19 releases (8 breaking)
0.9.2 | Apr 23, 2023 |
---|---|
0.9.1 | Mar 17, 2023 |
0.9.0 | Feb 22, 2023 |
0.7.0 | Dec 20, 2022 |
0.1.1 | Nov 28, 2021 |
#230 in Web programming
14,726 downloads per month
Used in 7 crates
(3 directly)
41KB
923 lines
google-cloud-auth
Google Cloud Platform server application authentication library.
Installation
[dependencies]
google-cloud-auth = <version>
Quickstart
use google_cloud_auth::*;
#[tokio::main]
async fn main() -> Result<(), error::Error> {
let audience = "https://spanner.googleapis.com/";
let scopes = [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/spanner.data",
];
let config = Config {
// audience is required only for service account jwt-auth
// https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
audience: Some(audience),
// scopes is required only for service account Oauth2
// https://developers.google.com/identity/protocols/oauth2/service-account
scopes: Some(&scopes)
};
let ts = create_token_source(config).await?;
let token = ts.token().await?;
println!("token is {}",token.access_token);
Ok(())
}
create_token_source
looks for credentials in the following places,
preferring the first location found:
- A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
- A JSON file in a location known to the gcloud command-line tool. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json.
- On Google Compute Engine, it fetches credentials from the metadata server.
Supported Credentials
- Service Account(JWT)
- Service Account(OAuth 2.0)
- Authorized User
- External Account
- Google Developers Console client_credentials.json
Supported Workload Identity
https://cloud.google.com/iam/docs/workload-identity-federation
- AWS
- Azure Active Directory
- On-premises Active Directory
- Okta
- Kubernetes clusters
Dependencies
~12–22MB
~493K SLoC