v3.0.0

01-16-2019 10:00 PST

Welcome to 3.0 🎉 This release has it all. New features, bug fixes, breaking changes, performance improvements - something for everyone! The biggest addition to this release is support for the browser via Webpack.

This release has breaking changes. This release has a few breaking changes. These changes are unlikely to affect most clients.

BREAKING: Migration from axios to gaxios

The 2.0 version of this library used the axios library for making HTTP requests. In the 3.0 release, this has been replaced by a mostly API compatible library gaxios. The new request library natively supports proxies, and comes with a smaller dependency chain. While this is mostly an implementation detail, the request method was directly exposed via the GoogleAuth.request and OAuth2Client.request methods. The gaxios library aims to provide an API compatible implementation of axios, but that can never be 100% promised. If you run into bugs or differences that cause issues - please do let us know.

BREAKING: generateCodeVerifier is now generateCodeVerifierAsync

The OAuth2Client.generateCodeVerifier method has been replaced by the OAuth2Client.generateCodeVerifierAsync method. It has changed from a synchronous method to an asynchronous method to support async browser crypto APIs required for Webpack support.

BREAKING: verifySignedJwtWithCerts is now verifySignedJwtWithCertsAsync

The OAuth2Client.verifySignedJwtWithCerts method has been replaced by the OAuth2Client.verifySignedJwtWithCertsAsync method. It has changed from a synchronous method to an asynchronous method to support async browser crypto APIs required for Webpack support.

New Features

• feat: make it webpackable (#371)

Bug Fixes

• fix: accept lowercase env vars (#578)

Dependencies

• chore(deps): update gtoken (#592)
• fix(deps): upgrade to gcp-metadata v0.9.3 (#586)

Documentation

• docs: update bug report link (#585)
• docs: clarify access and refresh token docs (#577)

Internal / Testing Changes

• refactor(deps): use gaxios for HTTP requests instead of axios (#593)
• fix: some browser fixes (#590)
• chore(deps): update dependency ts-loader to v5 (#588)
• chore(deps): update dependency karma to v3 (#587)
• build: check broken links in generated docs (#579)
• chore(deps): drop unused dep on typedoc (#583)
• build: add browser test running on Kokoro (#584)
• test: improve samples and add tests (#576)

v2.0.2

12-16-2018 10:48 PST

Fixes

• fix(types): export GCPEnv type (#569)
• fix: use post for token revocation (#524)

Dependencies

• fix(deps): update dependency lru-cache to v5 (#541)

Documentation

• docs: add ref docs again (#553)
• docs: clean up the readme (#554)

Internal / Testing Changes

• chore(deps): update dependency @types/sinon to v7 (#568)
• refactor: use execa for install tests, run eslint on samples (#559)
• chore(build): inject yoshi automation key (#566)
• chore: update nyc and eslint configs (#565)
• chore: fix publish.sh permission +x (#563)
• fix(build): fix Kokoro release script (#562)
• build: add Kokoro configs for autorelease (#561)
• chore: always nyc report before calling codecov (#557)
• chore: nyc ignore build/test by default (#556)
• chore(build): update the prettier and renovate config (#552)
• chore: update license file (#551)
• fix(build): fix system key decryption (#547)
• chore(deps): update dependency typescript to ~3.2.0 (#546)
• chore(deps): unpin sinon (#544)
• refactor: drop non-required modules (#542)
• chore: add synth.metadata (#537)
• fix: Pin @types/sinon to last compatible version (#538)
• chore(deps): update dependency gts to ^0.9.0 (#531)
• chore: update eslintignore config (#530)
• chore: drop contributors from multiple places (#528)
• chore: use latest npm on Windows (#527)
• chore: update CircleCI config (#523)
• chore: include build in eslintignore (#516)

v2.0.1

Implementation Changes

• fix: verifyIdToken will never return null (#488)
• Update the url to application default credentials (#470)
• Update omitted parameter 'hd' (#467)

Dependencies

• chore(deps): update dependency nock to v10 (#501)
• chore(deps): update dependency sinon to v7 (#502)
• chore(deps): update dependency typescript to v3.1.3 (#503)
• chore(deps): update dependency gh-pages to v2 (#499)
• chore(deps): update dependency typedoc to ^0.13.0 (#497)

