Skip to content

Crypto operations do not work with Application Default Credentials #1565

New issue
New issue
Closed
Closed
Crypto operations do not work with Application Default Credentials#1565
Assignees
stephenplusplus
Labels
api: storageIssues related to the Cloud Storage API.
@inlined

Description

@inlined
inlined
opened on Sep 5, 2016

Environment details

  • OS: Any (with application default credentials installed. E.g. GCE)
  • Node.js version: Any
  • npm version: Any
  • google-cloud-node version: Head

Steps to reproduce

  1. require google-cloud
  2. default initialize API
  3. Call getSignedUrl()

Expected: should work.
Actual: get error Failed to obtain signed URL for file { SigningError: Could not get credentials without a JSON, pem, or p12 keyfile}"

I took a bit of a dive into the code. google-cloud-node is using google-auto-auth, which is correctly returning the application default credential in this environment. Both getSignedPolicy and getSignedUrl call getCredential which only works if the developer provided a p12 or json service account file. Since Application Default Credentials are preferred where available, we should have a fallback to using authClient.getToken(). This can be used to call the signBlob API, which lets you do crypto with just an access token.

Metadata

Metadata

Assignees

Labels

api: storageIssues related to the Cloud Storage API.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions