Lib.rs

Authentication
#google-cloud #service-account #google #cloud #google-service #gcloud #gcp

google-authz

This library provides auto-renewed tokens for Google service authentication

by mechiru

7 releases

1.0.0-alpha.5 May 23, 2022
1.0.0-alpha.4 Apr 12, 2022
1.0.0-alpha.3 Feb 18, 2022
1.0.0-alpha.2 Dec 30, 2021
0.0.1 May 8, 2021

#549 in Authentication

Download history 94/week @ 2024-11-13 38/week @ 2024-11-20 32/week @ 2024-11-27 60/week @ 2024-12-04 34/week @ 2024-12-11 42/week @ 2024-12-18 13/week @ 2024-12-25 10/week @ 2025-01-01 39/week @ 2025-01-08 8/week @ 2025-01-15 28/week @ 2025-01-22 48/week @ 2025-01-29 52/week @ 2025-02-05 21/week @ 2025-02-12 28/week @ 2025-02-19 54/week @ 2025-02-26

168 downloads per month
Used in 3 crates

MIT/Apache

41KB
1K SLoC

google-authz

ci pub doc version

This library provides auto-renewed tokens for Google service authentication.
google-authz = tower-service + google authentication

Notes

Authentication flow Status
API key Supported
OAuth 2.0 client Supported
Environment-provided service account Supported
Service account key Supported

Example

Default

  • Scope is https://www.googleapis.com/auth/cloud-platform
  • Looks for credentials in the following places, preferring the first location found:
    • A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
    • A JSON file in a location known to the gcloud command-line tool.
    • On Google Compute Engine, it fetches credentials from the metadata server.
use google_authz::{Credentials, GoogleAuthz};

let credentials = Credentials::builder().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

// same as above
let service = GoogleAuthz::new(service).await;

Custom

no auth:

let credentials = Credentials::builder().no_credentials().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

api key:

let credentials = Credentials::builder().api_key(api_key).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json:

let credentials = Credentials::builder().json(json).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json file:

let credentials = Credentials::builder().json_file(json_file).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

metadata:

let credentials = Credentials::builder().metadata(None).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

scope:

let credentials = Credentials::builder().scopes(scopes).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

with tonic

When using with tonic crate, please enable the tonic feature.

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    tracing_subscriber::fmt::init();

    let project = env::args().nth(1).expect("cargo run --bin tonic -- <GCP_PROJECT_ID>");
    let channel = Channel::from_static("https://pubsub.googleapis.com").connect().await?;
    let channel = GoogleAuthz::new(channel).await;

    let mut client = PublisherClient::new(channel);
    let response = client
        .list_topics(Request::new(ListTopicsRequest {
            project: format!("projects/{}", project),
            page_size: 10,
            ..Default::default()
        }))
        .await?;
    println!("response = {:#?}", response);

    Ok(())
}

The complete code can be found here.

License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.

Dependencies

~13–25MB
~463K SLoC