urbit/shrub
1
1
Fork 0
mirror of https://github.com/urbit/shrub.git synced 2024-12-20 01:01:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

-get-gcp-jwt: correct scope, clean up call

Browse Source 
It turns out 'devstorage.read_write' also gives us an access token
instead of a JWT, and is probably more the thing that we want.

Took the opportunity to make scope a macro to clean up the make-jwt call
site.
This commit is contained in:
J 2021-02-23 23:12:48 +00:00
parent aa93ac49c1
commit 6a07130f0d
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/arvo/ted/get-gcp-jwt.hoon
View File

@ -31,12 +31,9 @@
;< =key:rsa bind:m read-private-key ;< =key:rsa bind:m read-private-key
;< kid=@t bind:m (read-setting %private-key-id) ;< kid=@t bind:m (read-setting %private-key-id)
;< aud=@t bind:m (read-setting %token-uri) ;< aud=@t bind:m (read-setting %token-uri)
=* scope 'https://www.googleapis.com/auth/devstorage.read_write'
=/ jot=@t =/ jot=@t
%: make-jwt (make-jwt key kid iss scope aud now.bowl)
key kid iss
'https://www.googleapis.com/auth/cloud-platform'
aud now.bowl
==
;< p=[access-token=@t expires-at=@da] bind:m ;< p=[access-token=@t expires-at=@da] bind:m
(get-access-token jot aud now.bowl) (get-access-token jot aud now.bowl)
(pure:m !>(p)) (pure:m !>(p))