Documentation

• docs: Remove code format from Application Default Credentials (#483)
• docs: replace google/ with googleapis/ in URIs (#472)
• Fix typo in readme (#469)
• Update samples and docs for 2.0 (#459)

Internal / Testing Changes

• chore: update issue templates (#509)
• chore: remove old issue template (#507)
• build: run tests on node11 (#506)
• chore(build): drop hard rejection and update gts in the kitchen test (#504)
• chores(build): do not collect sponge.xml from windows builds (#500)
• chores(build): run codecov on continuous builds (#495)
• chore: update new issue template (#494)
• build: fix codecov uploading on Kokoro (#490)
• test: move kitchen sink tests to system-test (#489)
• Update kokoro config (#482)
• fix: export additional typescript types (#479)
• Don't publish sourcemaps (#478)
• test: remove appveyor config (#477)
• Enable prefer-const in the eslint config (#473)
• Enable no-var in eslint (#471)
• Update CI config (#468)
• Retry npm install in CI (#465)
• Update Kokoro config (#462)

v2.0.0

Well hello 2.0 🎉 This release has multiple breaking changes. It also has a lot of bug fixes.

Breaking Changes

Support for node.js 4.x and 9.x has been dropped

These versions of node.js are no longer supported.

The getRequestMetadata method has been deprecated

The getRequestMetadata method has been deprecated on the IAM, OAuth2, JWT, and JWTAccess classes. The getRequestHeaders method should be used instead. The methods have a subtle difference: the getRequestMetadata method returns an object with a headers property, which contains the authorization header. The getRequestHeaders method simply returns the headers.

Old code

const client = await auth.getClient();
const res = await client.getRequestMetadata();
const headers = res.headers;

New code

const client = await auth.getClient();
const headers = await client.getRequestHeaders();

The createScopedRequired method has been deprecated

The createScopedRequired method has been deprecated on multiple classes. The createScopedRequired and createScoped methods on the JWT class were largely in place to help inform clients when scopes were required in an application default credential scenario. Instead of checking if scopes are required after creating the client, instead scopes should just be passed either into the GoogleAuth.getClient method, or directly into the JWT constructor.

Old code

auth.getApplicationDefault(function(err, authClient) {
   if (err) {
     return callback(err);
   }
  if (authClient.createScopedRequired && authClient.createScopedRequired()) {
    authClient = authClient.createScoped([
      'https://www.googleapis.com/auth/cloud-platform'
    ]);
  }
  callback(null, authClient);
});

New code

const client = await auth.getClient({
  scopes: ['https://www.googleapis.com/auth/cloud-platform']
});

The refreshAccessToken method has been deprecated

The OAuth2.refreshAccessToken method has been deprecated. The getAccessToken, getRequestMetadata, and request methods will all refresh the token if needed automatically. There is no need to ever manually refresh the token.

As always, if you run into any problems... please let us know!

Features

• Set private_key_id in JWT access token header like other google auth libraries. (#450)

Bug Fixes

• fix: support HTTPS proxies (#405)
• fix: export missing interfaces (#437)
• fix: Use new auth URIs (#434)
• docs: Fix broken link (#423)
• fix: surface file read streams (#413)
• fix: prevent unhandled rejections by avoid .catch (#404)
• fix: use gcp-metadata for compute credentials (#409)
• Add Code of Conduct
• fix: Warn when using user credentials from the Cloud SDK (#399)
• fix: use Buffer.from instead of new Buffer (#400)
• fix: Fix link format in README.md (#385)

Breaking changes

• chore: deprecate getRequestMetadata (#414)
• fix: deprecate the createScopedRequired methods (#410)
• fix: drop support for node.js 4.x and 9.x (#417)
• fix: deprecate the refreshAccessToken methods (#411)
• fix: deprecate the getDefaultProjectId method (#402)
• fix: drop support for node.js 4 (#401)

