Conversation
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* fix: external account user cred universe domain support * refactor --------- Co-authored-by: Jin <qinjin@google.com>
feat: Add optional non blocking refresh for sync auth code
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* fix: Ensure that refresh worker is pickle-able.
🤖 I have created a release *beep* *boop* --- ## [2.26.1](https://togithub.com/googleapis/google-auth-library-python/compare/v2.26.0...v2.26.1) (2024-01-03) ### Bug Fixes * Ensure that refresh worker is pickle-able. ([#1447](https://togithub.com/googleapis/google-auth-library-python/issues/1447)) ([421c184](https://togithub.com/googleapis/google-auth-library-python/commit/421c184ff4654024afe3e64754318a6be0cc96fc)) --- This PR was generated with [Release Please](https://togithub.com/googleapis/release-please). See [documentation](https://togithub.com/googleapis/release-please#release-please).
* chore: refresh sys test cred * fix: read universe_domain for external account authorized user * update test json file * update
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
…he caller. (#1456) This resolves https://togithub.com/googleapis/google-auth-library-python/issues/1455. The repo-wide pattern is to only import the requests module at runtime as a fallback.
…s. (#1458) * feat: Add optional account association for Authorized User credentials. * chore: Refresh system test creds. * Fix two missed constructors.
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* chore: refresh sys test cred * test: add mds universe domain test for empty response
* chore: update token * chore: token update
* feat: adding universe domain support for downscroped credentials * fix lint * address comments * Update tests/test_downscoped.py Co-authored-by: Leo <39062083+lsirac@users.noreply.github.com> --------- Co-authored-by: Leo <39062083+lsirac@users.noreply.github.com>
* fix: make requests import conditional for gce universe domain * remove if for creating request object * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com>
* fix: Typo when setting the state for the pickle deserializer.
* chore(main): release 2.28.1 --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Carl Lundin <clundin@google.com>
Add new required dependency to test constraints, to ensure minimum versions are tested Also, moved constraints file to 3.8, since 3.7 is no longer supported
PR created by the Librarian CLI to initialize a release. Merging this PR will auto trigger a release. Librarian Version: v1.0.1 Language Image: us-central1-docker.pkg.dev/cloud-sdk-librarian-prod/images-prod/python-librarian-generator@sha256:b8058df4c45e9a6e07f6b4d65b458d0d059241dd34c814f151c8bf6b89211209 <details><summary>google-auth: 2.48.0</summary> ## [2.48.0](googleapis/google-auth-library-python@v2.47.0...v2.48.0) (2026-01-21) ### Features * honor `NO_GCE_CHECK` environment variable (#1610) ([383c9827](googleapis/google-auth-library-python@383c9827)) * add configurable GCE Metadata Server retries (#1488) ([454b441b](googleapis/google-auth-library-python@454b441b)) * add cryptography as required dependency (#1929) ([52558ae2](googleapis/google-auth-library-python@52558ae2)) * Support the mTLS IAM domain for Certificate based Access (#1938) ([8dcf91a1](googleapis/google-auth-library-python@8dcf91a1)) ### Bug Fixes * resolve circular imports (#1942) ([25c1b064](googleapis/google-auth-library-python@25c1b064)) * Use `user_verification=preferred` for ReAuth WebAuthn challenge (#1798) ([3f88a240](googleapis/google-auth-library-python@3f88a240)) * removes `content-header` from AWS IMDS get request (#1934) ([97bfea9e](googleapis/google-auth-library-python@97bfea9e)) * detect correct auth when ADC env var is set but empty (#1374) ([bfc07e10](googleapis/google-auth-library-python@bfc07e10)) * replace deprecated utcfromtimestamp (#1799) ([e431f20c](googleapis/google-auth-library-python@e431f20c)) </details>
…bled (#1945) `CLOUDSDK_CONTEXT_AWARE_USE_CLIENT_CERTIFICATE` is another endpoint that can be set in Gcloud CLI to enable Certificate Based Access. We should support it as well.
