#google #google-cloud #google-service #service-account #gcp #cloud #api-key

google-authz

This library provides auto-renewed tokens for Google service authentication

7 releases

1.0.0-alpha.5 May 23, 2022
1.0.0-alpha.4 Apr 12, 2022
1.0.0-alpha.3 Feb 18, 2022
1.0.0-alpha.2 Dec 30, 2021
0.0.1 May 8, 2021

#354 in Authentication

Download history 743/week @ 2024-02-26 715/week @ 2024-03-04 614/week @ 2024-03-11 900/week @ 2024-03-18 452/week @ 2024-03-25 557/week @ 2024-04-01 497/week @ 2024-04-08 163/week @ 2024-04-15 162/week @ 2024-04-22 235/week @ 2024-04-29 164/week @ 2024-05-06 108/week @ 2024-05-13 161/week @ 2024-05-20 136/week @ 2024-05-27 103/week @ 2024-06-03 241/week @ 2024-06-10

656 downloads per month
Used in 3 crates

MIT/Apache

41KB
1K SLoC

google-authz

ci pub doc version

This library provides auto-renewed tokens for Google service authentication.
google-authz = tower-service + google authentication

Notes

Authentication flow Status
API key Supported
OAuth 2.0 client Supported
Environment-provided service account Supported
Service account key Supported

Example

Default

  • Scope is https://www.googleapis.com/auth/cloud-platform
  • Looks for credentials in the following places, preferring the first location found:
    • A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
    • A JSON file in a location known to the gcloud command-line tool.
    • On Google Compute Engine, it fetches credentials from the metadata server.
use google_authz::{Credentials, GoogleAuthz};

let credentials = Credentials::builder().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

// same as above
let service = GoogleAuthz::new(service).await;

Custom

no auth:

let credentials = Credentials::builder().no_credentials().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

api key:

let credentials = Credentials::builder().api_key(api_key).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json:

let credentials = Credentials::builder().json(json).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json file:

let credentials = Credentials::builder().json_file(json_file).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

metadata:

let credentials = Credentials::builder().metadata(None).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

scope:

let credentials = Credentials::builder().scopes(scopes).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

with tonic

When using with tonic crate, please enable the tonic feature.

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    tracing_subscriber::fmt::init();

    let project = env::args().nth(1).expect("cargo run --bin tonic -- <GCP_PROJECT_ID>");
    let channel = Channel::from_static("https://pubsub.googleapis.com").connect().await?;
    let channel = GoogleAuthz::new(channel).await;

    let mut client = PublisherClient::new(channel);
    let response = client
        .list_topics(Request::new(ListTopicsRequest {
            project: format!("projects/{}", project),
            page_size: 10,
            ..Default::default()
        }))
        .await?;
    println!("response = {:#?}", response);

    Ok(())
}

The complete code can be found here.

License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.

Dependencies

~13–25MB
~453K SLoC