Expand description
§gcloud-identity-token
A Rust library for obtaining and caching Google OAuth2 tokens for use with Google Cloud APIs.
This crate handles the entire OAuth 2.0 Authorization Code flow:
- Launching a browser to log in
- Receiving and exchanging authorization codes
- Saving access, refresh, and ID tokens
- Securely caching them using the system keyring or a local file
§Features
- Secure keyring-backed token storage (per Google user)
- File-based cache via
GCLOUD_IDENTITY_TOKEN_PATHoverride - Fully async support with
reqwest+tokio - Intelligent refresh with expiry tracking
§Example
use anyhow::Result;
use gcloud_identity_token::{auth::get_token, config::load_creds};
#[tokio::main]
async fn main() -> Result<()> {
let creds = load_creds()?;
let token = get_token(&creds).await?;
println!("Access Token: {}", token.access_token);
println!("ID Token: {}", token.id_token);
Ok(())
}§Environment Variables
GCLOUD_IDENTITY_TOKEN_PATH— path to file-based token cacheDISPLAY/WAYLAND_DISPLAY— if unset, triggers headless login flow
§Modules
Modules§
- auth
- Authorization flow and token refresh logic. OAuth authentication logic for obtaining and refreshing Google tokens.
- browser
- Browser launching and redirect capture logic.
- cache
- Token cache handling (keyring and file-based). Token caching utility.
- config
- Configuration structures and token types. Configuration types and helpers for working with Google OAuth credentials.
- shared
- Shared utilities like port picking.