GCP auth provides authentication using service accounts Google Cloud Platform (GCP)
The library can be used in two ways:
- Invoking the library inside GCP environment fetches the default service account for the service and the application is authenticated using that particular account
- Providing a path to service account JSON configuration file using GOOGLE_APPLICATION_CREDENTIALS environment variable. The service account configuration file can be downloaded in the IAM service when displaying service account detail. The downloaded JSON file should be provided without any further modification.
The tokens are single-use and as such they shouldn't be cached and for each use a new token should be requested. Library handles token caching for their lifetime and so it won't make a request if a token with appropriate scope is available.
When running inside GCP the library can be asked directly without any further configuration to provide a Bearer token for the current service account of the service.
let authentication_manager = gcp_auth::init().await?; let token = authentication_manager.get_token().await?;
When running outside of GCP e.g on development laptop to allow finer granularity for permission a
custom service account can be used. To use a custom service account a configuration file containing key
has to be downloaded in IAM service for the service account you intend to use. The configuration file has to
be available to the application at run time. The path to the configuration file is specified by
GOOGLE_APPLICATION_CREDENTIALS environment variable.
// GOOGLE_APPLICATION_CREDENTIALS environtment variable is set-up let authentication_manager = gcp_auth::init().await?; let token = authentication_manager.get_token().await?;
Authentication manager is responsible for caching and obtaing credentials for the required scope
Represents an access token. All access tokens are Bearer tokens. Token cannot be cached.
Enumerates all possible errors returned by this library.
Initialize GCP authentication