Expand description
GCP auth provides authentication using service accounts Google Cloud Platform (GCP)
The library looks for authentication methods in the following order:
- Path to service account JSON configuration file using GOOGLE_APPLICATION_CREDENTIALS environment variable. The service account configuration file can be downloaded in the IAM service when displaying service account detail. The downloaded JSON file should be provided without any further modification.
- Invoking the library inside GCP environment fetches the default service account for the service and the application is authenticated using that particular account
- Application default credentials. Local user authentication for development purposes created using
gcloud auth
application. - If none of the above can be used an error occurs
The tokens are single-use and as such they shouldn’t be cached and for each use a new token should be requested. Library handles token caching for their lifetime and so it won’t make a request if a token with appropriate scope is available.
Default service account
When running inside GCP the library can be asked directly without any further configuration to provide a Bearer token for the current service account of the service.
let authentication_manager = gcp_auth::init().await?;
let token = authentication_manager.get_token().await?;
Custom service account
When running outside of GCP e.g on development laptop to allow finer granularity for permission a
custom service account can be used. To use a custom service account a configuration file containing key
has to be downloaded in IAM service for the service account you intend to use. The configuration file has to
be available to the application at run time. The path to the configuration file is specified by
GOOGLE_APPLICATION_CREDENTIALS
environment variable.
// GOOGLE_APPLICATION_CREDENTIALS environment variable is set-up
let authentication_manager = gcp_auth::init().await?;
let token = authentication_manager.get_token().await?;
You may instantiate authentication_manager
from a credentials file path using the method from_credentials_file
:
// `credentials_path` variable is the path for the credentials `.json` file.
let authentication_manager = gcp_auth::from_credentials_file(credentials_path).await?;
let token = authentication_manager.get_token().await?;
Local user authentication
This authentication method allows developers to authenticate again GCP services when developing locally.
The method is intended only for development. Credentials can be set-up using gcloud auth
utility.
Credentials are read from file ~/.config/gcloud/application_default_credentials.json
.
FAQ
Does library support windows?
No
Structs
Authentication manager is responsible for caching and obtaing credentials for the required scope
Represents an access token. All access tokens are Bearer tokens.
Enums
Enumerates all possible errors returned by this library.
Functions
Initialize GCP authentication based on a credentials file
Initialize GCP authentication