class Google::Auth::ServiceAccountCredentials

cf [Application Default Credentials](goo.gl/mkAHpZ)
console (via ‘Generate new Json Key’).
from credentials from a json key file downloaded from the developer
This class allows authorizing requests for service accounts directly
OAuth access token.
Authenticates requests using Google’s Service Account credentials via an

def self.read_json_key(json_key_io)

JSON key.
Reads the private key and client email fields from the service account 
def self.read_json_key(json_key_io)
  json_key = MultiJson.load(json_key_io.read)
  fail 'missing client_email' unless json_key.key?('client_email')
  fail 'missing private_key' unless json_key.key?('private_key')
  [json_key['private_key'], json_key['client_email']]
end

def apply!(a_hash, opts = {})

authenticate instead.
ServiceAccountJwtHeaderCredentials instance and uses that to
If scope(s) is not set, it creates a transient

Extends the base class. 
def apply!(a_hash, opts = {})
  # Use the base implementation if scopes are set
  unless scope.nil?
    super
    return
  end
  # Use the ServiceAccountJwtHeaderCredentials using the same cred values
  # if no scopes are set.
  cred_json = {
    private_key: @signing_key.to_s,
    client_email: @issuer
  }
  alt_clz = ServiceAccountJwtHeaderCredentials
  alt = alt_clz.new(StringIO.new(MultiJson.dump(cred_json)))
  alt.apply!(a_hash)
end

def initialize(json_key_io, scope = nil)

Parameters:
  • scope (string|array|nil) -- the scope(s) to access
  • json_key_io (IO) -- an IO from which the JSON key can be read 
def initialize(json_key_io, scope = nil)
  private_key, client_email = self.class.read_json_key(json_key_io)
  super(token_credential_uri: TOKEN_CRED_URI,
        audience: TOKEN_CRED_URI,
        scope: scope,
        issuer: client_email,
        signing_key: OpenSSL::PKey::RSA.new(private_key))
end