Class: Google::Auth::ServiceAccountJwtHeaderCredentials
- Inherits:
-
Object
- Object
- Google::Auth::ServiceAccountJwtHeaderCredentials
- Extended by:
- CredentialsLoader, JsonKeyReader
- Defined in:
- lib/googleauth/service_account.rb
Overview
Authenticates requests using Google’s Service Account credentials via JWT Header.
This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via ‘Generate new Json Key’). It is not part of any OAuth2 flow, rather it creates a JWT and sends that as a credential.
cf [Application Default Credentials](cloud.google.com/docs/authentication/production)
Constant Summary collapse
- JWT_AUD_URI_KEY =
:jwt_aud_uri
- AUTH_METADATA_KEY =
Signet::OAuth2::AUTH_METADATA_KEY
- TOKEN_CRED_URI =
"https://www.googleapis.com/oauth2/v4/token".freeze
- SIGNING_ALGORITHM =
"RS256".freeze
- EXPIRY =
60
Constants included from CredentialsLoader
CredentialsLoader::ACCOUNT_TYPE_VAR, CredentialsLoader::CLIENT_EMAIL_VAR, CredentialsLoader::CLIENT_ID_VAR, CredentialsLoader::CLIENT_SECRET_VAR, CredentialsLoader::CLOUD_SDK_CLIENT_ID, CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING, CredentialsLoader::CREDENTIALS_FILE_NAME, CredentialsLoader::ENV_VAR, CredentialsLoader::GCLOUD_CONFIG_COMMAND, CredentialsLoader::GCLOUD_POSIX_COMMAND, CredentialsLoader::GCLOUD_WINDOWS_COMMAND, CredentialsLoader::NOT_FOUND_ERROR, CredentialsLoader::PRIVATE_KEY_VAR, CredentialsLoader::PROJECT_ID_VAR, CredentialsLoader::REFRESH_TOKEN_VAR, CredentialsLoader::SYSTEM_DEFAULT_ERROR, CredentialsLoader::WELL_KNOWN_ERROR, CredentialsLoader::WELL_KNOWN_PATH
Instance Attribute Summary collapse
-
#project_id ⇒ Object
readonly
Returns the value of attribute project_id.
-
#quota_project_id ⇒ Object
readonly
Returns the value of attribute quota_project_id.
Class Method Summary collapse
-
.make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance.
Instance Method Summary collapse
-
#apply(a_hash, opts = {}) ⇒ Object
Returns a clone of a_hash updated with the authoriation header.
-
#apply!(a_hash, opts = {}) ⇒ Object
Construct a jwt token if the JWT_AUD_URI key is present in the input hash.
-
#initialize(options = {}) ⇒ ServiceAccountJwtHeaderCredentials
constructor
Initializes a ServiceAccountJwtHeaderCredentials.
-
#updater_proc ⇒ Object
Returns a reference to the #apply method, suitable for passing as a closure.
Methods included from CredentialsLoader
from_env, from_system_default_path, from_well_known_path, load_gcloud_project_id, make_creds, warn_if_cloud_sdk_credentials
Methods included from JsonKeyReader
Constructor Details
#initialize(options = {}) ⇒ ServiceAccountJwtHeaderCredentials
Initializes a ServiceAccountJwtHeaderCredentials.
169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/googleauth/service_account.rb', line 169 def initialize = {} json_key_io = [:json_key_io] if json_key_io @private_key, @issuer, @project_id, @quota_project_id = self.class.read_json_key json_key_io else @private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR] @issuer = ENV[CredentialsLoader::CLIENT_EMAIL_VAR] @project_id = ENV[CredentialsLoader::PROJECT_ID_VAR] @quota_project_id = nil end @project_id ||= CredentialsLoader.load_gcloud_project_id @signing_key = OpenSSL::PKey::RSA.new @private_key end |
Instance Attribute Details
#project_id ⇒ Object (readonly)
Returns the value of attribute project_id.
152 153 154 |
# File 'lib/googleauth/service_account.rb', line 152 def project_id @project_id end |
#quota_project_id ⇒ Object (readonly)
Returns the value of attribute quota_project_id.
153 154 155 |
# File 'lib/googleauth/service_account.rb', line 153 def quota_project_id @quota_project_id end |
Class Method Details
.make_creds(*args) ⇒ Object
make_creds proxies the construction of a credentials instance
make_creds is used by the methods in CredentialsLoader.
By default, it calls #new with 2 args, the second one being an optional scope. Here’s the constructor only has one param, so we modify make_creds to reflect this.
162 163 164 |
# File 'lib/googleauth/service_account.rb', line 162 def self.make_creds *args new json_key_io: args[0][:json_key_io] end |
Instance Method Details
#apply(a_hash, opts = {}) ⇒ Object
Returns a clone of a_hash updated with the authoriation header
197 198 199 200 201 |
# File 'lib/googleauth/service_account.rb', line 197 def apply a_hash, opts = {} a_copy = a_hash.clone apply! a_copy, opts a_copy end |
#apply!(a_hash, opts = {}) ⇒ Object
Construct a jwt token if the JWT_AUD_URI key is present in the input hash.
The jwt token is used as the value of a ‘Bearer ’.
188 189 190 191 192 193 194 |
# File 'lib/googleauth/service_account.rb', line 188 def apply! a_hash, opts = {} jwt_aud_uri = a_hash.delete JWT_AUD_URI_KEY return a_hash if jwt_aud_uri.nil? jwt_token = new_jwt_token jwt_aud_uri, opts a_hash[AUTH_METADATA_KEY] = "Bearer #{jwt_token}" a_hash end |
#updater_proc ⇒ Object
Returns a reference to the #apply method, suitable for passing as a closure
205 206 207 |
# File 'lib/googleauth/service_account.rb', line 205 def updater_proc proc { |a_hash, opts = {}| apply a_hash, opts } end |