…#1956) This PR introduces the google.auth.aio.transport.mtls module, providing asynchronous helper methods for mTLS certificate discovery [go/caa:x509-async-support](http://goto.google.com/caa:x509-async-support). These helpers are designed to be for x.509 certs discovery and non-blocking, ensuring that disk I/O operations are async during mTLS handshake process. Plus, added unit tests respectively for the helper functions. Please note: Only x.509 creds are in scope of this project currently. Context aware or ECP credentials are not in scope of this project currently. Next Steps: Will create a followup PR will that will utilize these helpers to implement `configure_mtls_channel` within the `AsyncAuthorizedSession` class. --------- Signed-off-by: Radhika Agrawal <agrawalradhika@google.com>
This PR replaces @googleapis/aion-sdk and @googleapis/python-core-client-libraries with their updated team names. b/478003109
…x retries) in AsyncAuthorizedSession (#1961) b/485304839 --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
…-auth (#1959) This pull request introduces support for Mutual TLS (mTLS) in the asynchronous transport layer of the google-auth library. It enables AsyncAuthorizedSession to automatically discover and utilize client certificates for secure communication with Google Cloud APIs. See [go/caa:x509-async-support](http://goto.google.com/caa:x509-async-support) for details. Please note: Only x.509 creds are in scope of this project currently. Context aware or ECP credentials are not in scope of this project currently. This PR is second part of googleapis/google-auth-library-python#1956 --------- Signed-off-by: Radhika Agrawal <agrawalradhika@google.com>
Automated: Migrate {target_path} from gsutil to gcloud storage
This CL is part of the on going effort to migrate from the legacy
`gsutil` tool to the new and improved `gcloud storage` command-line
interface.
`gcloud storage` is the recommended and modern tool for interacting with
Google Cloud Storage, offering better performance, unified
authentication, and a more consistent command structure with other
`gcloud` components. 🚀
### Automation Details
This change was **generated automatically** by an agent that targets
users of `gsutil`.
The transformations applied are based on the [gsutil to gcloud storage
migration guide](http://go/gsutil-gcloud-storage-migration-guide).
### ⚠️ Action Required: Please Review and Test Carefully
While we have based the automation on the migration guide, every use
case is unique.
**It is crucial that you thoroughly test these changes in environments
appropriate to your use-case before merging.**
Be aware of potential differences between `gsutil` and `gcloud storage`
that could impact your workflows.
For instance, the structure of command output may have changed,
requiring updates to any scripts that parse it. Similarly, command
behavior can differ subtly; the `gcloud storage rsync` command has a
different file deletion logic than `gsutil rsync`, which could lead to
unintended file deletions.
Our migration guides can help guide you through a list of mappings and
some notable differences between the two tools.
Standard presubmit tests are run as part of this CL's workflow. **If you
need to target an additional test workflow or require assistance with
testing, please let us know.**
Please verify that all your Cloud Storage operations continue to work as
expected to avoid any potential disruptions in production.
### Support and Collaboration
The `GCS CLI` team is here to help! If you encounter any issues, have a
complex use case that this automated change doesn't cover, or face any
other blockers, please don't hesitate to reach out.
We are happy to work with you to test and adjust these changes as
needed.
**Contact:** `gcs-cli-hyd@google.com`
We appreciate your partnership in this important migration effort!
