Lib.rs

Authentication
#google #google-cloud #google-service #service-account #gcp #cloud #api-key

google-authz

This library provides auto-renewed tokens for Google service authentication

by mechiru

7 releases

1.0.0-alpha.5 May 23, 2022
1.0.0-alpha.4 Apr 12, 2022
1.0.0-alpha.3 Feb 18, 2022
1.0.0-alpha.2 Dec 30, 2021
0.0.1 May 8, 2021

#454 in Authentication

Download history 667/week @ 2024-03-13 845/week @ 2024-03-20 415/week @ 2024-03-27 521/week @ 2024-04-03 407/week @ 2024-04-10 143/week @ 2024-04-17 168/week @ 2024-04-24 264/week @ 2024-05-01 110/week @ 2024-05-08 155/week @ 2024-05-15 121/week @ 2024-05-22 119/week @ 2024-05-29 161/week @ 2024-06-05 246/week @ 2024-06-12 227/week @ 2024-06-19 162/week @ 2024-06-26

808 downloads per month
Used in 3 crates

MIT/Apache

41KB
1K SLoC

google-authz

ci pub doc version

This library provides auto-renewed tokens for Google service authentication.
google-authz = tower-service + google authentication

Notes

Authentication flow Status
API key Supported
OAuth 2.0 client Supported
Environment-provided service account Supported
Service account key Supported

Example

Default

  • Scope is https://www.googleapis.com/auth/cloud-platform
  • Looks for credentials in the following places, preferring the first location found:
    • A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
    • A JSON file in a location known to the gcloud command-line tool.
    • On Google Compute Engine, it fetches credentials from the metadata server.
use google_authz::{Credentials, GoogleAuthz};

let credentials = Credentials::builder().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

// same as above
let service = GoogleAuthz::new(service).await;

Custom

no auth:

let credentials = Credentials::builder().no_credentials().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

api key:

let credentials = Credentials::builder().api_key(api_key).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json:

let credentials = Credentials::builder().json(json).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json file:

let credentials = Credentials::builder().json_file(json_file).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

metadata:

let credentials = Credentials::builder().metadata(None).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

scope:

let credentials = Credentials::builder().scopes(scopes).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

with tonic

When using with tonic crate, please enable the tonic feature.

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    tracing_subscriber::fmt::init();

    let project = env::args().nth(1).expect("cargo run --bin tonic -- <GCP_PROJECT_ID>");
    let channel = Channel::from_static("https://pubsub.googleapis.com").connect().await?;
    let channel = GoogleAuthz::new(channel).await;

    let mut client = PublisherClient::new(channel);
    let response = client
        .list_topics(Request::new(ListTopicsRequest {
            project: format!("projects/{}", project),
            page_size: 10,
            ..Default::default()
        }))
        .await?;
    println!("response = {:#?}", response);

    Ok(())
}

The complete code can be found here.

License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.

Dependencies

~13–25MB
~456K SLoC