cloud-storage-rs icon indicating copy to clipboard operation
cloud-storage-rs copied to clipboard
verified publisher icon ThouCheese

Consider deferring authentication to another crate

Open djc opened this issue 4 years ago • 3 comments

I've used (and contributed to) the gcp_auth crate, which IMO is a pretty nice and simple way to deal with authentication/authorization for GCP. Maybe it would be nice to keep this crate focused on specific Cloud Storage APIs and integrate with it (or another existing crate) for authn/authz?

djc avatar Oct 13 '21 08:10 djc

Right that sounds feasible. As a contributor, do you have an idea about how we could best integrate such a library?

ThouCheese avatar Jan 22 '22 14:01 ThouCheese

I noticed that it's not completely straightforward because you need access to a service account's private key, so the gcp_auth API would likely need to be extended somehow. Meanwhile, we found some issues with large uploads (larger than 1 GB) in this library, and I think we will switch to using tonic to call gRPC APIs directly.

djc avatar Jan 23 '22 20:01 djc

I think https://github.com/hrvolapeter/gcp_auth/pull/49 provides the necessary interfaces so that you could use it for authentication and for signing (with a much simpler interface).

djc avatar Jan 25 '22 23:01 djc