Skip to content

L126: C-core: Support ALTS Credentials in Google Default Credentials #504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Aug 25, 2025
Merged

L126: C-core: Support ALTS Credentials in Google Default Credentials #504

Changes from 2 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
58aaa6c
L123: C-core: Support ALTS Credentials in Google Default Credentials
anniefrchz Jun 30, 2025
7fe3088
Incorporate initial feedback
anniefrchz Jul 1, 2025
3f8ebd6
Add discussion link and fix number
anniefrchz Jul 2, 2025
8c2d33a
Add discussion link and fix number
anniefrchz Jul 2, 2025
1d45a78
Adress comments and nits
anniefrchz Jul 8, 2025
2a9d07f
Rename file and fix some nits
anniefrchz Jul 17, 2025
766d654
Incorporate changes to the GoogleDefaultCredentials options
anniefrchz Jul 28, 2025
666cda0
Add details on implementation for C++ libraries
anniefrchz Aug 22, 2025
9e23f30
Create sections per language
anniefrchz Aug 22, 2025
c38532b
S/int/size_t in struct definition
anniefrchz Aug 22, 2025
d42398e
Move header
anniefrchz Aug 22, 2025
9faf191
Use a boolean instead of query parameters
anniefrchz Aug 22, 2025
27d887c
Update Date
anniefrchz Aug 22, 2025
899ad3b
Change flag name for grpc_google_compute_engine_credentials_create
anniefrchz Aug 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 14 additions & 8 deletions L126-core-add-alts-google-call-credentials.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ channel initialized with Google's default credentials.

## Proposal

### C-Core changes

This proposal modifies the function `grpc_google_default_credentials_create` to
add a second set of call credentials.

Expand All @@ -50,12 +52,11 @@ transport types, the primary call_credentials are used, maintaining the default
behavior.

The hard-bound call credentials will be created through
`grpc_google_compute_engine_credentials_create`. This function has a reserved
argument that will allow us to inject a new structure,
`grpc_google_compute_engine_credentials_options`. By setting the appropiate
transport protocol in the form of query parameters pairs, the caller will be
able to obtain ALTS hard-bound credentials instead of the standard default call
credentials.
`grpc_google_compute_engine_credentials_create`. This function will have a
`grpc_google_compute_engine_credentials_options` parameter. By setting the
appropiate transport protocol in the form of query parameters pairs, the caller
will be able to obtain ALTS hard-bound credentials instead of the standard
default call credentials.

```c
typedef struct {
Expand All @@ -65,6 +66,7 @@ typedef struct {
} QueryParam;

const QueryParam* query_params;
size_t query_params_count;
} grpc_google_compute_engine_credentials_options;

GRPCAPI grpc_call_credentials* grpc_google_compute_engine_credentials_create(
Expand All @@ -76,8 +78,10 @@ create GoogleDefaultCredentials by setting a GoogleDefaultCredentialsOptions
value into their standard call. For this addition, the proposed struct
`GoogleDefaultCredentialsOptions` will hold a boolean that will be default to
false. Callers of the GoogleDefaultCredentials() API will be able to set
use_alts to false value, if required to indicate the request for the underlying
bound token call credentials.
use_alts_call_credentials to false value, if required to indicate the request
for the underlying bound token call credentials.

### C++ Changes

```c++
struct GoogleDefaultCredentialsOptions {
Expand All @@ -89,6 +93,8 @@ std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials(
GoogleDefaultCredentialsOptions());
```

### Other C-Core languages

Other wrapped languages are not in scope for changes to their public API, and
further discussion is needed if an implementation is scoped.

Expand Down