#authentication #gcp #google


Google cloud platform (GCP) authentication using default and custom service accounts

13 releases

0.3.2 Nov 17, 2020
0.3.1 Nov 17, 2020
0.2.2 Nov 10, 2020
0.1.7 Nov 10, 2020
0.1.1 May 23, 2020

#47 in Authentication

Download history 21/week @ 2020-08-11 25/week @ 2020-08-18 8/week @ 2020-08-25 14/week @ 2020-09-01 6/week @ 2020-09-08 4/week @ 2020-09-22 5/week @ 2020-09-29 8/week @ 2020-10-06 37/week @ 2020-10-13 16/week @ 2020-10-20 6/week @ 2020-10-27 44/week @ 2020-11-03 241/week @ 2020-11-10 288/week @ 2020-11-17 99/week @ 2020-11-24

156 downloads per month

MIT license

496 lines

GCP Auth

Crates.io Documentation MIT licensed

GCP Auth is a simple, minimal authentication library for Google Cloud Platform (GCP) providing authentication using services accounts. Once authenticated, the service account can be used to acquire bearer tokens for use in authenticating against GCP services.

Library implements two authenticatiom methods:

  1. Default service accounts - can be used inside GCP
  2. Custom service account - provided using an environment variable
  3. Local user authentication - for development purposes only, using gcloud auth application

Tokens should not be cached in the application; before every use a new token should be requested. The GCP auth library contains logic to determine if an already available token can be used, or if a new token should be requested.

Default service account

When running inside GCP the library can be asked without any further configuration to provide a bearer token for the current service account of the service.

let authentication_manager = gcp_auth::init().await?;
let token = authentication_manager.get_token().await?;

Custom service account

When running outside of GCP (for example, on a developer's laptop), a custom service account may be used to grant some permissions. To use a custom service account a configuration file containing a private key can be downloaded in IAM service for the service account you intend to use. The configuration file has to be available to the application at run time. The path to the configuration file is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.

// With the GOOGLE_APPLICATION_CREDENTIALS environment variable set
let authentication_manager = gcp_auth::init().await?;
let token = authentication_manager.get_token().await?;

Local user authentication

This authentication method allows developers to authenticate again GCP when developing locally. Its use should be limited to development. Credentials can be set up using the gcloud auth utility. Credentials are read from file ~/.config/gcloud/ication_default_credentials.json.


Does the library support windows?



Parts of the implementatino have been sourced from yup-oauth2.

Licensed under MIT license.


~404K SLoC