Class: Google::Auth::Credentials
- Inherits:
-
Object
- Object
- Google::Auth::Credentials
- Extended by:
- Forwardable
- Defined in:
- lib/googleauth/credentials.rb
Overview
Credentials is responsible for representing the authentication when connecting to an API. This class is also intended to be inherited by API-specific classes.
Constant Summary collapse
- TOKEN_CREDENTIAL_URI =
The default token credential URI to be used when none is provided during initialization.
"https://oauth2.googleapis.com/token".freeze
- AUDIENCE =
The default target audience ID to be used when none is provided during initialization.
"https://oauth2.googleapis.com/token".freeze
Instance Attribute Summary collapse
-
#audience ⇒ String
readonly
The target audience ID when issuing assertions.
-
#client ⇒ Signet::OAuth2::Client
The Signet::OAuth2::Client object the Credentials instance is using.
-
#issuer ⇒ String
readonly
The issuer ID associated with this client.
-
#project_id ⇒ String
readonly
Identifier for the project the client is authenticating with.
-
#quota_project_id ⇒ String?
readonly
Identifier for a separate project used for billing/quota, if any.
-
#scope ⇒ String+
readonly
The scope for this client.
-
#signing_key ⇒ String, OpenSSL::PKey
readonly
The signing key associated with this client.
-
#target_audience ⇒ String
readonly
The final target audience for ID tokens returned by this credential.
-
#token_credential_uri ⇒ String
readonly
The token credential URI.
-
#updater_proc ⇒ Proc
readonly
Returns a reference to the Signet::OAuth2::Client#apply method, suitable for passing as a closure.
Class Method Summary collapse
-
.audience ⇒ String
The default target audience ID to be used when none is provided during initialization.
-
.audience=(new_audience) ⇒ String
Sets the default target audience ID to be used when none is provided during initialization.
-
.default(options = {}) ⇒ Credentials
Creates a new Credentials instance with auth credentials acquired by searching the environment variables and paths configured on the class, and with the default values configured on the class.
-
.env_vars ⇒ Array<String>
The environment variables to search for credentials.
-
.env_vars=(new_env_vars) ⇒ Array<String>
Sets the environment variables to search for credentials.
-
.paths ⇒ Array<String>
The file paths to search for credentials files.
-
.paths=(new_paths) ⇒ Array<String>
Set the file paths to search for credentials files.
-
.scope ⇒ String+
The default scope to be used when none is provided during initialization.
-
.scope=(new_scope) ⇒ String+
Sets the default scope to be used when none is provided during initialization.
-
.target_audience ⇒ String
The default final target audience for ID tokens, to be used when none is provided during initialization.
-
.target_audience=(new_target_audience) ⇒ Object
Sets the default final target audience for ID tokens, to be used when none is provided during initialization.
-
.token_credential_uri ⇒ String
The default token credential URI to be used when none is provided during initialization.
-
.token_credential_uri=(new_token_credential_uri) ⇒ String
Set the default token credential URI to be used when none is provided during initialization.
Instance Method Summary collapse
-
#initialize(keyfile, options = {}) ⇒ Credentials
constructor
Creates a new Credentials instance with the provided auth credentials, and with the default values configured on the class.
Constructor Details
#initialize(keyfile, options = {}) ⇒ Credentials
Creates a new Credentials instance with the provided auth credentials, and with the default values configured on the class.
281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
# File 'lib/googleauth/credentials.rb', line 281 def initialize keyfile, = {} verify_keyfile_provided! keyfile @project_id = ["project_id"] || ["project"] @quota_project_id = ["quota_project_id"] if keyfile.is_a? Signet::OAuth2::Client update_from_signet keyfile elsif keyfile.is_a? Hash update_from_hash keyfile, else update_from_filepath keyfile, end CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id @project_id ||= CredentialsLoader.load_gcloud_project_id @client.fetch_access_token! @env_vars = nil @paths = nil @scope = nil end |
Instance Attribute Details
#audience ⇒ String (readonly)
Returns The target audience ID when issuing assertions. Used only by the assertion grant type.
259 260 261 |
# File 'lib/googleauth/credentials.rb', line 259 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience |
#client ⇒ Signet::OAuth2::Client
The Signet::OAuth2::Client object the Credentials instance is using.
214 215 216 |
# File 'lib/googleauth/credentials.rb', line 214 def client @client end |
#issuer ⇒ String (readonly)
Returns The issuer ID associated with this client.
259 260 261 |
# File 'lib/googleauth/credentials.rb', line 259 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience |
#project_id ⇒ String (readonly)
Identifier for the project the client is authenticating with.
221 222 223 |
# File 'lib/googleauth/credentials.rb', line 221 def project_id @project_id end |
#quota_project_id ⇒ String? (readonly)
Identifier for a separate project used for billing/quota, if any.
228 229 230 |
# File 'lib/googleauth/credentials.rb', line 228 def quota_project_id @quota_project_id end |
#scope ⇒ String+ (readonly)
Returns The scope for this client. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.
259 260 261 |
# File 'lib/googleauth/credentials.rb', line 259 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience |
#signing_key ⇒ String, OpenSSL::PKey (readonly)
Returns The signing key associated with this client.
259 260 261 |
# File 'lib/googleauth/credentials.rb', line 259 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience |
#target_audience ⇒ String (readonly)
Returns The final target audience for ID tokens returned by this credential.
