feat: port GDCH credentials support to Node.js Auth SDK#8301
feat: port GDCH credentials support to Node.js Auth SDK#8301macastelaz wants to merge 2 commits into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces the GdchClient to support Google Distributed Cloud Hosted (GDCH) credentials, including token exchange logic using JWT assertions and integration into the GoogleAuth class. Feedback focuses on optimizing performance by using asynchronous file operations for CA certificates and replacing new Date().getTime() with Date.now() for consistency.
| const ca = fs.readFileSync(this.caCertPath); | ||
| requestOpts.agent = new https.Agent({ ca }); |
There was a problem hiding this comment.
Using fs.readFileSync in an async method blocks the event loop. It is recommended to use the asynchronous fs.promises.readFile instead. Additionally, consider caching the https.Agent or the CA certificate buffer to avoid re-reading the file and re-creating the agent on every token refresh.
| const ca = fs.readFileSync(this.caCertPath); | |
| requestOpts.agent = new https.Agent({ ca }); | |
| const ca = await fs.promises.readFile(this.caCertPath); | |
| requestOpts.agent = new https.Agent({ ca }); |
| }; | ||
|
|
||
| if (tokenResponse.expires_in) { | ||
| tokens.expiry_date = new Date().getTime() + tokenResponse.expires_in * 1000; |
There was a problem hiding this comment.
Use Date.now() instead of new Date().getTime() for better performance and consistency with other parts of the file (e.g., line 223).
| tokens.expiry_date = new Date().getTime() + tokenResponse.expires_in * 1000; | |
| tokens.expiry_date = Date.now() + tokenResponse.expires_in * 1000; |
…opics. 1) Async CA file reading 2) Token response validation 3) Option synchronization and 4) Expanded unit test coverage.
1 participant
Add support for GDCH Credentials to the Node.js Auth SDK
Fixes #8289