#google-cloud #gcp #authentication #google-api

google-cloud-auth

Google Cloud Platform server application authentication library

31 releases (16 breaking)

0.17.2 Nov 26, 2024
0.16.0 Jun 27, 2024
0.13.2 Mar 24, 2024
0.13.0 Oct 15, 2023
0.1.1 Nov 28, 2021

#1158 in Web programming

Download history 56254/week @ 2024-08-22 52188/week @ 2024-08-29 53848/week @ 2024-09-05 51135/week @ 2024-09-12 52862/week @ 2024-09-19 67715/week @ 2024-09-26 55249/week @ 2024-10-03 60283/week @ 2024-10-10 64804/week @ 2024-10-17 53856/week @ 2024-10-24 52066/week @ 2024-10-31 48879/week @ 2024-11-07 88557/week @ 2024-11-14 62116/week @ 2024-11-21 60579/week @ 2024-11-28 55232/week @ 2024-12-05

279,586 downloads per month
Used in 47 crates (13 directly)

MIT license

94KB
2K SLoC

google-cloud-auth

Google Cloud Platform server application authentication library.

crates.io

Installation

[dependencies]
google-cloud-auth = <version>
google-cloud-token = "0.1.2"

Quickstart

#[tokio::main]
async fn main() -> Result<(), error::Error> {
    use google_cloud_auth::{project::Config, token::DefaultTokenSourceProvider};
    use google_cloud_token::TokenSourceProvider as _;

    let audience = "https://spanner.googleapis.com/";
    let scopes = [
        "https://www.googleapis.com/auth/cloud-platform",
        "https://www.googleapis.com/auth/spanner.data",
    ];
    let config = Config {
        // audience is required only for service account jwt-auth
        // https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
        audience: Some(audience),
        // scopes is required only for service account Oauth2
        // https://developers.google.com/identity/protocols/oauth2/service-account
        scopes: Some(&scopes),
        sub: None,
    };
    let tsp = DefaultTokenSourceProvider::new(config).await?;
    let ts = tsp.token_source();
    let token = ts.token().await?;
    println!("token is {}", token);
    Ok(())
}

DefaultTokenSourceProvider::new(config) looks for credentials in the following places, preferring the first location found:

  1. A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
  2. A JSON file in a location known to the gcloud command-line tool. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json.
  3. On Google Compute Engine, it fetches credentials from the metadata server.

Supported Credentials

Supported Workload Identity

https://cloud.google.com/iam/docs/workload-identity-federation

  • AWS
  • Azure Active Directory
  • On-premises Active Directory
  • Okta
  • Kubernetes clusters

Dependencies

~8–23MB
~366K SLoC