#google-cloud #gcp #authentication #jwt

google-cloud-auth

Google Cloud Platform server application authentication library

27 releases (14 breaking)

0.15.0 May 7, 2024
0.13.2 Mar 24, 2024
0.13.0 Oct 15, 2023
0.12.0 Jul 21, 2023
0.1.1 Nov 28, 2021

#325 in Web programming

Download history 34464/week @ 2024-02-24 30879/week @ 2024-03-02 32939/week @ 2024-03-09 28658/week @ 2024-03-16 34178/week @ 2024-03-23 38355/week @ 2024-03-30 30622/week @ 2024-04-06 38508/week @ 2024-04-13 38198/week @ 2024-04-20 29980/week @ 2024-04-27 32271/week @ 2024-05-04 40819/week @ 2024-05-11 45851/week @ 2024-05-18 37348/week @ 2024-05-25 42954/week @ 2024-06-01 35741/week @ 2024-06-08

168,681 downloads per month
Used in 23 crates (12 directly)

MIT license

89KB
2K SLoC

google-cloud-auth

Google Cloud Platform server application authentication library.

crates.io

Installation

[dependencies]
google-cloud-auth = <version>

Quickstart

use google_cloud_auth::*;

#[tokio::main]
async fn main() -> Result<(), error::Error> {
    let audience = "https://spanner.googleapis.com/";
    let scopes = [
        "https://www.googleapis.com/auth/cloud-platform",
        "https://www.googleapis.com/auth/spanner.data",
    ];
    let config = Config {
        // audience is required only for service account jwt-auth
        // https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
        audience: Some(audience),
        // scopes is required only for service account Oauth2
        // https://developers.google.com/identity/protocols/oauth2/service-account
        scopes: Some(&scopes),
        sub: None
    };
    let ts = create_token_source(config).await?;
    let token = ts.token().await?;
    println!("token is {}",token.access_token);
    Ok(())
}

create_token_sourcelooks for credentials in the following places, preferring the first location found:

  1. A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
  2. A JSON file in a location known to the gcloud command-line tool. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json.
  3. On Google Compute Engine, it fetches credentials from the metadata server.

Supported Credentials

Supported Workload Identity

https://cloud.google.com/iam/docs/workload-identity-federation

  • AWS
  • Azure Active Directory
  • On-premises Active Directory
  • Okta
  • Kubernetes clusters

Dependencies

~8–23MB
~365K SLoC