Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Soft-warn about application default credentials using gcloud credentials

See original GitHub issue

Due to user issues with quota and API enablement, the auth libraries should issue a soft warning (that can be silenced) when application default credentials uses user credentials from the Cloud SDK. They should not warn if the credentials for the cloud sdk are service account credentials.

Your application has authenticated using end user credentials from Google 
Cloud SDK. We recommend that most server applications use service accounts
 instead. If your application continues to use end user credentials from Cloud 
SDK, you might receive a "quota exceeded" or "API not enabled" error. For 
more information about service accounts, see 
https://cloud.google.com/docs/authentication/.

Additional context: https://groups.google.com/a/google.com/forum/#!topic/client-auth-team/DKqrFw6lL1Q https://buganizer.corp.google.com/issues/64388723 https://github.com/GoogleCloudPlatform/google-auth-library-python/pull/266

Note: It’s unclear to me if this belongs here, or in the apiary client repo. Feel free to move if needed 😄

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
jskeetcommented, Jul 18, 2018

Personally I still think the best solution is for the server to give a better error message. There simply isn’t a general warning mechanism to tie into in .NET. I don’t think we should be making any changes client-side here.

0reactions
jskeetcommented, Jul 30, 2018

@theacodes: In reality it would often be end users rather than the developers, which makes it trickier. (But yes, a side-channel for warnings in general might be useful.)

I think so long as it starts failing with a good error message, I think that’s okay. We can put up prominent docs etc.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Set up Application Default Credentials | Authentication
Application Default Credentials. Set up Application Default Credentials · How Application Default Credentials works · Troubleshoot your ADC setup.
Read more >
Soft-warn about application default credentials using ...
Your application has authenticated using end user credentials from Google Cloud SDK. We recommend that most server applications use service ...
Read more >
Difference between "gcloud auth application-default login ...
gcloud auth application -default login asks you to give access to google auth library instead.
Read more >
What Are Google Cloud API Application Default Credentials?
Application Default Credentials (ADC) is a concept introduced by Google Cloud to simplify the process of authenticating applications when they ...
Read more >
Google Cloud Application Default Credentials - Python
Google Cloud Application Default Credentials (ADC) is a strategy to locate sources that contain secrets/key material to create credentials.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Google.Cloud.Dialogflow.V2 Problem using the built in ToString.

Next page

Configuring google-cloud-dotnet for a desktop application