@@ -15,6 +15,7 @@ import (
1515 "os"
1616 "time"
1717
18+ "cloud.google.com/go/auth"
1819 "cloud.google.com/go/auth/credentials"
1920 "cloud.google.com/go/auth/oauth2adapt"
2021 "golang.org/x/oauth2"
@@ -30,7 +31,7 @@ const quotaProjectEnvVar = "GOOGLE_CLOUD_QUOTA_PROJECT"
3031// it returns default credential information.
3132func Creds (ctx context.Context , ds * DialSettings ) (* google.Credentials , error ) {
3233 if ds .IsNewAuthLibraryEnabled () {
33- return credsNewAuth (ctx , ds )
34+ return credsNewAuth (ds )
3435 }
3536 creds , err := baseCreds (ctx , ds )
3637 if err != nil {
@@ -42,6 +43,30 @@ func Creds(ctx context.Context, ds *DialSettings) (*google.Credentials, error) {
4243 return creds , nil
4344}
4445
46+ // AuthCreds returns [cloud.google.com/go/auth.Credentials] based on credentials
47+ // options provided via [option.ClientOption], including legacy oauth2/google
48+ // options. If there are no applicable options, then it returns the result of
49+ // [cloud.google.com/go/auth/credentials.DetectDefault].
50+ func AuthCreds (ctx context.Context , settings * DialSettings ) (* auth.Credentials , error ) {
51+ if settings .AuthCredentials != nil {
52+ return settings .AuthCredentials , nil
53+ }
54+ // Support oauth2/google options
55+ var oauth2Creds * google.Credentials
56+ if settings .InternalCredentials != nil {
57+ oauth2Creds = settings .InternalCredentials
58+ } else if settings .Credentials != nil {
59+ oauth2Creds = settings .Credentials
60+ } else if settings .TokenSource != nil {
61+ oauth2Creds = & google.Credentials {TokenSource : settings .TokenSource }
62+ }
63+ if oauth2Creds != nil {
64+ return oauth2adapt .AuthCredentialsFromOauth2Credentials (oauth2Creds ), nil
65+ }
66+
67+ return detectDefaultFromDialSettings (settings )
68+ }
69+
4570// GetOAuth2Configuration determines configurations for the OAuth2 transport, which is separate from the API transport.
4671// The OAuth2 transport and endpoint will be configured for mTLS if applicable.
4772func GetOAuth2Configuration (ctx context.Context , settings * DialSettings ) (string , * http.Client , error ) {
@@ -62,7 +87,7 @@ func GetOAuth2Configuration(ctx context.Context, settings *DialSettings) (string
6287 return tokenURL , oauth2Client , nil
6388}
6489
65- func credsNewAuth (ctx context. Context , settings * DialSettings ) (* google.Credentials , error ) {
90+ func credsNewAuth (settings * DialSettings ) (* google.Credentials , error ) {
6691 // Preserve old options behavior
6792 if settings .InternalCredentials != nil {
6893 return settings .InternalCredentials , nil
@@ -76,6 +101,14 @@ func credsNewAuth(ctx context.Context, settings *DialSettings) (*google.Credenti
76101 return oauth2adapt .Oauth2CredentialsFromAuthCredentials (settings .AuthCredentials ), nil
77102 }
78103
104+ creds , err := detectDefaultFromDialSettings (settings )
105+ if err != nil {
106+ return nil , err
107+ }
108+ return oauth2adapt .Oauth2CredentialsFromAuthCredentials (creds ), nil
109+ }
110+
111+ func detectDefaultFromDialSettings (settings * DialSettings ) (* auth.Credentials , error ) {
79112 var useSelfSignedJWT bool
80113 var aud string
81114 var scopes []string
@@ -100,18 +133,13 @@ func credsNewAuth(ctx context.Context, settings *DialSettings) (*google.Credenti
100133 aud = settings .DefaultAudience
101134 }
102135
103- creds , err := credentials .DetectDefault (& credentials.DetectOptions {
136+ return credentials .DetectDefault (& credentials.DetectOptions {
104137 Scopes : scopes ,
105138 Audience : aud ,
106139 CredentialsFile : settings .CredentialsFile ,
107140 CredentialsJSON : settings .CredentialsJSON ,
108141 UseSelfSignedJWT : useSelfSignedJWT ,
109142 })
110- if err != nil {
111- return nil , err
112- }
113-
114- return oauth2adapt .Oauth2CredentialsFromAuthCredentials (creds ), nil
115143}
116144
117145func baseCreds (ctx context.Context , ds * DialSettings ) (* google.Credentials , error ) {
0 commit comments