samples: remove browser option from user credentials sample #1147
Conversation
product-auto-label
bot
added
api: bigquery
| # The `launch_browser` boolean variable indicates if a local server is used | ||
| # as the callback URL in the auth flow. A value of `True` is recommended, | ||
| # but a local server does not work if accessing the application remotely, | ||
| # such as over SSH or from a remote Jupyter notebook. |
There was a problem hiding this comment.
gcloud allows you to complete auth on a remote machine with no browser gcloud auth application-default login --no-browser, available in >=372.0.0.
This doc has an overview of what the flow looks like. I believe this new flag will take care of the general 'accessing the application remotely case' as long as the user can run gcloud on the target machine.
There was a problem hiding this comment.
@tswast @shollyman Are there cases where a user might not be able to run gcloud on the machine where the notebook is hosted?
There was a problem hiding this comment.
@tswast @shollyman Are there cases where a user might not be able to run gcloud on the machine where the notebook is hosted?
Oh dear. 😱 I'm not sure about "can't" but this will add significant friction to folks using hosted notebooks on other clouds such as Azure Machine Learning Notebooks or Amazon SageMaker.
There was a problem hiding this comment.
Thanks for bringing this to my attention. I believe I'll need to prioritize pydata/pydata-google-auth#53 and ideally pydata/pydata-google-auth#48 as well due to this auth change.
There was a problem hiding this comment.
Kubeflow notebooks and other self-hosted notebook systems like Jupyter Hub will also have a problem.
There was a problem hiding this comment.
Thanks Tim, it looked like some other teams working with Notebooks are also trying to figure out how this impacts their users. dujinhui@ is on the team leading the OOB deprecation if you need a point of contact.
|
Approving, but as discussed separately, much more work needs to be done to have a clean migration path, especially for remote notebook users. |
…is#1147) * samples: remove run_console from user credentials sample * Update samples/snippets/user_credentials.py Co-authored-by: Tim Swast <[email protected]> * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Tim Swast <[email protected]> Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
run_consoleuses the OAuth out-of-band flow, which will stop working for new clients on February 28, 2022 and stop working for all clients on October 3, 2022.https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html?m=1#disallowed-oob