Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ServiceAccountCredential on .NET Core #797

Closed
henkmollema opened this issue Aug 4, 2016 · 16 comments
Closed

ServiceAccountCredential on .NET Core #797

henkmollema opened this issue Aug 4, 2016 · 16 comments
Assignees
@chrisdunelm

Comments

@henkmollema
Copy link

henkmollema commented Aug 4, 2016
edited

Are there any plans on supporting server-to-server access to Google API's using the ServiceAccountCredential class on .NET Core (including Linux)?

Currently it's still not available due to RSACryptoServiceProvider not being available on Linux (see this).

I understand this is problematic since RSACryptoServiceProvider is part of the public API, but I still hope a solution can be found.

Related: #695, #758
@henkmollema henkmollema mentioned this issue Aug 4, 2016
Closed
@chrisdunelm
Copy link
Contributor

System.Security.Cryptography.Cng is not available on Linux, so an alternative RSA implementation will need finding/writing.

@henkmollema
Copy link
Author

henkmollema commented Aug 9, 2016
edited

@chrisdunelm there is an OpenSSL implementation: https://www.nuget.org/packages/System.Security.Cryptography.OpenSsl. I've been using it to call Google API's succesfully using an X509 certificate.

@chrisdunelm
Copy link
Contributor

chrisdunelm commented Aug 9, 2016
edited

Unfortunately System.Security.Cryptography.OpenSsl requires netstandard >=1.6, whereas we're targetting netstanard1.3, so we can't use this unless we re-target.

chrisdunelm added a commit to chrisdunelm/google-api-dotnet-client that referenced this issue Aug 11, 2016
@chrisdunelm
NetStandard improvements
6565630 
Support ServiceAccountCredentials in netstandard, although without initialization from X509 certificate. Fixes googleapis#797.

googleapis#805 adds tests for valid AccessToken from ServiceAccountCredential.

Fixed signing in netstandard builds so InternalsVisibleTo now works. Enabled all tests in netstandard that previously were disabled due to internal access.
@chrisdunelm chrisdunelm mentioned this issue Aug 11, 2016
Merged
chrisdunelm added a commit to chrisdunelm/google-api-dotnet-client that referenced this issue Aug 11, 2016
@chrisdunelm
NetStandard improvements
e711230 
Support ServiceAccountCredentials in netstandard, although without initialization from X509 certificate. Fixes googleapis#797.

Fixed signing in netstandard builds so InternalsVisibleTo now works. Enabled all tests in netstandard that previously were disabled due to internal access.
chrisdunelm added a commit that referenced this issue Aug 11, 2016
@chrisdunelm
NetStandard improvements (#806)
b98d1e3 
* NetStandard improvements

Support ServiceAccountCredentials in netstandard, although without initialization from X509 certificate. Fixes #797.

#805 adds tests for valid AccessToken from ServiceAccountCredential.

Fixed signing in netstandard builds so InternalsVisibleTo now works. Enabled all tests in netstandard that previously were disabled due to internal access.
@henkmollema
Copy link
Author

@chrisdunelm why no support for the FromCertificate method in .NET Standard? The implementation is pretty straightforward:

Just call the GetRSAPrivateKey() extension method on the X509Certificate2 which returns an RSA instance.

Key = certificate.GetRSAPrivateKey();

@chrisdunelm
Copy link
Contributor

@henkmollema Yes, the implementation is straightforward, but I'm not sure if the returned RSA instance will be supported on non-Windows platforms (Linux), and I haven't yet implemented the test that would ensure it's OK. If you can work out how to add a netstandard1.3 test of X509Certificate in ServiceAccountCredentialTests.cs please let me know :)

@chrisdunelm
Copy link
Contributor

Created #807 for X509Certificate initialization.

@ghost
Copy link

ghost commented Aug 22, 2016

Hi @henkmollema
a .NET Core newbie question: Do you know why this doesn't work even if I'm targeting net452 on project.json? As I understand this would use the full framework and Windows APIs, no? I'm using the GoogleCredential.FromStream and I get the Service Account credentials are not supported in .NET Core. exception 😞

@chrisdunelm
Copy link
Contributor

@nicolocodev Exactly which Google library(s) and version are you depending on?

@ghost
Copy link

ghost commented Aug 22, 2016

@chrisdunelm my project.json looks like:

  "frameworks": {
    "net452": {
      "dependencies":{
        "Google.Apis.Vision.v1" : "1.15.0.572"        
      }
    }
  }

@chrisdunelm
Copy link
Contributor

@nicolocodev odd, yes, I would expect it to use the full net45 library in the Google.Apis.Auth package. Please can you update to version 1.16.0.593 (the latest version) and restore/build again and let me know what happens?
Thanks.

@LindaLawton
Copy link
Collaborator

I agree it's odd. Mind posting your Auth code as well?

@ghost
Copy link

ghost commented Aug 22, 2016

@chrisdunelm updated, now it works!

@chrisdunelm
Copy link
Contributor

Great :) Glad to hear it.

@ghost
Copy link

ghost commented Aug 22, 2016

umm but now works on netcoreapp1.0 also.

@chrisdunelm
Copy link
Contributor

@nicolocodev yes, support has been added for service credentials on .NET Core in the 1.16.0 release. Is this causing a problem?

@ghost
Copy link

ghost commented Aug 22, 2016

No, it works well, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chrisdunelm chrisdunelm

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chrisdunelm @henkmollema @LindaLawton