You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As I work in #5915 it is clear that I will need good logging for credentials (see #3429) and I don't want to repeat the code to cache credentials either.
Using a decorator seems like a better solution, but we need to change some signatures (these are Okay, they are in *_internal namespaces).
Overview
The g::c::oauth2_credentials::Credentials class will change from:
// Already existing ... just a reminder for this bugstructgoogle::cloud::internal::AccessToken {
std::string token; // empty for anonymous credentials
std::chrono::system_clock::time_point expiration;
};
classgoogle::cloud::oauth2_internal::Credentials {
public:virtual StatusOr<internal::AccessToken> GetToken(std::chrono::system_clock::time_point now) = 0;
};
Returning an access token makes it possible to log the returned token (truncated for security reasons) and its expiration time. Passing in the current time makes it easier to test the implementation.
Work Breakdown
I am planning to
Introduce the GetToken() function and a caching decorator
Change the existing functions returning g::c::oauth2_internal::RefreshingCredentialsWrapper::TemporaryToken to return internal::AccessToken
Change the existing classes, remove AuthorizationHeader() and the custom caching loops
Add a logging decorator for credentials, enabled only if some tracing component is present (auth?)
Future Work
There may be some opportunities to add a type field to AccessToken. Normally this would be Bearer, but could be None or some other magical string to indicate the credentials are anonymous.
We may consider a different tracing component to enable low-level (HTTP headers and traffic) for auth requests.
The text was updated successfully, but these errors were encountered:
As I work in #5915 it is clear that I will need good logging for credentials (see #3429) and I don't want to repeat the code to cache credentials either.
Using a decorator seems like a better solution, but we need to change some signatures (these are Okay, they are in
*_internal
namespaces).Overview
The
g::c::oauth2_credentials::Credentials
class will change from:to:
Returning an access token makes it possible to log the returned token (truncated for security reasons) and its expiration time. Passing in the current time makes it easier to test the implementation.
Work Breakdown
I am planning to
GetToken()
function and a caching decoratorg::c::oauth2_internal::RefreshingCredentialsWrapper::TemporaryToken
to returninternal::AccessToken
AuthorizationHeader()
and the custom caching loopsg::c::oauth2_internal::RefreshingCredentialsWrapper
auth
?)Future Work
There may be some opportunities to add a
type
field toAccessToken
. Normally this would beBearer
, but could beNone
or some other magical string to indicate the credentials are anonymous.We may consider a different tracing component to enable low-level (HTTP headers and traffic) for
auth
requests.The text was updated successfully, but these errors were encountered: