Class: Google::Auth::ServiceAccountCredentials

Inherits:

Signet::OAuth2::Client

• Object
• Signet::OAuth2::Client
• Google::Auth::ServiceAccountCredentials

Extended by:

CredentialsLoader

Defined in:

lib/googleauth/service_account.rb

Overview

Authenticates requests using Google’s Service Account credentials.

This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via ‘Generate new Json Key’).

cf [Application Default Credentials](goo.gl/mkAHpZ)

Constant Summary

TOKEN_CRED_URI =

'https://www.googleapis.com/oauth2/v3/token'

Constants included from CredentialsLoader

CredentialsLoader::ENV_VAR, CredentialsLoader::NOT_FOUND_ERROR, CredentialsLoader::WELL_KNOWN_ERROR, CredentialsLoader::WELL_KNOWN_PATH

Class Method Summary

• .read_json_key(json_key_io) ⇒ Object

  Reads the private key and client email fields from the service account JSON key.

Instance Method Summary

• #initialize(json_key_io, scope = nil) ⇒ ServiceAccountCredentials constructor

  Initializes a ServiceAccountCredentials.

Methods included from CredentialsLoader

from_env, from_well_known_path, make_creds, windows?

Methods inherited from Signet::OAuth2::Client

#apply, #apply!, #updater_proc

Constructor Details

#initialize(json_key_io, scope = nil) ⇒ ServiceAccountCredentials

Initializes a ServiceAccountCredentials.

Parameters:

• json_key_io (IO) —

  an IO from which the JSON key can be read

• scope (string|array|nil) (defaults to: nil) —

  the scope(s) to access

# File 'lib/googleauth/service_account.rb', line 62

def initialize(json_key_io, scope = nil)
  private_key, client_email = self.class.read_json_key(json_key_io)
  super(token_credential_uri: TOKEN_CRED_URI,
        audience: TOKEN_CRED_URI,
        scope: scope,
        issuer: client_email,
        signing_key: OpenSSL::PKey::RSA.new(private_key))
end

Class Method Details

.read_json_key(json_key_io) ⇒ Object

Reads the private key and client email fields from the service account JSON key.

# File 'lib/googleauth/service_account.rb', line 51

def self.read_json_key(json_key_io)
  json_key = MultiJson.load(json_key_io.read)
  fail 'missing client_email' unless json_key.key?('client_email')
  fail 'missing private_key' unless json_key.key?('private_key')
  [json_key['private_key'], json_key['client_email']]
end