You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the docs/implementation of google.auth.default() the check for GOOGLE_APPLICATION_CREDENTIALS occurs first, before checking the various metadata services.
In the docs/implementation of google.oauth2.id_token.fetch_id_token the check for GOOGLE_APPLICATION_CREDENTIALS occurs second, after checking the various metadata services. There are other inconsistencies, like no mention of application-default-credentials, but the ENV variable stands out.
I'm guessing fetch_id_token should use the lookup sequence that default uses, as that one appears consistent with what is described in the gcp docs.
Possibly solved if this is solved: #590 (Generate id_token from default credentials)
The text was updated successfully, but these errors were encountered:
Also fwiw, in #590 there is a link to airflow where it looks like they do something very similar to what google.auth.default() does, but results in IDTokenCredentials objects. Might be a good reference point for this.
I think maybe we can introduce a new method to create an id token credentials out of the default credentials, for instance, def create_id_token_credentials(creds, audience), so users can do:
Environment details
google-auth
version: 1.27.0Steps to reproduce
Please double check but looks like...
In the docs/implementation of
google.auth.default()
the check forGOOGLE_APPLICATION_CREDENTIALS
occurs first, before checking the various metadata services.In the docs/implementation of
google.oauth2.id_token.fetch_id_token
the check forGOOGLE_APPLICATION_CREDENTIALS
occurs second, after checking the various metadata services. There are other inconsistencies, like no mention of application-default-credentials, but the ENV variable stands out.I'm guessing
fetch_id_token
should use the lookup sequence thatdefault
uses, as that one appears consistent with what is described in the gcp docs.Possibly solved if this is solved: #590 (Generate id_token from default credentials)
The text was updated successfully, but these errors were encountered: