class Google::Auth::ServiceAccountJwtHeaderCredentials

cf [Application Default Credentials](goo.gl/mkAHpZ)
flow, rather it creates a JWT and sends that as a credential.
console (via ‘Generate new Json Key’). It is not part of any OAuth2
from credentials from a json key file downloaded from the developer
This class allows authorizing requests for service accounts directly
JWT Header.
Authenticates requests using Google’s Service Account credentials via

def self.make_creds(*args)

we modify make_creds to reflect this.
optional scope. Here's the constructor only has one param, so
By default, it calls #new with 2 args, the second one being an

make_creds is used by the methods in CredentialsLoader.

make_creds proxies the construction of a credentials instance 
def self.make_creds(*args)
  new(json_key_io: args[0][:json_key_io])
end

def self.read_json_key(json_key_io)

JSON key.
Reads the private key and client email fields from the service account 
def self.read_json_key(json_key_io)
  json_key = MultiJson.load(json_key_io.read)
  raise 'missing client_email' unless json_key.key?('client_email')
  raise 'missing private_key' unless json_key.key?('private_key')
  [json_key['private_key'], json_key['client_email']]
end

def apply(a_hash, opts = {})

Returns a clone of a_hash updated with the authoriation header 
def apply(a_hash, opts = {})
  a_copy = a_hash.clone
  apply!(a_copy, opts)
  a_copy
end

def apply!(a_hash, opts = {})

The jwt token is used as the value of a 'Bearer '.

hash.
Construct a jwt token if the JWT_AUD_URI key is present in the input 
def apply!(a_hash, opts = {})
  jwt_aud_uri = a_hash.delete(JWT_AUD_URI_KEY)
  return a_hash if jwt_aud_uri.nil?
  jwt_token = new_jwt_token(jwt_aud_uri, opts)
  a_hash[AUTH_METADATA_KEY] = "Bearer #{jwt_token}"
  a_hash
end

def initialize(options = {})

Parameters:
  • json_key_io (IO) -- an IO from which the JSON key can be read 
def initialize(options = {})
  json_key_io = options[:json_key_io]
  if json_key_io
    private_key, client_email = self.class.read_json_key(json_key_io)
  else
    private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR]
    client_email = ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
  end
  @private_key = private_key
  @issuer = client_email
  @signing_key = OpenSSL::PKey::RSA.new(private_key)
end

def new_jwt_token(jwt_aud_uri, options = {})

Creates a jwt uri token. 
def new_jwt_token(jwt_aud_uri, options = {})
  now = Time.new
  skew = options[:skew] || 60
  assertion = {
    'iss' => @issuer,
    'sub' => @issuer,
    'aud' => jwt_aud_uri,
    'exp' => (now + EXPIRY).to_i,
    'iat' => (now - skew).to_i
  }
  JWT.encode(assertion, @signing_key, SIGNING_ALGORITHM)
end

def updater_proc

a closure
Returns a reference to the #apply method, suitable for passing as 
def updater_proc
  lambda(&method(:apply))
end