Class: Google::Auth::Credentials

Inherits:
Object
  • Object
show all
Extended by:
Forwardable
Defined in:
lib/googleauth/credentials.rb

Overview

Credentials is responsible for representing the authentication when connecting to an API. This class is also intended to be inherited by API-specific classes.

Constant Summary collapse

TOKEN_CREDENTIAL_URI =

The default token credential URI to be used when none is provided during initialization.

"https://oauth2.googleapis.com/token".freeze
AUDIENCE =

The default target audience ID to be used when none is provided during initialization.

"https://oauth2.googleapis.com/token".freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(keyfile, options = {}) ⇒ Credentials

Creates a new Credentials instance with the provided auth credentials, and with the default values configured on the class.

Parameters:

  • keyfile (String, Hash, Signet::OAuth2::Client)

    The keyfile can be provided as one of the following:

    • The path to a JSON keyfile (as a String)

    • The contents of a JSON keyfile (as a Hash)

    • A Signet::OAuth2::Client object

  • options (Hash) (defaults to: {})

    The options for configuring the credentials instance. The following is supported:

    • :scope - the scope for the client

    • “project_id” (and optionally “project”) - the project identifier for the client

    • :connection_builder - the connection builder to use for the client

    • :default_connection - the default connection to use for the client



281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
 
# File 'lib/googleauth/credentials.rb', line 281

def initialize keyfile, options = {}
  verify_keyfile_provided! keyfile
  @project_id = options["project_id"] || options["project"]
  @quota_project_id = options["quota_project_id"]
  if keyfile.is_a? Signet::OAuth2::Client
    update_from_signet keyfile
  elsif keyfile.is_a? Hash
    update_from_hash keyfile, options
  else
    update_from_filepath keyfile, options
  end
  CredentialsLoader.warn_if_cloud_sdk_credentials @client.client_id
  @project_id ||= CredentialsLoader.load_gcloud_project_id
  @client.fetch_access_token!
  @env_vars = nil
  @paths = nil
  @scope = nil
end

Instance Attribute Details

#audienceString (readonly)

Returns The target audience ID when issuing assertions. Used only by the assertion grant type.

Returns:

  • (String)

    The target audience ID when issuing assertions. Used only by the assertion grant type.



259
260
261
 
# File 'lib/googleauth/credentials.rb', line 259

def_delegators :@client,
:token_credential_uri, :audience,
:scope, :issuer, :signing_key, :updater_proc, :target_audience

#clientSignet::OAuth2::Client

The Signet::OAuth2::Client object the Credentials instance is using.

Returns:



214
215
216
 
# File 'lib/googleauth/credentials.rb', line 214

def client
  @client
end

#issuerString (readonly)

Returns The issuer ID associated with this client.

Returns:

  • (String)

    The issuer ID associated with this client.



259
260
261
 
# File 'lib/googleauth/credentials.rb', line 259

def_delegators :@client,
:token_credential_uri, :audience,
:scope, :issuer, :signing_key, :updater_proc, :target_audience

#project_idString (readonly)

Identifier for the project the client is authenticating with.

Returns:

  • (String) 


221
222
223
 
# File 'lib/googleauth/credentials.rb', line 221

def project_id
  @project_id
end

#quota_project_idString? (readonly)

Identifier for a separate project used for billing/quota, if any.

Returns:

  • (String, nil) 


228
229
230
 
# File 'lib/googleauth/credentials.rb', line 228

def quota_project_id
  @quota_project_id
end

#scopeString+ (readonly)

Returns The scope for this client. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.

Returns:

  • (String, Array<String>)

    The scope for this client. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.



259
260
261
 
# File 'lib/googleauth/credentials.rb', line 259

def_delegators :@client,
:token_credential_uri, :audience,
:scope, :issuer, :signing_key, :updater_proc, :target_audience

#signing_keyString, OpenSSL::PKey (readonly)

Returns The signing key associated with this client.

Returns:

  • (String, OpenSSL::PKey)

    The signing key associated with this client.



259
260
261
 
# File 'lib/googleauth/credentials.rb', line 259

def_delegators :@client,
:token_credential_uri, :audience,
:scope, :issuer, :signing_key, :updater_proc, :target_audience

#target_audienceString (readonly)

Returns The final target audience for ID tokens returned by this credential.

Returns:

  • (String)

    The final target audience for ID tokens returned by this credential.



259
260
261
 
# File 'lib/googleauth/credentials.rb', line 259

def_delegators :@client,
:token_credential_uri, :audience,
:scope, :issuer, :signing_key, :updater_proc, :target_audience

#token_credential_uriString (readonly)

Returns The token credential URI. The URI is the authorization server’s HTTP endpoint capable of issuing tokens and refreshing expired tokens.

Returns:

  • (String)

    The token credential URI. The URI is the authorization server’s HTTP endpoint capable of issuing tokens and refreshing expired tokens.



259
260
261
 
# File 'lib/googleauth/credentials.rb', line 259

def_delegators :@client,
:token_credential_uri, :audience,
:scope, :issuer, :signing_key, :updater_proc, :target_audience

#updater_procProc (readonly)

Returns a reference to the Signet::OAuth2::Client#apply method, suitable for passing as a closure.

Returns:



259
260
261
 
# File 'lib/googleauth/credentials.rb', line 259

def_delegators :@client,
:token_credential_uri, :audience,
:scope, :issuer, :signing_key, :updater_proc, :target_audience

Class Method Details

.audienceString

The default target audience ID to be used when none is provided during initialization. Used only by the assertion grant type.

Returns:

  • (String) 


81
82
83
84
85
 
# File 'lib/googleauth/credentials.rb', line 81

def self.audience
  return @audience unless @audience.nil?

  const_get :AUDIENCE if const_defined? :AUDIENCE
end

.audience=(new_audience) ⇒ String

Sets the default target audience ID to be used when none is provided during initialization.

Parameters:

  • new_audience (String)

Returns:

  • (String) 


93
94
95
 
# File 'lib/googleauth/credentials.rb', line 93

def self.audience= new_audience
  @audience = new_audience
end

.default(options = {}) ⇒ Credentials

Creates a new Credentials instance with auth credentials acquired by searching the environment variables and paths configured on the class, and with the default values configured on the class.

The auth credentials are searched for in the following order:

  1. configured environment variables (see env_vars)

  2. configured default file paths (see paths)

  3. application default (see Google::Auth.get_application_default)

Parameters:

  • options (Hash) (defaults to: {})

    The options for configuring the credentials instance. The following is supported:

    • :scope - the scope for the client

    • “project_id” (and optionally “project”) - the project identifier for the client

    • :connection_builder - the connection builder to use for the client

    • :default_connection - the default connection to use for the client

Returns:



321
322
323
324
325
326
327
328
329
330
331
 
# File 'lib/googleauth/credentials.rb', line 321

def self.default options = {}
  # First try to find keyfile file or json from environment variables.
  client = from_env_vars options

  # Second try to find keyfile file from known file paths.
  client ||= from_default_paths options

  # Finally get instantiated client from Google::Auth
  client ||= from_application_default options
  client
end

.env_varsArray<String>

The environment variables to search for credentials. Values can either be a file path to the credentials file, or the JSON contents of the credentials file.

Returns:

  • (Array<String>) 


163
164
165
166
167
168
169
170
171
 
# File 'lib/googleauth/credentials.rb', line 163

def self.env_vars
  return @env_vars unless @env_vars.nil?

  # Pull values when PATH_ENV_VARS or JSON_ENV_VARS constants exists.
  tmp_env_vars = []
  tmp_env_vars << const_get(:PATH_ENV_VARS) if const_defined? :PATH_ENV_VARS
  tmp_env_vars << const_get(:JSON_ENV_VARS) if const_defined? :JSON_ENV_VARS
  tmp_env_vars.flatten.uniq
end

.env_vars=(new_env_vars) ⇒ Array<String>

Sets the environment variables to search for credentials.

Parameters:

  • new_env_vars (Array<String>)

Returns:

  • (Array<String>) 


179
180
181
182
 
# File 'lib/googleauth/credentials.rb', line 179

def self.env_vars= new_env_vars
  new_env_vars = Array new_env_vars unless new_env_vars.nil?
  @env_vars = new_env_vars
end

.pathsArray<String>

The file paths to search for credentials files.

Returns:

  • (Array<String>) 


189
190
191
192
193
194
195
196
 
# File 'lib/googleauth/credentials.rb', line 189

def self.paths
  return @paths unless @paths.nil?

  tmp_paths = []
  # Pull in values is the DEFAULT_PATHS constant exists.
  tmp_paths << const_get(:DEFAULT_PATHS) if const_defined? :DEFAULT_PATHS
  tmp_paths.flatten.uniq
end

.paths=(new_paths) ⇒ Array<String>

Set the file paths to search for credentials files.

Parameters:

  • new_paths (Array<String>)

Returns:

  • (Array<String>) 


204
205
206
207
 
# File 'lib/googleauth/credentials.rb', line 204

def self.paths= new_paths
  new_paths = Array new_paths unless new_paths.nil?
  @paths = new_paths
end

.scopeString+

The default scope to be used when none is provided during initialization. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.

Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

Returns:

  • (String, Array<String>) 


108
109
110
111
112
 
# File 'lib/googleauth/credentials.rb', line 108

def self.scope
  return @scope unless @scope.nil?

  Array(const_get(:SCOPE)).flatten.uniq if const_defined? :SCOPE
end

.scope=(new_scope) ⇒ String+

Sets the default scope to be used when none is provided during initialization.

Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

Parameters:

  • new_scope (String, Array<String>)

Returns:

  • (String, Array<String>) 


124
125
126
127
 
# File 'lib/googleauth/credentials.rb', line 124

def self.scope= new_scope
  new_scope = Array new_scope unless new_scope.nil?
  @scope = new_scope
end

.target_audienceString

The default final target audience for ID tokens, to be used when none is provided during initialization.

Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

Returns:

  • (String) 


139
140
141
 
# File 'lib/googleauth/credentials.rb', line 139

def self.target_audience
  @target_audience
end

.target_audience=(new_target_audience) ⇒ Object

Sets the default final target audience for ID tokens, to be used when none is provided during initialization.

Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

Parameters:

  • new_target_audience (String) 


153
154
155
 
# File 'lib/googleauth/credentials.rb', line 153

def self.target_audience= new_target_audience
  @target_audience = new_target_audience
end

.token_credential_uriString

The default token credential URI to be used when none is provided during initialization. The URI is the authorization server’s HTTP endpoint capable of issuing tokens and refreshing expired tokens.

Returns:

  • (String) 


59
60
61
62
63
 
# File 'lib/googleauth/credentials.rb', line 59

def self.token_credential_uri
  return @token_credential_uri unless @token_credential_uri.nil?

  const_get :TOKEN_CREDENTIAL_URI if const_defined? :TOKEN_CREDENTIAL_URI
end

.token_credential_uri=(new_token_credential_uri) ⇒ String

Set the default token credential URI to be used when none is provided during initialization.

Parameters:

  • new_token_credential_uri (String)

Returns:

  • (String) 


71
72
73
 
# File 'lib/googleauth/credentials.rb', line 71

def self.token_credential_uri= new_token_credential_uri
  @token_credential_uri = new_token_credential_uri
end