259 260 261 |
# File 'lib/googleauth/credentials.rb', line 259 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience |
#token_credential_uri ⇒ String (readonly)
Returns The token credential URI. The URI is the authorization server’s HTTP endpoint capable of issuing tokens and refreshing expired tokens.
259 260 261 |
# File 'lib/googleauth/credentials.rb', line 259 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience |
#updater_proc ⇒ Proc (readonly)
Returns a reference to the Signet::OAuth2::Client#apply method, suitable for passing as a closure.
259 260 261 |
# File 'lib/googleauth/credentials.rb', line 259 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience |
Class Method Details
.audience ⇒ String
The default target audience ID to be used when none is provided during initialization. Used only by the assertion grant type.
81 82 83 84 85 |
# File 'lib/googleauth/credentials.rb', line 81 def self.audience return @audience unless @audience.nil? const_get :AUDIENCE if const_defined? :AUDIENCE end |
.audience=(new_audience) ⇒ String
Sets the default target audience ID to be used when none is provided during initialization.
93 94 95 |
# File 'lib/googleauth/credentials.rb', line 93 def self.audience= new_audience @audience = new_audience end |
.default(options = {}) ⇒ Credentials
Creates a new Credentials instance with auth credentials acquired by searching the environment variables and paths configured on the class, and with the default values configured on the class.
The auth credentials are searched for in the following order:
-
configured environment variables (see env_vars)
-
configured default file paths (see paths)
-
application default (see Google::Auth.get_application_default)
321 322 323 324 325 326 327 328 329 330 331 |
# File 'lib/googleauth/credentials.rb', line 321 def self.default = {} # First try to find keyfile file or json from environment variables. client = from_env_vars # Second try to find keyfile file from known file paths. client ||= from_default_paths # Finally get instantiated client from Google::Auth client ||= from_application_default client end |
.env_vars ⇒ Array<String>
The environment variables to search for credentials. Values can either be a file path to the credentials file, or the JSON contents of the credentials file.
163 164 165 166 167 168 169 170 171 |
# File 'lib/googleauth/credentials.rb', line 163 def self.env_vars return @env_vars unless @env_vars.nil? # Pull values when PATH_ENV_VARS or JSON_ENV_VARS constants exists. tmp_env_vars = [] tmp_env_vars << const_get(:PATH_ENV_VARS) if const_defined? :PATH_ENV_VARS tmp_env_vars << const_get(:JSON_ENV_VARS) if const_defined? :JSON_ENV_VARS tmp_env_vars.flatten.uniq end |
.env_vars=(new_env_vars) ⇒ Array<String>
Sets the environment variables to search for credentials.
179 180 181 182 |
# File 'lib/googleauth/credentials.rb', line 179 def self.env_vars= new_env_vars new_env_vars = Array new_env_vars unless new_env_vars.nil? @env_vars = new_env_vars end |
.paths ⇒ Array<String>
The file paths to search for credentials files.
189 190 191 192 193 194 195 196 |
# File 'lib/googleauth/credentials.rb', line 189 def self.paths return @paths unless @paths.nil? tmp_paths = [] # Pull in values is the DEFAULT_PATHS constant exists. tmp_paths << const_get(:DEFAULT_PATHS) if const_defined? :DEFAULT_PATHS tmp_paths.flatten.uniq end |
.paths=(new_paths) ⇒ Array<String>
Set the file paths to search for credentials files.
204 205 206 207 |
# File 'lib/googleauth/credentials.rb', line 204 def self.paths= new_paths new_paths = Array new_paths unless new_paths.nil? @paths = new_paths end |
.scope ⇒ String+
The default scope to be used when none is provided during initialization. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
108 109 110 111 112 |
# File 'lib/googleauth/credentials.rb', line 108 def self.scope return @scope unless @scope.nil? Array(const_get(:SCOPE)).flatten.uniq if const_defined? :SCOPE end |
.scope=(new_scope) ⇒ String+
Sets the default scope to be used when none is provided during initialization.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
124 125 126 127 |
# File 'lib/googleauth/credentials.rb', line 124 def self.scope= new_scope new_scope = Array new_scope unless new_scope.nil? @scope = new_scope end |
.target_audience ⇒ String
The default final target audience for ID tokens, to be used when none is provided during initialization.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
139 140 141 |
# File 'lib/googleauth/credentials.rb', line 139 def self.target_audience @target_audience end |
.target_audience=(new_target_audience) ⇒ Object
Sets the default final target audience for ID tokens, to be used when none is provided during initialization.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
153 154 155 |
# File 'lib/googleauth/credentials.rb', line 153 def self.target_audience= new_target_audience @target_audience = new_target_audience end |
.token_credential_uri ⇒ String
The default token credential URI to be used when none is provided during initialization. The URI is the authorization server’s HTTP endpoint capable of issuing tokens and refreshing expired tokens.
59 60 61 62 63 |
# File 'lib/googleauth/credentials.rb', line 59 def self.token_credential_uri return @token_credential_uri unless @token_credential_uri.nil? const_get :TOKEN_CREDENTIAL_URI if const_defined? :TOKEN_CREDENTIAL_URI end |
.token_credential_uri=(new_token_credential_uri) ⇒ String
Set the default token credential URI to be used when none is provided during initialization.
71 72 73 |
# File 'lib/googleauth/credentials.rb', line 71 def self.token_credential_uri= new_token_credential_uri @token_credential_uri = new_token_credential_uri end |