class Google::Auth::ServiceAccountCredentials
cf [Application Default Credentials](goo.gl/mkAHpZ)
console (via ‘Generate new Json Key’).
from credentials from a json key file downloaded from the developer
This class allows authorizing requests for service accounts directly
OAuth access token.
Authenticates requests using Google’s Service Account credentials via an
def self.make_creds(options = {})
-
scope(string|array|nil) -- the scope(s) to access -
json_key_io(IO) -- an IO from which the JSON key can be read
def self.make_creds(options = {}) json_key_io, scope = options.values_at(:json_key_io, :scope) if json_key_io private_key, client_email = read_json_key(json_key_io) else private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR] client_email = ENV[CredentialsLoader::CLIENT_EMAIL_VAR] end new(token_credential_uri: TOKEN_CRED_URI, audience: TOKEN_CRED_URI, scope: scope, issuer: client_email, signing_key: OpenSSL::PKey::RSA.new(private_key)) end
def self.read_json_key(json_key_io)
Reads the private key and client email fields from the service account
def self.read_json_key(json_key_io) json_key = MultiJson.load(json_key_io.read) fail 'missing client_email' unless json_key.key?('client_email') fail 'missing private_key' unless json_key.key?('private_key') [json_key['private_key'], json_key['client_email']] end
def apply!(a_hash, opts = {})
ServiceAccountJwtHeaderCredentials instance and uses that to
If scope(s) is not set, it creates a transient
Extends the base class.
def apply!(a_hash, opts = {}) # Use the base implementation if scopes are set unless scope.nil? super return end # Use the ServiceAccountJwtHeaderCredentials using the same cred values # if no scopes are set. cred_json = { private_key: @signing_key.to_s, client_email: @issuer } alt_clz = ServiceAccountJwtHeaderCredentials key_io = StringIO.new(MultiJson.dump(cred_json)) alt = alt_clz.make_creds(json_key_io: key_io) alt.apply!(a_hash) end
def initialize(options = {})
def initialize(options = {}) super(options) end