Class: Google::Auth::Credentials
- Inherits:
-
Object
- Object
- Google::Auth::Credentials
- Extended by:
- Forwardable
- Defined in:
- lib/googleauth/credentials.rb
Overview
Credentials is a high-level base class used by Google's API client libraries to represent the authentication when connecting to an API. In most cases, it is subclassed by API-specific credential classes that can be instantiated by clients.
Options
Credentials classes are configured with options that dictate default values for parameters such as scope and audience. These defaults are expressed as class attributes, and may differ from endpoint to endpoint. Normally, an API client will provide subclasses specific to each endpoint, configured with appropriate values.
Note that these options inherit up the class hierarchy. If a particular options is not set for a subclass, its superclass is queried.
Some older users of this class set options via constants. This usage is
deprecated. For example, instead of setting the AUDIENCE
constant on
your subclass, call the audience=
method.
Example
class MyCredentials < Google::Auth::Credentials
# Set the default scope for these credentials
self.scope = "http://example.com/my_scope"
end
# creds is a credentials object suitable for Google API clients
creds = MyCredentials.default
creds.scope # => ["http://example.com/my_scope"]
class SubCredentials < MyCredentials
# Override the default scope for this subclass
self.scope = "http://example.com/sub_scope"
end
creds2 = SubCredentials.default
creds2.scope # => ["http://example.com/sub_scope"]
Constant Summary collapse
- TOKEN_CREDENTIAL_URI =
The default token credential URI to be used when none is provided during initialization.
"https://oauth2.googleapis.com/token".freeze
- AUDIENCE =
The default target audience ID to be used when none is provided during initialization.
"https://oauth2.googleapis.com/token".freeze
Instance Attribute Summary collapse
-
#audience ⇒ String
readonly
The target audience ID when issuing assertions.
-
#client ⇒ Signet::OAuth2::Client
The Signet::OAuth2::Client object the Credentials instance is using.
-
#issuer ⇒ String
readonly
The issuer ID associated with this client.
-
#logger ⇒ Logger
The logger used to log credential operations such as token refresh.
-
#project_id ⇒ String
readonly
Identifier for the project the client is authenticating with.
-
#quota_project_id ⇒ String?
readonly
Identifier for a separate project used for billing/quota, if any.
-
#scope ⇒ String+
readonly
The scope for this client.
-
#signing_key ⇒ String, OpenSSL::PKey
readonly
The signing key associated with this client.
-
#target_audience ⇒ String
readonly
The final target audience for ID tokens returned by this credential.
-
#token_credential_uri ⇒ String
readonly
The token credential URI.
-
#universe_domain ⇒ String
The universe domain issuing these credentials.
-
#updater_proc ⇒ Proc
readonly
Returns a reference to the Signet::OAuth2::Client#apply method, suitable for passing as a closure.
Class Method Summary collapse
-
.audience ⇒ String
The default target audience ID to be used when none is provided during initialization.
-
.audience=(new_audience) ⇒ Object
Sets the default target audience ID to be used when none is provided during initialization.
-
.default(options = {}) ⇒ Credentials
Creates a new Credentials instance with auth credentials acquired by searching the environment variables and paths configured on the class, and with the default values configured on the class.
-
.env_vars ⇒ Array<String>
The environment variables to search for credentials.
-
.env_vars=(new_env_vars) ⇒ Object
Sets the environment variables to search for credentials.
-
.paths ⇒ Array<String>
The file paths to search for credentials files.
-
.paths=(new_paths) ⇒ Object
Set the file paths to search for credentials files.
-
.scope ⇒ String, ...
The default scope to be used when none is provided during initialization.
-
.scope=(new_scope) ⇒ Object
Sets the default scope to be used when none is provided during initialization.
-
.target_audience ⇒ String?
The default final target audience for ID tokens, to be used when none is provided during initialization.
-
.target_audience=(new_target_audience) ⇒ Object
Sets the default final target audience for ID tokens, to be used when none is provided during initialization.
-
.token_credential_uri ⇒ String
The default token credential URI to be used when none is provided during initialization.
-
.token_credential_uri=(new_token_credential_uri) ⇒ Object
Set the default token credential URI to be used when none is provided during initialization.
Instance Method Summary collapse
-
#initialize(keyfile, options = {}) ⇒ Credentials
constructor
Creates a new Credentials instance with the provided auth credentials, and with the default values configured on the class.
Constructor Details
#initialize(keyfile, options = {}) ⇒ Credentials
Creates a new Credentials instance with the provided auth credentials, and with the default values configured on the class.
367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 |
# File 'lib/googleauth/credentials.rb', line 367 def initialize keyfile, = {} verify_keyfile_provided! keyfile = symbolize_hash_keys @project_id = [:project_id] || [:project] @quota_project_id = [:quota_project_id] case keyfile when Google::Auth::BaseClient update_from_signet keyfile when Hash update_from_hash keyfile, else update_from_filepath keyfile, end setup_logging logger: .fetch(:logger, :default) @project_id ||= CredentialsLoader.load_gcloud_project_id @env_vars = nil @paths = nil @scope = nil end |
Instance Attribute Details
#audience ⇒ String (readonly)
Returns The target audience ID when issuing assertions. Used only by the assertion grant type.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#client ⇒ Signet::OAuth2::Client
The Signet::OAuth2::Client object the Credentials instance is using.
286 287 288 |
# File 'lib/googleauth/credentials.rb', line 286 def client @client end |
#issuer ⇒ String (readonly)
Returns The issuer ID associated with this client.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#logger ⇒ Logger
Returns The logger used to log credential operations such as token refresh.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#project_id ⇒ String (readonly)
Identifier for the project the client is authenticating with.
