountClient.fromJSON(
-        json as ExternalAccountClientOptions,
-        options
-      )!;
-      client.scopes = this.getAnyScopes();
-    } else {
-      (options as JWTOptions).scopes = this.scopes;
-      client = new JWT(options);
-      this.setGapicJWTValues(client);
-      client.fromJSON(json);
-    }
+    const client = this.fromJSON(json, options);
+
     // cache both raw data used to instantiate client and client itself.
     this.jsonContent = json;
     this.cachedCredential = client;

src/auth/refreshclient.ts

@@ -16,6 +16,8 @@ import * as stream from 'stream';
 import {JWTInput} from './credentials';
 import {GetTokenResponse, OAuth2Client, RefreshOptions} from './oauth2client';
 
+export const USER_REFRESH_ACCOUNT_TYPE = 'authorized_user';
+
 export interface UserRefreshClientOptions extends RefreshOptions {
   clientId?: string;
   clientSecret?: string;