class Google::Auth::BearerTokenCredentials


with the service account JSON.
use the corresponding credentials type, e.g. ServiceAccountCredentials
If the end-user has credentials in JSON format they should typically
There is no JSON representation for this type of credentials.
refreshing the token are outside the scope of this class.
This means that tasks like tracking the lifetime of and
authentication token separately, e.g. with a separate service.
This class should be used when the end-user is managing the
`x-goog-api-key` header or as a query parameter.
e.g. an API key cannot since API keys are sent in a
Not all ‘authentication’ strings can be used with this class,
that is sent as a ‘Bearer` in an `Authorization` header.
They can be OAuth2 (“ya.29”) tokens, JWTs, IDTokens – anything
Bearer tokens are strings representing an authorization grant.
Implementation of Bearer Token authentication scenario.
#

def duplicate options = {}

Returns:
  • (Google::Auth::BearerTokenCredentials) -

Options Hash: (**options)
  • :universe_domain (String) -- The universe domain (defaults to googleapis.com)
  • :expires_at (Time, Numeric) -- The token expiration time. Can be a Time
  • :token (String) -- The bearer token to use.

Parameters:
  • options (Hash) -- Additional options for configuring the credentials 
def duplicate options = {}
  self.class.new(
    token: options[:token] || @token,
    expires_at: options[:expires_at] || @expires_at,
    universe_domain: options[:universe_domain] || @universe_domain
  )
end

def expires_within? seconds

Returns:
  • (Boolean) - True if the token has expired, false otherwise, or

Parameters:
  • seconds (Numeric) -- The optional timeout in seconds. 
def expires_within? seconds
  return false if @expires_at.nil? # Treat nil expiration as "never expires"
  Time.now + seconds >= @expires_at
end

def fetch_access_token! _options = {}

Raises:
  • (Google::Auth::CredentialsError) - If the token is expired.

Returns:
  • (nil) - Always returns nil.

Parameters:
  • _options (Hash) -- Options for fetching a new token (not used). 
def fetch_access_token! _options = {}
  if @expires_at && Time.now >= @expires_at
    raise CredentialsError.with_details(
      "Bearer token has expired.",
      credential_type_name: self.class.name,
      principal: principal
    )
  end
  nil
end

def initialize options = {}

Raises:
  • (ArgumentError) - If the bearer token is nil or empty

Options Hash: (**options)
  • :universe_domain (String) -- The universe domain of the universe
  • :expires_at (Time, Numeric, nil) -- The token expiration time provided by the end-user.
  • :token (String) -- The bearer token to use.

Parameters:
  • options (Hash) -- The credentials options 
def initialize options = {}
  raise ArgumentError, "Bearer token must be provided" if options[:token].nil? || options[:token].empty?
  @token = options[:token]
  @expires_at = case options[:expires_at]
                when Time
                  options[:expires_at]
                when Numeric
                  Time.at options[:expires_at]
                end
  @universe_domain = options[:universe_domain] || "googleapis.com"
end

def make_creds options = {}

Returns:
  • (Google::Auth::BearerTokenCredentials) -

Options Hash: (**options)
  • :universe_domain (String) -- The universe domain of the universe
  • :expires_at (Time, Numeric, nil) -- The token expiration time provided by the end-user.
  • :token (String) -- The bearer token to use.

Parameters:
  • options (Hash) -- The credentials options 
def make_creds options = {}
  new options
end

def principal

Returns:
  • (Symbol) - the token type in lieu of the principal

Other tags:
    Private: - 
def principal
  token_type
end

def token_type 

def token_type
  :bearer_token
end