Skip to main content

google_cloud_auth/
lib.rs

1// Copyright 2024 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     https://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! Google Cloud Client Libraries for Rust - Authentication Components
16//!
17//! This crate contains types and functions used to authenticate applications
18//! on Google Cloud.  The SDK clients consume an implementation of
19//! [credentials::Credentials] and use these credentials to authenticate RPCs
20//! issued by the application.
21//!
22//! [Authentication methods at Google] is a good introduction on the topic of
23//! authentication for Google Cloud services and other Google products. The
24//! guide also describes the common terminology used with authentication, such
25//! as [Principals], [Tokens], and [Credentials].
26//!
27//! # Features
28//!
29//! - `default-rustls-provider`: enabled by default. Use the default rustls
30//!   crypto provider ([aws-lc-rs]) for TLS and authentication. Applications
31//!   with specific requirements for cryptography (such as exclusively using the
32//!   [ring] crate) should disable this default and call
33//!   `rustls::CryptoProvider::install_default()`.
34//! - `idtoken`: disabled by default, this feature enables support to create and
35//!   verify [OIDC ID Tokens].
36//! - `default-idtoken-backend`: enabled by default, this feature enables a default
37//!   backend for the `idtoken` feature. Currently the feature is implemented using
38//!   the [jsonwebtoken] crate and uses `aws-lc-rs` as its default backend. We may
39//!   change the default backend at any time, applications that have specific needs
40//!   for this backend should not rely on the current default. To control the
41//!   backend selection:
42//!   - Configure this crate with `default-features = false`, and
43//!     `features = ["idtoken"]`
44//!   - Select the desired backend for `jsonwebtoken`.
45//!
46//! [aws-lc-rs]: https://crates.io/crates/aws-lc-rs
47//! [ring]: https://crates.io/crates/ring
48//! [jsonwebtoken]: https://crates.io/crates/jsonwebtoken
49//! [oidc id tokens]: https://cloud.google.com/docs/authentication/token-types#identity-tokens
50//! [Authentication methods at Google]: https://cloud.google.com/docs/authentication
51//! [Principals]: https://cloud.google.com/docs/authentication#principal
52//! [Tokens]: https://cloud.google.com/docs/authentication#token
53//! [Credentials]: https://cloud.google.com/docs/authentication#credentials
54
55pub mod build_errors;
56pub(crate) mod constants;
57pub mod credentials;
58pub mod errors;
59pub(crate) mod headers_util;
60pub(crate) mod mds;
61pub(crate) mod retry;
62pub mod signer;
63pub(crate) mod token;
64pub(crate) mod token_cache;
65
66/// A `Result` alias where the `Err` case is [BuildCredentialsError].
67pub(crate) type BuildResult<T> = std::result::Result<T, build_errors::Error>;
68
69/// A `Result` alias where the `Err` case is [CredentialsError][errors::CredentialsError].
70pub(crate) type Result<T> = std::result::Result<T, errors::CredentialsError>;