Lib.rs

Authentication
#google-cloud #service-account #cloud #google #google-service #gcp #gcloud

google-authz

This library provides auto-renewed tokens for Google service authentication

by mechiru

7 releases

1.0.0-alpha.5 May 23, 2022
1.0.0-alpha.4 Apr 12, 2022
1.0.0-alpha.3 Feb 18, 2022
1.0.0-alpha.2 Dec 30, 2021
0.0.1 May 8, 2021

#476 in Authentication

Download history 130/week @ 2024-07-22 160/week @ 2024-07-29 209/week @ 2024-08-05 171/week @ 2024-08-12 196/week @ 2024-08-19 104/week @ 2024-08-26 28/week @ 2024-09-02 25/week @ 2024-09-09 74/week @ 2024-09-16 140/week @ 2024-09-23 381/week @ 2024-09-30 82/week @ 2024-10-07 18/week @ 2024-10-14 73/week @ 2024-10-21 68/week @ 2024-10-28 42/week @ 2024-11-04

202 downloads per month
Used in 3 crates

MIT/Apache

41KB
1K SLoC

google-authz

ci pub doc version

This library provides auto-renewed tokens for Google service authentication.
google-authz = tower-service + google authentication

Notes

Authentication flow Status
API key Supported
OAuth 2.0 client Supported
Environment-provided service account Supported
Service account key Supported

Example

Default

  • Scope is https://www.googleapis.com/auth/cloud-platform
  • Looks for credentials in the following places, preferring the first location found:
    • A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
    • A JSON file in a location known to the gcloud command-line tool.
    • On Google Compute Engine, it fetches credentials from the metadata server.
use google_authz::{Credentials, GoogleAuthz};

let credentials = Credentials::builder().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

// same as above
let service = GoogleAuthz::new(service).await;

Custom

no auth:

let credentials = Credentials::builder().no_credentials().build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

api key:

let credentials = Credentials::builder().api_key(api_key).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json:

let credentials = Credentials::builder().json(json).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

json file:

let credentials = Credentials::builder().json_file(json_file).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

metadata:

let credentials = Credentials::builder().metadata(None).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

scope:

let credentials = Credentials::builder().scopes(scopes).build().await.unwrap();
let service = GoogleAuthz::builder(service).credentials(credentials).build().await;

with tonic

When using with tonic crate, please enable the tonic feature.

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    tracing_subscriber::fmt::init();

    let project = env::args().nth(1).expect("cargo run --bin tonic -- <GCP_PROJECT_ID>");
    let channel = Channel::from_static("https://pubsub.googleapis.com").connect().await?;
    let channel = GoogleAuthz::new(channel).await;

    let mut client = PublisherClient::new(channel);
    let response = client
        .list_topics(Request::new(ListTopicsRequest {
            project: format!("projects/{}", project),
            page_size: 10,
            ..Default::default()
        }))
        .await?;
    println!("response = {:#?}", response);

    Ok(())
}

The complete code can be found here.

License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.

Dependencies

~13–25MB
~461K SLoC