Use Env Var directly instead of through GoogleAuth() (#1202)

2025-06-18 17:24:46 -07:00 · 2025-06-18 17:24:46 -07:00 · b49d55584e
parent 8bc3b415c9
commit b49d55584e
4 changed files with 18 additions and 19 deletions
--- a/packages/core/src/code_assist/codeAssist.ts
+++ b/packages/core/src/code_assist/codeAssist.ts
@ -4,7 +4,6 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import { GoogleAuth, AuthClient } from 'google-auth-library';
 import { ContentGenerator } from '../core/contentGenerator.js';
 import { getOauthClient } from './oauth2.js';
 import { setupUser } from './setup.js';
@ -13,17 +12,7 @@ import { CodeAssistServer, HttpOptions } from './server.js';
 export async function createCodeAssistContentGenerator(
  httpOptions: HttpOptions,
 ): Promise<ContentGenerator> {
-  const authClient = await getAuthClient();
+  const authClient = await getOauthClient();
  const projectId = await setupUser(authClient);
  return new CodeAssistServer(authClient, projectId, httpOptions);
 }
-
-async function getAuthClient(): Promise<AuthClient> {
-  try {
-    // Try for Application Default Credentials.
-    return await new GoogleAuth().getClient();
-  } catch (_) {
-    // No Application Default Credentials so try Oauth.
-    return await getOauthClient();
-  }
-}
--- a/packages/core/src/code_assist/oauth2.ts
+++ b/packages/core/src/code_assist/oauth2.ts
@ -160,10 +160,20 @@ export function getAvailablePort(): Promise<number> {

 async function loadCachedCredentials(client: OAuth2Client): Promise<boolean> {
  try {
-    const creds = await fs.readFile(getCachedCredentialPath(), 'utf-8');
+    const keyFile =
+      process.env.GOOGLE_APPLICATION_CREDENTIALS || getCachedCredentialPath();
+
+    const creds = await fs.readFile(keyFile, 'utf-8');
    client.setCredentials(JSON.parse(creds));
-    // This will either return the existing token or refresh it.
-    await client.getAccessToken();
+
+    // This will verify locally that the credentials look good.
+    const { token } = await client.getAccessToken();
+    if (!token) {
+      return false;
+    }
+
+    // This will check with the server to see if it hasn't been revoked.
+    await client.getTokenInfo(token);

    return true;
  } catch (_) {
--- a/packages/core/src/code_assist/server.ts
+++ b/packages/core/src/code_assist/server.ts
@ -4,7 +4,7 @@
 * SPDX-License-Identifier: Apache-2.0
 */

-import { AuthClient } from 'google-auth-library';
+import { OAuth2Client } from 'google-auth-library';
 import {
  LoadCodeAssistResponse,
  LoadCodeAssistRequest,
@ -45,7 +45,7 @@ export const CODE_ASSIST_API_VERSION = 'v1internal';

 export class CodeAssistServer implements ContentGenerator {
  constructor(
-    readonly auth: AuthClient,
+    readonly auth: OAuth2Client,
    readonly projectId?: string,
    readonly httpOptions: HttpOptions = {},
  ) {}
--- a/packages/core/src/code_assist/setup.ts
+++ b/packages/core/src/code_assist/setup.ts
@ -6,14 +6,14 @@

 import { ClientMetadata, OnboardUserRequest } from './types.js';
 import { CodeAssistServer } from './server.js';
-import { AuthClient } from 'google-auth-library';
+import { OAuth2Client } from 'google-auth-library';

 /**
 *
 * @param projectId the user's project id, if any
 * @returns the user's actual project id
 */
-export async function setupUser(authClient: AuthClient): Promise<string> {
+export async function setupUser(authClient: OAuth2Client): Promise<string> {
  const projectId = process.env.GOOGLE_CLOUD_PROJECT;
  const caServer = new CodeAssistServer(authClient, projectId);