Skip to content

Commit c59f8b4

Browse files
d-googd-goog
authored
docs: JSON credential best practices (#1923)
1 parent 75adc4e commit c59f8b4

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

src/auth/googleauth.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,10 @@ export interface GoogleAuthOptions<T extends AuthClient = JSONClient> {
108108
* Object containing client_email and private_key properties, or the
109109
* external account client options.
110110
* Cannot be used with {@link GoogleAuthOptions.apiKey `apiKey`}.
111+
*
112+
* @remarks
113+
*
114+
* **Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to {@link https://cloud.google.com/docs/authentication/external/externally-sourced-credentials Validate credential configurations from external sources}.
111115
*/
112116
credentials?: JWTInput | ExternalAccountClientOptions;
113117

src/auth/jwtclient.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,10 @@ export class JWT extends OAuth2Client implements IdTokenProvider {
303303
/**
304304
* Create a JWT credentials instance using the given input options.
305305
* @param json The input object.
306+
*
307+
* @remarks
308+
*
309+
* **Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to {@link https://cloud.google.com/docs/authentication/external/externally-sourced-credentials Validate credential configurations from external sources}.
306310
*/
307311
fromJSON(json: JWTInput): void {
308312
if (!json) {
@@ -333,6 +337,10 @@ export class JWT extends OAuth2Client implements IdTokenProvider {
333337
* Create a JWT credentials instance using the given input stream.
334338
* @param inputStream The input stream.
335339
* @param callback Optional callback.
340+
*
341+
* @remarks
342+
*
343+
* **Important**: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to {@link https://cloud.google.com/docs/authentication/external/externally-sourced-credentials Validate credential configurations from external sources}.
336344
*/
337345
fromStream(inputStream: stream.Readable): Promise<void>;
338346
fromStream(

0 commit comments

Comments
 (0)