Build / Test changes

• Run synth to make build tools consistent (#455)
• Add a package.json for samples and cleanup README (#454)
• chore(deps): update dependency typedoc to ^0.12.0 (#453)
• chore: move examples => samples + synth (#448)
• chore(deps): update dependency nyc to v13 (#452)
• chore(deps): update dependency pify to v4 (#447)
• chore(deps): update dependency assert-rejects to v1 (#446)
• chore: ignore package-lock.json (#445)
• chore: update renovate config (#442)
• chore(deps): lock file maintenance (#443)
• chore: remove greenkeeper badge (#440)
• test: throw on deprecation
• chore: add intelli-espower-loader for running tests (#430)
• chore(deps): update dependency typescript to v3 (#432)
• chore(deps): lock file maintenance (#431)
• test: use strictEqual in tests (#425)
• chore(deps): lock file maintenance (#428)
• chore: Configure Renovate (#424)
• chore: Update gts to the latest version 🚀 (#422)
• chore: update gcp-metadata for isAvailable fix (#420)
• refactor: use assert.reject in the tests (#415)
• refactor: cleanup types for certificates (#412)
• test: run tests with hard-rejection (#397)
• cleanup: straighten nested try-catch (#394)
• test: getDefaultProjectId should prefer config (#388)
• chore(package): Update gts to the latest version 🚀 (#387)
• chore(package): update sinon to version 6.0.0 (#386)

v1.6.1

This release includes a fix for the issue where --esModuleInterop was required for the TypeScript compiler to pass.

5a0a9b3 fix: do not use synthetic imports for nodejs core (#382)

v1.6.0

Greetings folks! This minor release has a few new features! Most of these have been added to help support the migration away from google-auto-auth. Enjoy 🎉

Features

8294685 feat: enable custom service account with compute client (#378)
2472be0 feat: add sign method to JWT (#375)
c085f14 feat: add a getProjectId method for google-auto-auth compat (#374)

Fixes

23fe447 fix: limit situations where we retry (#373)
1477db8 chore: fix lint task in circle config (#377)
3f54935 docs: consistent header sizing, small grammar changes (#366)

Keepin the lights on

6e88edd chore: upgrade all the dependencies (#372)
8cdd31a chore(package): update nyc to version 12.0.2 (#376)
b4d62a0 chore(package): update @types/sinon to version 5.0.0 (#367)

1.5.0

In this release:

• The redirect_uri and client_id used in the subsequent call to getToken() (and passed to the code exchange endpoint) can now be overridden.
• The order in which credentials and keyFilename fields in GoogleAuthOptions are read is now swapped if both are present (it will be in the order [credentials, keyFilename]).

Commits

1f92e9c fix: read credentials field before keyFilename (#361)
35ed34b chore: update dependencies (#358)
4e2c298 chore(package): update @types/node to version 10.0.3 (#357)
dd63531 chore(package): update sinon to version 5.0.1 (#356)
9328fa6 chore: add nodejs 10 to test matrix (#353)
8a2b53b fix: add generic type to request (#354)
e40a5ef test: fix possible EXDEV in fs.rename (#350)
d3e1b15 feat: Allow overrides to getToken that are used with corresponding generateAuthUrl (#349)

1.4.0

It's that special time again! Bug fixes, new features, updated packages, this release has it all.

New features

2570751 feat: emit an event when new tokens are obtained (#341)
3b057e7 feat: add auth.request method (#346)
200de99 feat: export additional types (#345)
e835c05 feat: allow passing options to auth.getClient (#344)
f1ad9da feat: add getTokenInfo method (#337)
df75b73 feat: add JWT.getCredentials method (#323)

Bug fixes

f75f2a2 fix: pin axios to nodejs (#342)
4807764 fix: cache refreshToken promises (#339)
c30f822 fix: use id_token for IAP requests (#328)
5d5a1e7 fix: don't duplicate user-agent (#322)

Keepin' the lights on

375faea test: add missing scope checks (#343)
93ad6d5 chore(package): update @types/mocha to version 5.0.0 (#333)
a39267e chore(package): update sinon to version 5.0.0 (#332)
6589956 chore: setup nightly builds workflow (#329)

Enjoy that fresh hot auth y'all 🚀🐢

1.3.2

This release contains minor test improvements and bug fixes. Enjoy!

b41381d fix: ensure GCF can read metadata requests (#324)
48f962c chore: update deps (#317)
879864a chore(package): update js-green-licenses to version 0.5.0 (#314)
13a6761 fix: increase test timeout (#316)
e43c73e chore: improve tests (#308)
7f7666f chore: fix typo in comment (#304)
1848552 chore: use sinon to mock in some cases (#303)
faf494a test: flatten tests (#301)
34bb07f docs: add newline in readme
a0169e7 docs: add instructions for oauth2 and installed apps (#300)

1.3.1

This releases fixes #295.