Console
    Contact Us Start free

    googleauth - Class Google::Auth::Credentials (v1.15.0)

    Reference documentation and code samples for the googleauth class Google::Auth::Credentials.

    Credentials is a high-level base class used by Google's API client libraries to represent the authentication when connecting to an API. In most cases, it is subclassed by API-specific credential classes that can be instantiated by clients.

    Important:If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to Validate credential configurations from external sources .

    Options

    Credentials classes are configured with options that dictate default values for parameters such as scope and audience. These defaults are expressed as class attributes, and may differ from endpoint to endpoint. Normally, an API client will provide subclasses specific to each endpoint, configured with appropriate values.

    Note that these options inherit up the class hierarchy. If a particular options is not set for a subclass, its superclass is queried.

    Some older users of this class set options via constants. This usage is deprecated. For example, instead of setting the AUDIENCE constant on your subclass, call the audience= method.

    Example

     class MyCredentials < Google::Auth::Credentials
  # Set the default scope for these credentials
  self.scope = "http://example.com/my_scope"
end

# creds is a credentials object suitable for Google API clients
creds = MyCredentials.default
creds.scope  # => ["http://example.com/my_scope"]

class SubCredentials < MyCredentials
  # Override the default scope for this subclass
  self.scope = "http://example.com/sub_scope"
end

creds2 = SubCredentials.default
creds2.scope  # => ["http://example.com/sub_scope"]

    Inherits

    • Object

    Extended By

    • Forwardable

    Methods

    .audience

      def 
  
 self 
 . 
 audience 
 () 
  
 - 
>  
 String

    The default target audience ID to be used when none is provided during initialization. Used only by the assertion grant type.

    Returns
    • (String)

    .audience=

      def 
  
 self 
 . 
 audience= 
 ( 
 new_audience 
 )

    Sets the default target audience ID to be used when none is provided during initialization.

    Parameter
    • new_audience(String)

    .default

      def 
  
 self 
 . 
 default 
 ( 
 options 
  
 = 
  
 {}) 
  
 - 
>  
 Credentials

    Creates a new Credentials instance with auth credentials acquired by searching the environment variables and paths configured on the class, and with the default values configured on the class.

    The auth credentials are searched for in the following order:

    1. configured environment variables (see Credentials.env_vars )
    2. configured default file paths (see Credentials.paths )
    3. application default (see get_application_default )
    Parameter
    • options(Hash) —

      The options for configuring the credentials instance. The following is supported:

      • +:scope+ - the scope for the client
      • +"project_id"+ (and optionally +"project"+) - the project identifier for the client
      • +:connection_builder+ - the connection builder to use for the client
      • +:default_connection+ - the default connection to use for the client
    Returns

    .env_vars

      def 
  
 self 
 . 
 env_vars 
 () 
  
 - 
>  
 Array<String>

    The environment variables to search for credentials. Values can either be a file path to the credentials file, or the JSON contents of the credentials file. The env_vars will never be nil. If there are no vars, the empty array is returned.

    Returns
    • (Array<String>)

    .env_vars=

      def 
  
 self 
 . 
 env_vars= 
 ( 
 new_env_vars 
 )

    Sets the environment variables to search for credentials. Setting to nil "unsets" the value, and defaults to the superclass (or to the empty array if there is no superclass).

    Parameter
    • new_env_vars(String, Array<String>, nil)

    .paths

      def 
  
 self 
 . 
 paths 
 () 
  
 - 
>  
 Array<String>

    The file paths to search for credentials files. The paths will never be nil. If there are no paths, the empty array is returned.

    Returns
    • (Array<String>)

    .paths=

      def 
  
 self 
 . 
 paths= 
 ( 
 new_paths 
 )

    Set the file paths to search for credentials files. Setting to nil "unsets" the value, and defaults to the superclass (or to the empty array if there is no superclass).

    Parameter
    • new_paths(String, Array<String>, nil)

    .scope

      def 
  
 self 
 . 
 scope 
 () 
  
 - 
>  
 String 
 , 
  
 Array<String> 
 , 
  
 nil

    The default scope to be used when none is provided during initialization. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.

    Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

    Returns
    • (String, Array<String>, nil)

    .scope=

      def 
  
 self 
 . 
 scope= 
 ( 
 new_scope 
 )

    Sets the default scope to be used when none is provided during initialization.

    Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

    Parameter
    • new_scope(String, Array<String>, nil)

    .target_audience

      def 
  
 self 
 . 
 target_audience 
 () 
  
 - 
>  
 String 
 , 
  
 nil

    The default final target audience for ID tokens, to be used when none is provided during initialization.

    Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

    Returns
    • (String, nil)

    .target_audience=

      def 
  
 self 
 . 
 target_audience= 
 ( 
 new_target_audience 
 )

    Sets the default final target audience for ID tokens, to be used when none is provided during initialization.

    Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.

    Parameter
    • new_target_audience(String, nil)

    .token_credential_uri

      def 
  
 self 
 . 
 token_credential_uri 
 () 
  
 - 
>  
 String

    The default token credential URI to be used when none is provided during initialization. The URI is the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

    Returns
    • (String)

    .token_credential_uri=

      def 
  
 self 
 . 
 token_credential_uri= 
 ( 
 new_token_credential_uri 
 )

    Set the default token credential URI to be used when none is provided during initialization.

    Parameter
    • new_token_credential_uri(String)

    #audience

      def 
  
 audience 
 () 
  
 - 
>  
 String
    Returns
    • (String) — The target audience ID when issuing assertions. Used only by the assertion grant type.

    #client

      def 
  
 client 
 () 
  
 - 
>  
 Signet 
 :: 
 OAuth2 
 :: 
 Client

    The Signet::OAuth2::Client object the Credentials instance is using.

    Returns

    #client=

      def 
  
 client= 
 ( 
 value 
 ) 
  
 - 
>  
 Signet 
 :: 
 OAuth2 
 :: 
 Client

    The Signet::OAuth2::Client object the Credentials instance is using.

    Parameter
    Returns

    #duplicate

      def 
  
 duplicate 
 ( 
 options 
  
 = 
  
 {}) 
  
 - 
>  
 Credentials

    Creates a duplicate of these credentials. This method tries to create the duplicate of the wrapped credentials if they support duplication and use them as is if they don't.

    The wrapped credentials are typically Signet::OAuth2::Client objects and they keep the transient state (token, refresh token, etc). The duplication discards that state, allowing e.g. to get the token with a different scope.

    Parameter
    • options(Hash) —

      Overrides for the credentials parameters.

      The options hash is used in two ways:

      1. Configuring the duplicate of the wrapper object:Some options are used to directly configure the wrapper Credentials instance. These include:
      • :project_id (and optionally :project ) - the project identifier for the credentials
      • :quota_project_id - the quota project identifier for the credentials
      1. Configuring the duplicate of the inner client:If the inner client supports duplication the options hash is passed to it. This allows for configuration of additional parameters, most importantly (but not limited to) the following:
      • :scope - the scope for the client
    Returns

    #initialize

      def 
  
 initialize 
 ( 
 source_creds 
 , 
  
 options 
  
 = 
  
 {}) 
  
 - 
>  
 Credentials

    Creates a new Credentials instance with the provided auth credentials, and with the default values configured on the class.

    Parameters
    • source_creds(String, Pathname, Hash, Google::Auth::BaseClient ) — The source of credentials. It can be provided as one of the following:
      • The path to a JSON keyfile (as a String or a Pathname )
      • The contents of a JSON keyfile (as a Hash )
      • A Google::Auth::BaseClient credentials object, including but not limited to a Signet::OAuth2::Client object.
      • Any credentials object that supports the methods this wrapper delegates to an inner client.

      If this parameter is an object ( Signet::OAuth2::Client or other) it will be used as an inner client. Otherwise the inner client will be constructed from the JSON keyfile or the contens of the hash.

    • options(Hash) — The options for configuring this wrapper credentials object and the inner client. The options hash is used in two ways:
      1. Configuring the wrapper object:Some options are used to directly configure the wrapper Credentials instance. These include:
      • :project_id (and optionally :project ) - the project identifier for the client
      • :quota_project_id - the quota project identifier for the client
      • :logger - the logger used to log credential operations such as token refresh.
      1. Configuring the inner client:When the source_creds parameter is a String or Hash , a new Signet::OAuth2::Client is created internally. The following options are used to configure this inner client:
      • :scope - the scope for the client
      • :target_audience - the target audience for the client

      Any other options in the options hash are passed directly to the inner client constructor. This allows you to configure additional parameters of the Signet::OAuth2::Client , such as connection parameters, timeouts, etc.

    Returns
    Raises

    #issuer

      def 
  
 issuer 
 () 
  
 - 
>  
 String
    Returns
    • (String) — The issuer ID associated with this client.

    #logger

      def 
  
 logger 
 () 
  
 - 
>  
 Logger
    Returns
    • (Logger) — The logger used to log credential operations such as token refresh.

    #logger=

      def 
  
 logger= 
 ( 
 value 
 ) 
  
 - 
>  
 Logger
    Parameter
    • value(Logger) — The logger used to log credential operations such as token refresh.
    Returns
    • (Logger) — The logger used to log credential operations such as token refresh.

    #project_id

      def 
  
 project_id 
 () 
  
 - 
>  
 String

    Identifier for the project the client is authenticating with.

    Returns
    • (String)

    #quota_project_id

      def 
  
 quota_project_id 
 () 
  
 - 
>  
 String 
 , 
  
 nil

    Identifier for a separate project used for billing/quota, if any.

    Returns
    • (String, nil)

    #scope

      def 
  
 scope 
 () 
  
 - 
>  
 String 
 , 
  
 Array<String>
    Returns
    • (String, Array<String>) — The scope for this client. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.

    #signing_key

      def 
  
 signing_key 
 () 
  
 - 
>  
 String 
 , 
  
 OpenSSL 
 :: 
 PKey
    Returns
    • (String, OpenSSL::PKey) — The signing key associated with this client.

    #target_audience

      def 
  
 target_audience 
 () 
  
 - 
>  
 String
    Returns
    • (String) — The final target audience for ID tokens returned by this credential.

    #token_credential_uri

      def 
  
 token_credential_uri 
 () 
  
 - 
>  
 String
    Returns
    • (String) — The token credential URI. The URI is the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

    #universe_domain

      def 
  
 universe_domain 
 () 
  
 - 
>  
 String
    Returns
    • (String) — The universe domain issuing these credentials.

    #universe_domain=

      def 
  
 universe_domain= 
 ( 
 value 
 ) 
  
 - 
>  
 String
    Parameter
    • value(String) — The universe domain issuing these credentials.
    Returns
    • (String) — The universe domain issuing these credentials.

    #updater_proc

      def 
  
 updater_proc 
 () 
  
 - 
>  
 Proc
    Returns
    • (Proc) — Returns a reference to the {Signet::OAuth2::Client#apply} method, suitable for passing as a closure.

    Constants

    TOKEN_CREDENTIAL_URI

    value: " https://oauth2.googleapis.com/token".freeze
    The default token credential URI to be used when none is provided during initialization.

    AUDIENCE

    value: " https://oauth2.googleapis.com/token".freeze
    The default target audience ID to be used when none is provided during initialization.
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: