Google-cloud-python: [Discussion] oauth2client credentials in a post-oauth2client world.

Created on 5 Dec 2016  路  5Comments  路  Source: googleapis/google-cloud-python

We recently switched core to use google-auth in #2639 and completely removed support for oauth2client.

It is possible that some users are explicitly passing oauth2client credentials into Client constructors, e.g.:

credentials = oauth2client.contrib.gce.AppAppsertionCredentials()
storage_client = storage.Client(credentials=credentials)

After google-cloud-core==0.22.0 is released this code will no longer work. Only credentials from google-auth will work. There is a potential that we could break some user code and there may be some valid reasons for sticking with oauth2client in the near-term (user credentials and storage, for example).

google-auth offers a way to convert credentials:

import google.auth._oauth2client

new_credentials = google.auth._oauth2client.convert(old_credentials)

We have two options:

  1. Tell users who still want to use oauth2client to use google.auth._oauth2client to convert their credentials.
  2. Add code in our Client base class to automatically convert credentials and issue a warning.

I strongly prefer (1) so that we do not prolong oauth2client's lifetime and so that we can more quickly free ourselves to switch http libraries.

question auth
Source
picture theacodes

All 5 comments

I also (somewhat strongly) prefer (1) but am worried about stepping on the toes of users.

dhermes picture dhermes on 5 Dec 2016

I'm not entirely sure what the criteria for Google Cloud Platform's alpha, beta, GA...etc...(I really would like that link if anyone knows where that's defined.), but I feel like 2 would only be required for a Beta or higher release...possibly only GA.

I prefer 1, as it would give a clean break before the beta release. How many people are really doing this though? I wish there was a way to figure that out.

daspecster picture daspecster on 5 Dec 2016

:+1: from me for option 1, as well. Let's just document the google-auth conversion method (maybe it should be a public API?) and go on.

tseaver picture tseaver on 6 Dec 2016
👍1

Can we have a friendly error message with a link to a page saying to use the .convert() method ? I don't mind telling people "You're using old shit. Stop it." I do mind telling them "Error. You figure it out :P"

If the error is "Those credentials aren't valid anymore. Call .convert on them or use new creds. Check github.com/..../some-page-somewhere for more details on this" then I'm happy.

/cc @omaray

jgeewax picture jgeewax on 6 Dec 2016
👍1

Great, thanks @jgeewax!

dhermes picture dhermes on 6 Dec 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

stevenschlansker picture stevenschlansker  路  3Comments
VikramTiwari picture VikramTiwari  路  3Comments
blaflamme picture blaflamme  路  3Comments
VikramTiwari picture VikramTiwari  路  3Comments
rmceoin picture rmceoin  路  3Comments