#gsutil-migration
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
Co-authored-by: Daniel Sanche <sanche@google.com>
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [google-auth](https://redirect.github.com/googleapis/google-auth-library-python) | `==2.47.0` → `==2.48.0` |  |  | | [google-cloud-compute](https://redirect.github.com/googleapis/google-cloud-python/tree/main/packages/google-cloud-compute) ([source](https://redirect.github.com/googleapis/google-cloud-python)) | `==1.42.0` → `==1.43.0` |  |  | | [google-cloud-storage](https://redirect.github.com/googleapis/python-storage) | `==3.8.0` → `==3.9.0` |  |  | --- ### Release Notes <details> <summary>googleapis/google-auth-library-python (google-auth)</summary> ### [`v2.48.0`](https://redirect.github.com/googleapis/google-auth-library-python/blob/HEAD/CHANGELOG.md#2480-2026-01-22) [Compare Source](https://redirect.github.com/googleapis/google-auth-library-python/compare/v2.47.0...v2.48.0) ##### Features - add cryptography as required dependency ([#​1929](https://redirect.github.com/googleapis/google-auth-library-python/issues/1929)) ([52558ae2881b1e6555f6f5c0d76365c15807ead9](https://redirect.github.com/googleapis/google-auth-library-python/commit/52558ae2881b1e6555f6f5c0d76365c15807ead9)) - Support the mTLS IAM domain for Certificate based Access ([#​1938](https://redirect.github.com/googleapis/google-auth-library-python/issues/1938)) ([8dcf91a1b05c85fbbd0bcee78d66e498099102ab](https://redirect.github.com/googleapis/google-auth-library-python/commit/8dcf91a1b05c85fbbd0bcee78d66e498099102ab)) - add configurable GCE Metadata Server retries ([#​1488](https://redirect.github.com/googleapis/google-auth-library-python/issues/1488)) ([454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37](https://redirect.github.com/googleapis/google-auth-library-python/commit/454b441b478ec62bbf1a6ad5bceb6c7cbbfd0c37)) - honor `NO_GCE_CHECK` environment variable ([#​1610](https://redirect.github.com/googleapis/google-auth-library-python/issues/1610)) ([383c9827536d9376e8248370ce4c2b83e468d027](https://redirect.github.com/googleapis/google-auth-library-python/commit/383c9827536d9376e8248370ce4c2b83e468d027)) ##### Bug Fixes - resolve circular imports ([#​1942](https://redirect.github.com/googleapis/google-auth-library-python/issues/1942)) ([25c1b064545702cbef087cfcd15fbbb6ef1af74f](https://redirect.github.com/googleapis/google-auth-library-python/commit/25c1b064545702cbef087cfcd15fbbb6ef1af74f)) - removes `content-header` from AWS IMDS get request ([#​1934](https://redirect.github.com/googleapis/google-auth-library-python/issues/1934)) ([97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc](https://redirect.github.com/googleapis/google-auth-library-python/commit/97bfea9e02ede953fc8ee154e0deed3a3cfc6dcc)) - detect correct auth when ADC env var is set but empty ([#​1374](https://redirect.github.com/googleapis/google-auth-library-python/issues/1374)) ([bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2](https://redirect.github.com/googleapis/google-auth-library-python/commit/bfc07e1050bd0aa86fa3b08cdf70c9b68b5fe6a2)) - replace deprecated utcfromtimestamp ([#​1799](https://redirect.github.com/googleapis/google-auth-library-python/issues/1799)) ([e431f20cf73ccac71926a23ec454468cea92e053](https://redirect.github.com/googleapis/google-auth-library-python/commit/e431f20cf73ccac71926a23ec454468cea92e053)) - Use `user_verification=preferred` for ReAuth WebAuthn challenge ([#​1798](https://redirect.github.com/googleapis/google-auth-library-python/issues/1798)) ([3f88a24089c4ee6822d510de0db210b54260d873](https://redirect.github.com/googleapis/google-auth-library-python/commit/3f88a24089c4ee6822d510de0db210b54260d873)) </details> <details> <summary>googleapis/google-cloud-python (google-cloud-compute)</summary> ### [`v1.43.0`](https://redirect.github.com/googleapis/google-cloud-python/releases/tag/google-cloud-compute-v1.43.0): google-cloud-compute 1.43.0 [Compare Source](https://redirect.github.com/googleapis/google-cloud-python/compare/google-cloud-compute-v1.42.0...google-cloud-compute-v1.43.0) ##### Features - Update Compute Engine v1 API to revision [`2025123`](https://redirect.github.com/googleapis/google-cloud-python/commit/20251230) ([#​1144](https://redirect.github.com/googleapis/google-cloud-python/issues/1144)) ([e2fea25](https://redirect.github.com/googleapis/google-cloud-python/commit/e2fea25d)) </details> <details> <summary>googleapis/python-storage (google-cloud-storage)</summary> ### [`v3.9.0`](https://redirect.github.com/googleapis/python-storage/blob/HEAD/CHANGELOG.md#390-2026-02-02) [Compare Source](https://redirect.github.com/googleapis/python-storage/compare/v3.8.0...v3.9.0) ##### Features - add get\_object method for async grpc client ([#​1735](https://redirect.github.com/googleapis/python-storage/issues/1735)) ([0e5ec29bc6a31b77bcfba4254cef5bffb199095c](https://redirect.github.com/googleapis/python-storage/commit/0e5ec29bc6a31b77bcfba4254cef5bffb199095c)) - expose `DELETE_OBJECT` in `AsyncGrpcClient` ([#​1718](https://redirect.github.com/googleapis/python-storage/issues/1718)) ([c8dd7a0b124c395b7b60189ee78f47aba8d51f7d](https://redirect.github.com/googleapis/python-storage/commit/c8dd7a0b124c395b7b60189ee78f47aba8d51f7d)) - update generation for MRD ([#​1730](https://redirect.github.com/googleapis/python-storage/issues/1730)) ([08bc7082db7392f13bc8c51511b4afa9c7b157c9](https://redirect.github.com/googleapis/python-storage/commit/08bc7082db7392f13bc8c51511b4afa9c7b157c9)) - Move Zonal Buckets features of `_experimental` ([#​1728](https://redirect.github.com/googleapis/python-storage/issues/1728)) ([74c9ecc54173420bfcd48498a8956088a035af50](https://redirect.github.com/googleapis/python-storage/commit/74c9ecc54173420bfcd48498a8956088a035af50)) - add default user agent for grpc ([#​1726](https://redirect.github.com/googleapis/python-storage/issues/1726)) ([7b319469d2e495ea0bf7367f3949190e8f5d9fff](https://redirect.github.com/googleapis/python-storage/commit/7b319469d2e495ea0bf7367f3949190e8f5d9fff)) - expose finalized\_time in blob.py applicable for GET\_OBJECT in ZB ([#​1719](https://redirect.github.com/googleapis/python-storage/issues/1719)) ([8e21a7fe54d0a043f31937671003630a1985a5d2](https://redirect.github.com/googleapis/python-storage/commit/8e21a7fe54d0a043f31937671003630a1985a5d2)) - add context manager to mrd ([#​1724](https://redirect.github.com/googleapis/python-storage/issues/1724)) ([5ac2808a69195c688ed42c3604d4bfadbb602a66](https://redirect.github.com/googleapis/python-storage/commit/5ac2808a69195c688ed42c3604d4bfadbb602a66)) - integrate writes strategy and appendable object writer ([#​1695](https://redirect.github.com/googleapis/python-storage/issues/1695)) ([dbd162b3583e32e6f705a51f5c3fef333a9b89d0](https://redirect.github.com/googleapis/python-storage/commit/dbd162b3583e32e6f705a51f5c3fef333a9b89d0)) - Add support for opening via `write_handle` and fix `write_handle` type ([#​1715](https://redirect.github.com/googleapis/python-storage/issues/1715)) ([2bc15fa570683ba584230c51b439d189dbdcd580](https://redirect.github.com/googleapis/python-storage/commit/2bc15fa570683ba584230c51b439d189dbdcd580)) - Add micro-benchmarks for writes comparing standard (regional) vs rapid (zonal) buckets. ([#​1707](https://redirect.github.com/googleapis/python-storage/issues/1707)) ([dbe9d8b89d975dfbed8c830a5687ccfafea51d5f](https://redirect.github.com/googleapis/python-storage/commit/dbe9d8b89d975dfbed8c830a5687ccfafea51d5f)) - Add micro-benchmarks for reads comparing standard (regional) vs rapid (zonal) buckets. ([#​1697](https://redirect.github.com/googleapis/python-storage/issues/1697)) ([1917649fac41481da1adea6c2a9f4ab1298a34c4](https://redirect.github.com/googleapis/python-storage/commit/1917649fac41481da1adea6c2a9f4ab1298a34c4)) - send `user_agent` to grpc channel ([#​1712](https://redirect.github.com/googleapis/python-storage/issues/1712)) ([cdb2486bb051dcbfbffc2510aff6aacede5e54d3](https://redirect.github.com/googleapis/python-storage/commit/cdb2486bb051dcbfbffc2510aff6aacede5e54d3)) - add samples for appendable objects writes and reads ([#​1705](https://redirect.github.com/googleapis/python-storage/issues/1705)) ([2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff](https://redirect.github.com/googleapis/python-storage/commit/2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff)) - add samples for appendable objects writes and reads ([2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff](https://redirect.github.com/googleapis/python-storage/commit/2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff)) - add support for `generation=0` to avoid overwriting existing objects and add `is_stream_open` support ([#​1709](https://redirect.github.com/googleapis/python-storage/issues/1709)) ([ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae](https://redirect.github.com/googleapis/python-storage/commit/ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae)) - add support for `generation=0` to prevent overwriting existing objects ([ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae](https://redirect.github.com/googleapis/python-storage/commit/ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae)) - add `is_stream_open` property to AsyncAppendableObjectWriter for stream status check ([ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae](https://redirect.github.com/googleapis/python-storage/commit/ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae)) ##### Bug Fixes - receive eof while closing reads stream ([#​1733](https://redirect.github.com/googleapis/python-storage/issues/1733)) ([2ef63396dca1c36f9b0f0f3cf87a61b5aa4bd465](https://redirect.github.com/googleapis/python-storage/commit/2ef63396dca1c36f9b0f0f3cf87a61b5aa4bd465)) - Change contructors of MRD and AAOW AsyncGrpcClient.grpc\_client to AsyncGrpcClient ([#​1727](https://redirect.github.com/googleapis/python-storage/issues/1727)) ([e730bf50c4584f737ab86b2e409ddb27b40d2cec](https://redirect.github.com/googleapis/python-storage/commit/e730bf50c4584f737ab86b2e409ddb27b40d2cec)) - instance grpc client once per process in benchmarks ([#​1725](https://redirect.github.com/googleapis/python-storage/issues/1725)) ([721ea2dd6c6db2aa91fd3b90e56a831aaaa64061](https://redirect.github.com/googleapis/python-storage/commit/721ea2dd6c6db2aa91fd3b90e56a831aaaa64061)) - update write handle on every recv() ([#​1716](https://redirect.github.com/googleapis/python-storage/issues/1716)) ([5d9fafe1466b5ccb1db4a814967a5cc8465148a2](https://redirect.github.com/googleapis/python-storage/commit/5d9fafe1466b5ccb1db4a814967a5cc8465148a2)) - Fix formatting in setup.py dependencies list ([#​1713](https://redirect.github.com/googleapis/python-storage/issues/1713)) ([cc4831d7e253b265b0b96e08b5479f4c759be442](https://redirect.github.com/googleapis/python-storage/commit/cc4831d7e253b265b0b96e08b5479f4c759be442)) - implement requests\_done method to signal end of requests in async streams. Gracefully close streams. ([#​1700](https://redirect.github.com/googleapis/python-storage/issues/1700)) ([6c160794afded5e8f4179399f1fe5248e32bf707](https://redirect.github.com/googleapis/python-storage/commit/6c160794afded5e8f4179399f1fe5248e32bf707)) - implement requests\_done method to signal end of requests in async streams. Gracefully close streams. ([6c160794afded5e8f4179399f1fe5248e32bf707](https://redirect.github.com/googleapis/python-storage/commit/6c160794afded5e8f4179399f1fe5248e32bf707)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/google-auth-library-python). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNi41IiwidXBkYXRlZEluVmVyIjoiNDMuMjYuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: Anthonios Partheniou <partheniou@google.com>
…ython/main' into migration.google-auth-library-python.migration.2026-03-02_19-53-29.migrate
Contributor
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request focuses on migrating the google-auth library's codebase from its original repository into a new package structure. It includes significant additions to the project's configuration, testing, and continuous integration infrastructure, particularly with Kokoro. The goal is to reorganize the codebase and set up a robust automated testing environment. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This PR migrates the google-auth-library-python into this repository. The changes are extensive, consisting of adding many new files. My review focused on configuration files and core authentication logic. I've identified a few areas for improvement, including a redundant configuration in Kokoro files, some leftover code from previous versions, and potential issues in the asynchronous credential handling logic.
Specifically, I've noted a discrepancy in feature support between the synchronous and asynchronous default() credential loaders in google.auth._default.py and google.auth._default_async.py respectively. The async version appears to support fewer credential types from files. Also, there are potential bugs in how async credential refreshes are handled in google.auth.aio.transport.sessions.py and google.auth.transport._aiohttp_requests.py. Please see my detailed comments for more information.
I am having trouble creating individual review comments. Click here to see my feedback.
packages/google-auth/google/auth/transport/_aiohttp_requests.py (379-381)
self._loop.run_in_executor is used to call self.credentials.refresh. This is correct for synchronous refresh methods, but it will fail if refresh is an async coroutine function. The credentials object can have either a sync or async refresh method. You should check if self.credentials.refresh is a coroutine and await it directly if it is, similar to the logic in google.auth._credentials_async.Credentials.before_request.
packages/google-auth/google/auth/aio/transport/sessions.py (298-299)
The retry loop in AsyncAuthorizedSession.request only considers DEFAULT_RETRYABLE_STATUS_CODES, which typically includes server errors (5xx) but not authentication errors like 401 Unauthorized. The synchronous requests.AuthorizedSession and the older async version in _aiohttp_requests.py include logic to refresh credentials upon receiving a 401 status and retry the request. This implementation seems to be missing that crucial feature, which could lead to authentication failures when an access token expires during the session's lifetime.
packages/google-auth/.kokoro/samples/lint/common.cfg (31-34)
The environment variable TRAMPOLINE_BUILD_FILE is defined twice in this file. The second definition on line 36 overrides this one, making it redundant. You can remove this block. This pattern is repeated in several other Kokoro configuration files in this pull request.
packages/google-auth/google/auth/init.py (35-41)
The Python37DeprecationWarning class is defined but never used. The code warns for Python 3.8 and 3.9, but not 3.7. Since Python 3.7 is no longer supported (as stated in README.rst), this class appears to be a leftover and can be removed to improve code clarity.
packages/google-auth/google/auth/identity_pool.py (179-181)
The error message "The leaf certificate must be at the top of the trust chain file" could be more precise. The logic allows the leaf certificate to be absent from the trust chain file. The error is raised only if the leaf certificate is present but not at the beginning of the file. Consider clarifying the error message, for example: "The leaf certificate, if present in the trust chain file, must be the first certificate."
raise exceptions.RefreshError(
"The leaf certificate, if present in the trust chain file, must be the first certificate."
)
parthea
added
the
do not merge
Contributor
Author
|
Current failure |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See #14908.
This PR should be merged with a merge-commit, not a squash-commit, in order to preserve the git history.