You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
google: findDefaultCredentials fallback to well-known file only passes through when the file is not found. Consider falling through also when permission is denied.
#337
Open
michalklempa opened this issue
Oct 25, 2018
· 3 comments
In findDefaultCredentials, the 2nd fallback, when the credentials are searched in well known file.
The attempt is passed by if the file is not found. There exist at least one situation as we have found out, when the error permission denied is returned from OS and it would be useful to gracefully continue and try other authentication methods.
when the well known credentials file cannot be read for whatever reason, the code should log a warning and try next authentication method and only return the error when all available authentication methods failed (return composite error of all errors encountered?).
I'm not in favour of authentication code doing any kind of logging, but apart from that I don't have any sophisticated thoughts here. It seems like it would be nice to try all possible methods, though on the other hand changing the interface of the method (returning a composite error) seems like it might not be ideal.
In findDefaultCredentials, the 2nd fallback, when the credentials are searched in well known file.
The attempt is passed by if the file is not found. There exist at least one situation as we have found out, when the error permission denied is returned from OS and it would be useful to gracefully continue and try other authentication methods.
Steps to reproduce permission denied:
Desired behavior:
The code segment which is responsible for this behavior is https://github.com/golang/oauth2/blob/master/google/default.go#L55-L60:
Please consider keeping the
err
and only returning it on line https://github.com/golang/oauth2/blob/master/google/default.go#L80 when all other methods failed.Thanks.
The text was updated successfully, but these errors were encountered: