feat: X509 cert authentication #2055
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* chore(owlbot-nodejs): install 3.13.5 Python (#2042) * chore: install higher version of Python * chore: update to python 3.15 * update lagging dependency * fix vulnerability * change the version Source-Link: googleapis/synthtool@ca4c7ce Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:6062c519ce78ee08490e7ac7330eca80f00f139ef1a241c5c2b306550b60c728 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> * chore(deps): upgrade sinon to 21 (#2050) * chore(deps): upgrade sinon to 21 * specify which timers to fake * use @feywind's util for timers * add crucial file * fix(deps): update dependency @googleapis/iam to v30 (#2052) * chore: add node 24 in node ci test (#2051) Source-Link: googleapis/synthtool@1218bc2 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:66c44f0ad8f6caaa4eb3fbe74f8c2b4de5a97c2b930cee069e712c447723ba95 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Leah E. Cole <[email protected]> * Included initial interfaces and options for creating x509client. * Added implementation for x509provider * Augmented logic for well-known cert config. * Added changes to create CertificateSubjectTokenSupplier * Added feature to call STS endpoint with the leaf certificate as trust chain. * Added logic to use trust chains. * Cleaned up certificateSubjectTokenSupplier and added mtlsClientTransporter logic to IdentityPoolClients Transporter * Added tests for certificateConfig type externalClient * All x509 auth logic in src/auth/certificatesubjecttokensupplier.ts * Added tests for malformed cert_config file, malfor med certificate in trust chain. * Added unit tests for util --------- Co-authored-by: gcf-owl-bot[bot] <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Leah E. Cole <[email protected]> Co-authored-by: Mend Renovate <[email protected]>
* chore(owlbot-nodejs): install 3.13.5 Python (#2042) * chore: install higher version of Python * chore: update to python 3.15 * update lagging dependency * fix vulnerability * change the version Source-Link: googleapis/synthtool@ca4c7ce Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:6062c519ce78ee08490e7ac7330eca80f00f139ef1a241c5c2b306550b60c728 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> * chore: add node 24 in node ci test (#2051) Source-Link: googleapis/synthtool@1218bc2 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-nodejs:latest@sha256:66c44f0ad8f6caaa4eb3fbe74f8c2b4de5a97c2b930cee069e712c447723ba95 Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Leah E. Cole <[email protected]> * X509 Cert Auth now does only async file reads * Fixed any linter error in util --------- Co-authored-by: gcf-owl-bot[bot] <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Leah E. Cole <[email protected]>
|
Warning: This pull request is touching the following templated files:
|
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
sofisl
previously approved these changes
Jul 16, 2025
lsirac
previously approved these changes
Jul 16, 2025
nbayati
previously approved these changes
Jul 16, 2025
* Added readme changes. * Addressed PR comments.
sofisl
previously approved these changes
Jul 18, 2025
… Yoshi bot compliance
sofisl
approved these changes
Jul 18, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With this PR, we are now able to use X509 Certificates to authenticate via Google Auth Library.
Testing
Added unit tests and all integration tests passing as per this testing document
Additional Information
Change also includes trust chain verification to be passed to STS endpoint
All file operations are async