-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable project to be set for ADC credential object #1190
Comments
Basically, proposed solution to this problem is to allow a user of googleapiclient to provide some explicit project override instead of retrieving from the client id specified in the credential object OR to explicitly support ADC, e.g. parse the credential object, sensitive to when it is in fact an impersonated service account and extract the project id from the service account information instead of the oauth2 client. |
Actually, I am closing this issue because this is possible since googleapiclient provided explicit support for |
As per the excellent write up @ https://medium.com/google-cloud/google-oauth-credential-going-deeper-the-hard-way-f403cf3edf9d, you can't effectively use application default credentials with the googleapiclient library because
gcloud auth application default login
uses some internal google cloud project client id which the credential object within thegoogle.auth
library then extracts the project from, instead of the quota_project_id.I assume this is for some technical reason - e.g. there's still actually a client id that is used for exchanging various tokens etc. but it is super unfortunate because it renders ADC effectively useless with googleapiclient. Curiously, the same problem doesn't exist with
gcloud
libraries.The only workaround is to explicitly pass a custom client id file;
gcloud auth application default login --client-id-file ...
, as described by the medium article. But then I'm having to share out the client id file amongst my developers which I want to avoid.The text was updated successfully, but these errors were encountered: