Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove use of deprecated GoogleCredential class #81

Merged
merged 1 commit into from
Dec 2, 2020
Merged

Remove use of deprecated GoogleCredential class #81

merged 1 commit into from
Dec 2, 2020

Conversation

rtyley
Copy link
Member

@rtyley rtyley commented Nov 27, 2020
edited
Loading

What does this change?

This change is only related to the Google-Group-checking code in play-googleauth, which was using a deprecated class:

The com.google.api.client.googleapis.auth.oauth2.GoogleCredential class in https://github.com/googleapis/google-api-java-client was deprecated in May 2019 by googleapis/google-api-java-client#1258 ...the deprecation advice recommends using the classes from the new library: https://github.com/googleapis/google-auth-library-java

This commit switches to using the new com.google.auth.oauth2.ServiceAccountCredentials class from the
google-auth-library-oauth2-http artifact. Given this new class, our custom com.gu.googleauth.GoogleServiceAccount Scala case class is no longer necessary and I've removed it, in favour of the user passing us an instance of ServiceAccountCredentials - which is actually easier for a user to generate! Here's an example of how you make and use
an instance of the new credentials:

import org.apache.commons.io.Charsets.UTF_8
import org.apache.commons.io.IOUtils
import com.google.auth.oauth2.ServiceAccountCredentials
import com.gu.googleauth.GoogleGroupChecker

val impersonatedUser: String = ... // email address of the 'impersonated' account
val serviceAccountCert: String = ... // from Google Developers Console
val credentials  =
  ServiceAccountCredentials.fromStream(IOUtils.toInputStream(serviceAccountCert, UTF_8))

val groupChecker = new GoogleGroupChecker(impersonatedUser, credentials)

In Ophan, our old code to produce the custom com.gu.googleauth.GoogleServiceAccount instance actually invoked the now deprecated com.google.api.client.googleapis.auth.oauth2.GoogleCredential class - we'd been stuck on an old version of play-googleauth for some time because we have deprecation warnings set as fatal in our sbt build, and updating to later versions of play-googleauth would have meant accepting the updated google-api-client dependency where the class was fatally deprecated.

How to test

Using the https://github.com/guardian/ophan/pull/3974, I've checked that I can still login using the new code in play-googleauth.

@rtyley rtyley force-pushed the remove-use-of-deprecated-googlecredentials-class branch 7 times, most recently from 9a60553 to 0896395 Compare December 1, 2020 11:41
@rtyley
Remove use of deprecated GoogleCredential class
62fda67 
This change is only related to the Google-Group-checking code in
`play-googleauth`, which was using a deprecated class:

The `com.google.api.client.googleapis.auth.oauth2.GoogleCredential`
class in https://github.com/googleapis/google-api-java-client was
deprecated in May 2019 by googleapis/google-api-java-client#1258
...the deprecation advice recommends using the classes from the new
library: https://github.com/googleapis/google-auth-library-java

This commit switches to using the new
`com.google.auth.oauth2.ServiceAccountCredentials` class from the
`google-auth-library-oauth2-http` artifact. Given this new class, our
custom `com.gu.googleauth.GoogleServiceAccount` Scala case class is no
longer necessary, so has been deprecated, in favour of the user passing
us an instance of `ServiceAccountCredentials` - which is actually
easier for a user to generate! Here's an example of how you make and use
an instance of the new credentials:

```
import org.apache.commons.io.Charsets.UTF_8
import org.apache.commons.io.IOUtils
import com.google.auth.oauth2.ServiceAccountCredentials
import com.gu.googleauth.GoogleGroupChecker

val impersonatedUser: String = ... // email address of the 'impersonated' account
val serviceAccountCert: String = ... // from Google Developers Console
val credentials  =
  ServiceAccountCredentials.fromStream(IOUtils.toInputStream(serviceAccountCert, UTF_8))

val groupChecker = new GoogleGroupChecker(impersonatedUser, credentials)
```
@rtyley rtyley force-pushed the remove-use-of-deprecated-googlecredentials-class branch from 0896395 to 62fda67 Compare December 1, 2020 12:25
@rtyley rtyley requested a review from lmath December 1, 2020 12:44
@rtyley rtyley merged commit 5807001 into main Dec 2, 2020
@rtyley rtyley deleted the remove-use-of-deprecated-googlecredentials-class branch December 2, 2020 14:17
@rtyley rtyley mentioned this pull request Jul 23, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paulmr paulmr paulmr approved these changes

@lmath lmath Awaiting requested review from lmath

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rtyley @paulmr