Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always set the GoogleCredential JWT audience to the Google Cloud OAuth2 Token Server #822

Merged
merged 1 commit into from
Jul 16, 2022
Merged

Always set the GoogleCredential JWT audience to the Google Cloud OAuth2 Token Server #822

merged 1 commit into from
Jul 16, 2022

Conversation

KoopaKing
Copy link

Ensure that we don't set the audience to the token server URI when the URI is overridden, such as when proxying the requests or using private service connect. This behavior causes requests to be rejected with the error:

400 Bad Request
POST
{
  "error" : "invalid_grant",
  "error_description" : "Invalid JWT: Failed audience check."
}

This corresponds to the this pull request in the google-auth-java library.

Note that this is not required for 3.x branches which use google-auth-java.

@KoopaKing
Copy link
Author

/gcbrun

@KoopaKing
Always set the audience to the Google Cloud OAuth2 Token Server
35c7322 
Ensure that we don't set the audience to the token server URI when the
URI is overridden, such as when proxying the requests or using private
service connect.
@KoopaKing
Copy link
Author

/gcbrun

@KoopaKing KoopaKing requested a review from medb July 14, 2022 15:58
@codecov
Copy link

codecov bot commented Jul 14, 2022
edited

Codecov Report

Merging #822 (35c7322) into branch-2.2.x (cccaeff) will decrease coverage by 0.06%.
The diff coverage is 0.00%.

@@                Coverage Diff                 @@
##             branch-2.2.x     #822      +/-   ##
==================================================
- Coverage           80.12%   80.06%   -0.07%     
+ Complexity           2136     2134       -2     
==================================================
  Files                 148      148              
  Lines                9693     9693              
  Branches             1124     1124              
==================================================
- Hits                 7767     7761       -6     
- Misses               1457     1462       +5     
- Partials              469      470       +1
Flag Coverage Δ
hadoop2integrationtest 59.65% <0.00%> (-0.21%) ⬇️
hadoop2unittest 68.29% <0.00%> (-0.03%) ⬇️
hadoop3integrationtest 59.91% <0.00%> (+0.12%) ⬆️
hadoop3unittest 68.32% <0.00%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...om/google/cloud/hadoop/util/CredentialFactory.java 72.32% <0.00%> (ø)
...loud/hadoop/gcsio/cooplock/CoopLockRecordsDao.java 87.19% <0.00%> (-1.22%) ⬇️
...gle/cloud/hadoop/gcsio/GoogleCloudStorageImpl.java 87.18% <0.00%> (-0.39%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cccaeff...35c7322. Read the comment docs.

@medb medb merged commit e7c631e into GoogleCloudDataproc:branch-2.2.x Jul 16, 2022
@KoopaKing KoopaKing mentioned this pull request Jul 17, 2022
Closed
mayanks pushed a commit to mayanks/hadoop-connectors that referenced this pull request Aug 3, 2022
@KoopaKing
Always set the audience to the Google Cloud OAuth2 Token Server (Goog…
6b7fbb4 
…leCloudDataproc#822)

Ensure that we don't set the audience to the token server URI when the
URI is overridden, such as when proxying the requests or using private
service connect.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@medb medb medb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@KoopaKing @medb