#gcp #auth #googleapis #google-cloud-rust

google-cloud-auth

Google Cloud Platform server application authentication library

19 releases (8 breaking)

0.9.2 Apr 23, 2023
0.9.1 Mar 17, 2023
0.9.0 Feb 22, 2023
0.7.0 Dec 20, 2022
0.1.1 Nov 28, 2021

#230 in Web programming

Download history 2338/week @ 2023-02-04 2384/week @ 2023-02-11 3770/week @ 2023-02-18 3570/week @ 2023-02-25 3409/week @ 2023-03-04 3873/week @ 2023-03-11 5003/week @ 2023-03-18 4548/week @ 2023-03-25 4785/week @ 2023-04-01 5069/week @ 2023-04-08 3492/week @ 2023-04-15 3118/week @ 2023-04-22 2672/week @ 2023-04-29 3493/week @ 2023-05-06 4128/week @ 2023-05-13 3918/week @ 2023-05-20

14,726 downloads per month
Used in 7 crates (3 directly)

MIT license

41KB
923 lines

google-cloud-auth

Google Cloud Platform server application authentication library.

crates.io

Installation

[dependencies]
google-cloud-auth = <version>

Quickstart

use google_cloud_auth::*;

#[tokio::main]
async fn main() -> Result<(), error::Error> {
    let audience = "https://spanner.googleapis.com/";
    let scopes = [
        "https://www.googleapis.com/auth/cloud-platform",
        "https://www.googleapis.com/auth/spanner.data",
    ];
    let config = Config {
        // audience is required only for service account jwt-auth
        // https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
        audience: Some(audience),
        // scopes is required only for service account Oauth2 
        // https://developers.google.com/identity/protocols/oauth2/service-account
        scopes: Some(&scopes) 
    };
    let ts = create_token_source(config).await?;  
    let token = ts.token().await?;
    println!("token is {}",token.access_token);
    Ok(())
}

create_token_sourcelooks for credentials in the following places, preferring the first location found:

  1. A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
  2. A JSON file in a location known to the gcloud command-line tool. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json.
  3. On Google Compute Engine, it fetches credentials from the metadata server.

Supported Credentials

Supported Workload Identity

https://cloud.google.com/iam/docs/workload-identity-federation

  • AWS
  • Azure Active Directory
  • On-premises Active Directory
  • Okta
  • Kubernetes clusters

Dependencies

~12–22MB
~493K SLoC