26 releases (13 breaking)
new 0.14.0 | Apr 18, 2024 |
---|---|
0.13.2 | Mar 24, 2024 |
0.13.1 | Feb 27, 2024 |
0.13.0 | Oct 15, 2023 |
0.1.1 | Nov 28, 2021 |
#1115 in Web programming
131,012 downloads per month
Used in 15 crates
(10 directly)
89KB
2K
SLoC
google-cloud-auth
Google Cloud Platform server application authentication library.
Installation
[dependencies]
google-cloud-auth = <version>
Quickstart
use google_cloud_auth::*;
#[tokio::main]
async fn main() -> Result<(), error::Error> {
let audience = "https://spanner.googleapis.com/";
let scopes = [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/spanner.data",
];
let config = Config {
// audience is required only for service account jwt-auth
// https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
audience: Some(audience),
// scopes is required only for service account Oauth2
// https://developers.google.com/identity/protocols/oauth2/service-account
scopes: Some(&scopes),
sub: None
};
let ts = create_token_source(config).await?;
let token = ts.token().await?;
println!("token is {}",token.access_token);
Ok(())
}
create_token_source
looks for credentials in the following places,
preferring the first location found:
- A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
- A JSON file in a location known to the gcloud command-line tool. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json.
- On Google Compute Engine, it fetches credentials from the metadata server.
Supported Credentials
- Service Account(JWT)
- Service Account(OAuth 2.0)
- Authorized User
- External Account
- Google Developers Console client_credentials.json
Supported Workload Identity
https://cloud.google.com/iam/docs/workload-identity-federation
- AWS
- Azure Active Directory
- On-premises Active Directory
- Okta
- Kubernetes clusters
Dependencies
~8–24MB
~388K SLoC