293 294 295 |
# File 'lib/googleauth/credentials.rb', line 293 def project_id @project_id end |
#quota_project_id ⇒ String? (readonly)
Identifier for a separate project used for billing/quota, if any.
300 301 302 |
# File 'lib/googleauth/credentials.rb', line 300 def quota_project_id @quota_project_id end |
#scope ⇒ String+ (readonly)
Returns The scope for this client. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#signing_key ⇒ String, OpenSSL::PKey (readonly)
Returns The signing key associated with this client.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#target_audience ⇒ String (readonly)
Returns The final target audience for ID tokens returned by this credential.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#token_credential_uri ⇒ String (readonly)
Returns The token credential URI. The URI is the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#universe_domain ⇒ String
Returns The universe domain issuing these credentials.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
#updater_proc ⇒ Proc (readonly)
Returns a reference to the Signet::OAuth2::Client#apply method, suitable for passing as a closure.
343 344 345 346 |
# File 'lib/googleauth/credentials.rb', line 343 def_delegators :@client, :token_credential_uri, :audience, :scope, :issuer, :signing_key, :updater_proc, :target_audience, :universe_domain, :universe_domain=, :logger, :logger= |
Class Method Details
.audience ⇒ String
The default target audience ID to be used when none is provided during initialization. Used only by the assertion grant type.
102 103 104 105 106 |
# File 'lib/googleauth/credentials.rb', line 102 def self.audience lookup_auth_param :audience do lookup_local_constant :AUDIENCE end end |
.audience=(new_audience) ⇒ Object
Sets the default target audience ID to be used when none is provided during initialization.
113 114 115 |
# File 'lib/googleauth/credentials.rb', line 113 def self.audience= new_audience @audience = new_audience end |
.default(options = {}) ⇒ Credentials
Creates a new Credentials instance with auth credentials acquired by searching the environment variables and paths configured on the class, and with the default values configured on the class.
The auth credentials are searched for in the following order:
- configured environment variables (see env_vars)
- configured default file paths (see paths)
- application default (see Google::Auth.get_application_default)
408 409 410 411 412 413 414 415 416 417 418 |
# File 'lib/googleauth/credentials.rb', line 408 def self.default = {} # First try to find keyfile file or json from environment variables. client = from_env_vars # Second try to find keyfile file from known file paths. client ||= from_default_paths # Finally get instantiated client from Google::Auth client ||= from_application_default client end |
.env_vars ⇒ Array<String>
The environment variables to search for credentials. Values can either be a file path to the credentials file, or the JSON contents of the credentials file. The env_vars will never be nil. If there are no vars, the empty array is returned.
184 185 186 |
# File 'lib/googleauth/credentials.rb', line 184 def self.env_vars env_vars_internal || [] end |
.env_vars=(new_env_vars) ⇒ Object
Sets the environment variables to search for credentials.
Setting to nil
"unsets" the value, and defaults to the superclass
(or to the empty array if there is no superclass).
208 209 210 211 |
# File 'lib/googleauth/credentials.rb', line 208 def self.env_vars= new_env_vars new_env_vars = Array new_env_vars unless new_env_vars.nil? @env_vars = new_env_vars end |
.paths ⇒ Array<String>
The file paths to search for credentials files. The paths will never be nil. If there are no paths, the empty array is returned.
219 220 221 |
# File 'lib/googleauth/credentials.rb', line 219 def self.paths paths_internal || [] end |
.paths=(new_paths) ⇒ Object
Set the file paths to search for credentials files.
Setting to nil
"unsets" the value, and defaults to the superclass
(or to the empty array if there is no superclass).
242 243 244 245 |
# File 'lib/googleauth/credentials.rb', line 242 def self.paths= new_paths new_paths = Array new_paths unless new_paths.nil? @paths = new_paths end |
.scope ⇒ String, ...
The default scope to be used when none is provided during initialization. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
128 129 130 131 132 133 |
# File 'lib/googleauth/credentials.rb', line 128 def self.scope lookup_auth_param :scope do vals = lookup_local_constant :SCOPE vals ? Array(vals).flatten.uniq : nil end end |
.scope=(new_scope) ⇒ Object
Sets the default scope to be used when none is provided during initialization.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
144 145 146 147 |
# File 'lib/googleauth/credentials.rb', line 144 def self.scope= new_scope new_scope = Array new_scope unless new_scope.nil? @scope = new_scope end |
.target_audience ⇒ String?
The default final target audience for ID tokens, to be used when none is provided during initialization.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
159 160 161 |
# File 'lib/googleauth/credentials.rb', line 159 def self.target_audience lookup_auth_param :target_audience end |
.target_audience=(new_target_audience) ⇒ Object
Sets the default final target audience for ID tokens, to be used when none is provided during initialization.
Either #scope or #target_audience, but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
173 174 175 |
# File 'lib/googleauth/credentials.rb', line 173 def self.target_audience= new_target_audience @target_audience = new_target_audience end |
.token_credential_uri ⇒ String
The default token credential URI to be used when none is provided during initialization. The URI is the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
81 82 83 84 85 |
# File 'lib/googleauth/credentials.rb', line 81 def self.token_credential_uri lookup_auth_param :token_credential_uri do lookup_local_constant :TOKEN_CREDENTIAL_URI end end |
.token_credential_uri=(new_token_credential_uri) ⇒ Object
Set the default token credential URI to be used when none is provided during initialization.
92 93 94 |
# File 'lib/googleauth/credentials.rb', line 92 def self.token_credential_uri= new_token_credential_uri @token_credential_uri = new_token_credential_uri end |