-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why google.auth.transport.secure_authorized_channel() needs a Request object? #239
Comments
Because some credential types must make an HTTP request to refresh themselves. |
This doesn't explain why the request object need to be provided by the caller, and why it cannot be optional. For example, the secure_authorized_channel() may create one inside it when such a request is not given. |
The request object has to be provided by the caller because google-auth is a low-level transport-agnostic library. It can not make the decision of which transport the calling code must use. Higher-level clients, such as google-cloud-python, can make that decision and generally wrap |
Thanks for the response. However, in the above link, a Request object is always created when creating a secure gRPC channel. It sounds better to put the creation of the Request object inside secure_authorized_channel() and make the request argument optional. |
It doesn't. See my previous comment:
|
Additionally, doing that would require a hard dependency on whichever request library (presumably Also, why are we litigating this? The library is 1.0. |
You can read more about how transports work here: https://google-auth.readthedocs.io/en/latest/user-guide.html#making-authenticated-requests |
Both secure_authorized_channel() and google.auth.transport.requests.Request are in the same lib. I don't see why secure_authorized_channel() cannot use it as the default when user don't want to provide one. |
Because that module may not be importable (see my comment above). |
Again, I implore you to review the resources in #239 (comment). This library has no dependencies on any specific HTTP library and support several options. |
It does, as pointed out by @lukesneeringer 's previous comment. It tries to import the requests package. |
If we haven't done a good job of explaining this, I apologize: This library is low-level. It provides no defaults for transports. It can not and will not ever do so. It's a core design decision discussed in detail in #1 and #15 based on extraordinarily difficult lessons learned during maintenance of There are multiple downstream users of this library and it's entirely possible that every transport option ( To put this even more plainly: Whatever your use case is, if you're asking for this you are interacting with the wrong level. The level you are likely after is |
Thanks a lot for the explanation, really appreciate to share the stories back that decision, however I'm not convinced. Those client libraries can always explicitly specify the http client. Here's my story, if someone use a gRPC client generated from the protos published in googleapis/googleapis, even when they installed the requests module, they have to create boilerplate code to create a request object to create a secure channel, like: Note, they cannot use google.api_core as they use gRPC directly. When requests module get installed, they should be able to simply do this: |
That's okay, as your use case is not an intended target for this library.
It's not that much boilerplate, honestly.
Yes they can, from google.api_core import grpc_helpers
channel = grpc_helpers.create_channel('datastore.googleapis.com') |
When using google.auth.transport.secure_authorized_channel(), I have to specify a Request() object. Why it's required?
The text was updated successfully, but these errors were encountered: