Lai Jiang fdfbb9572d Refactor OIDC-based auth mechanism (#2049) ... This PR changes the two flavors of OIDC authentication mechanisms to verify the same audience. This allows the same token to pass both mechanisms. Previously the regular OIDC flavor uses the project id as its required audience, which does not work for local user credentials (such as ones used by the nomulus tool), which requires a valid OAuth client ID as audience when minting the token (project id is NOT a valid OAuth client ID). I considered allowing multiple audiences, but the result is not as clean as just using the same everywhere, because the fall-through logic would have generated a lot of noises for failed attempts. This PR also changes the client side to solely use OIDC token whenever possible, including the proxy, cloud scheduler and cloud tasks. The nomulus tool still uses OAuth access token by default because it requires USER level authentication, which in turn requires us to fill the User table with objects corresponding to the email address of everyone needing access to the tool. TESTED=verified each client is able to make authenticated calls on QA with or without IAP.		2023-06-27 13:10:31 -04:00
..
kubernetes	Add all necessary proxy configuration for QA (#1416)	2021-11-11 15:36:47 -05:00
src	Refactor OIDC-based auth mechanism (#2049)	2023-06-27 13:10:31 -04:00
terraform	Update terraform files and instructions (#1402)	2021-10-29 09:10:23 -04:00
.gitignore	Refactor to be more in line with a standard Gradle project structure	2019-06-13 09:41:11 -04:00
build.gradle	Upgrade to Gradle 7.0 (#1712)	2022-07-26 11:41:27 -04:00
buildscript-gradle.lockfile	Upgrade to Gradle 7.0 (#1712)	2022-07-26 11:41:27 -04:00
deploy-proxy-for-env.sh	Use the save API version for the HPA controller and the deployment (#807)	2020-09-16 09:15:35 -04:00
Dockerfile	Refactor to be more in line with a standard Gradle project structure	2019-06-13 09:41:11 -04:00
gradle.lockfile	Add gmail dependency to project (#2047)	2023-06-05 16:48:30 -04:00