class Google::Auth::UserRefreshCredentials

cf [Application Default Credentials](cloud.google.com/docs/authentication/production)
location
’gcloud auth login’ saves a file with these contents in well known
This the end of the result of a 3LO flow. E.g, the end result of
This class allows authorizing requests from user refresh tokens.
Authenticates requests using User Refresh credentials.

def self.make_creds options = {}

Parameters:
  • scope (string|array|nil) -- the scope(s) to access
  • json_key_io (IO) -- an IO from which the JSON key can be read 
def self.make_creds options = {}
  json_key_io, scope = options.values_at :json_key_io, :scope
  user_creds = read_json_key json_key_io if json_key_io
  user_creds ||= {
    "client_id"     => ENV[CredentialsLoader::CLIENT_ID_VAR],
    "client_secret" => ENV[CredentialsLoader::CLIENT_SECRET_VAR],
    "refresh_token" => ENV[CredentialsLoader::REFRESH_TOKEN_VAR],
    "project_id"    => ENV[CredentialsLoader::PROJECT_ID_VAR],
    "quota_project_id" => nil,
    "universe_domain" => nil
  }
  new(token_credential_uri: TOKEN_CRED_URI,
      client_id:            user_creds["client_id"],
      client_secret:        user_creds["client_secret"],
      refresh_token:        user_creds["refresh_token"],
      project_id:           user_creds["project_id"],
      quota_project_id:     user_creds["quota_project_id"],
      scope:                scope,
      universe_domain:      user_creds["universe_domain"] || "googleapis.com")
    .configure_connection(options)
end

def self.read_json_key json_key_io

JSON key.
Reads the client_id, client_secret and refresh_token fields from the 
def self.read_json_key json_key_io
  json_key = MultiJson.load json_key_io.read
  wanted = ["client_id", "client_secret", "refresh_token"]
  wanted.each do |key|
    raise "the json is missing the #{key} field" unless json_key.key? key
  end
  json_key
end

def includes_scope? required_scope

Returns:
  • (Boolean) -

Parameters:
  • required_scope (Array, String) -- 
def includes_scope? required_scope
  missing_scope = Google::Auth::ScopeUtil.normalize(required_scope) -
                  Google::Auth::ScopeUtil.normalize(scope)
  missing_scope.empty?
end

def initialize options = {} 

def initialize options = {}
  options ||= {}
  options[:token_credential_uri] ||= TOKEN_CRED_URI
  options[:authorization_uri] ||= AUTHORIZATION_URI
  @project_id = options[:project_id]
  @project_id ||= CredentialsLoader.load_gcloud_project_id
  @quota_project_id = options[:quota_project_id]
  super options
end

def revoke! options = {}

Revokes the credential 
def revoke! options = {}
  c = options[:connection] || Faraday.default_connection
  retry_with_error do
    resp = c.post(REVOKE_TOKEN_URI, token: refresh_token || access_token)
    case resp.status
    when 200
      self.access_token = nil
      self.refresh_token = nil
      self.expires_at = 0
    else
      raise(Signet::AuthorizationError,
            "Unexpected error code #{resp.status}")
    end
  end
end