class Google::Auth::ServiceAccountCredentials
Authenticates requests using Google's Service Account credentials via an OAuth access token.
This class allows authorizing requests for service accounts directly from credentials from a json key file downloaded from the developer console (via 'Generate new Json Key').
cf [Application Default Credentials](goo.gl/mkAHpZ)
Constants
- TOKEN_CRED_URI
Public Class Methods
make_creds(options = {})
click to toggle source
Creates a ServiceAccountCredentials.
@param json_key_io [IO] an IO from which the JSON key can be read @param scope [string|array|nil] the scope(s) to access
# File lib/googleauth/service_account.rb, line 56 def self.make_creds(options = {}) json_key_io, scope = options.values_at(:json_key_io, :scope) if json_key_io private_key, client_email = read_json_key(json_key_io) else private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR] client_email = ENV[CredentialsLoader::CLIENT_EMAIL_VAR] end new(token_credential_uri: TOKEN_CRED_URI, audience: TOKEN_CRED_URI, scope: scope, issuer: client_email, signing_key: OpenSSL::PKey::RSA.new(private_key)) end
new(options = {})
click to toggle source
Calls superclass method
# File lib/googleauth/service_account.rb, line 81 def initialize(options = {}) super(options) end
read_json_key(json_key_io)
click to toggle source
Reads the private key and client email fields from the service account JSON key.
# File lib/googleauth/service_account.rb, line 74 def self.read_json_key(json_key_io) json_key = MultiJson.load(json_key_io.read) raise 'missing client_email' unless json_key.key?('client_email') raise 'missing private_key' unless json_key.key?('private_key') [json_key['private_key'], json_key['client_email']] end
Public Instance Methods
apply!(a_hash, opts = {})
click to toggle source
Extends the base class.
If scope(s) is not set, it creates a transient ServiceAccountJwtHeaderCredentials instance and uses that to authenticate instead.
Calls superclass method
Signet::OAuth2::Client#apply!
# File lib/googleauth/service_account.rb, line 90 def apply!(a_hash, opts = {}) # Use the base implementation if scopes are set unless scope.nil? super return end # Use the ServiceAccountJwtHeaderCredentials using the same cred values # if no scopes are set. cred_json = { private_key: @signing_key.to_s, client_email: @issuer } alt_clz = ServiceAccountJwtHeaderCredentials key_io = StringIO.new(MultiJson.dump(cred_json)) alt = alt_clz.make_creds(json_key_io: key_io) alt.apply!(a_hash) end