Reference documentation and code samples for the googleauth class Google::Auth::Credentials.
Credentials is a high-level base class used by Google's API client libraries to represent the authentication when connecting to an API. In most cases, it is subclassed by API-specific credential classes that can be instantiated by clients.
Options
Credentials classes are configured with options that dictate default values for parameters such as scope and audience. These defaults are expressed as class attributes, and may differ from endpoint to endpoint. Normally, an API client will provide subclasses specific to each endpoint, configured with appropriate values.
Note that these options inherit up the class hierarchy. If a particular options is not set for a subclass, its superclass is queried.
Some older users of this class set options via constants. This usage is
deprecated. For example, instead of setting the AUDIENCE
constant on
your subclass, call the audience=
method.
Example
class MyCredentials < Google::Auth::Credentials
# Set the default scope for these credentials
self.scope = "http://example.com/my_scope"
end
# creds is a credentials object suitable for Google API clients
creds = MyCredentials.default
creds.scope # => ["http://example.com/my_scope"]
class SubCredentials < MyCredentials
# Override the default scope for this subclass
self.scope = "http://example.com/sub_scope"
end
creds2 = SubCredentials.default
creds2.scope # => ["http://example.com/sub_scope"]
Inherits
- Object
Extended By
- Forwardable
Methods
.audience
def
self
.
audience
()
-
>
String
The default target audience ID to be used when none is provided during initialization. Used only by the assertion grant type.
- (String)
.audience=
def
self
.
audience=
(
new_audience
)
Sets the default target audience ID to be used when none is provided during initialization.
- new_audience(String)
.default
def
self
.
default
(
options
=
{})
-
>
Credentials
Creates a new Credentials instance with auth credentials acquired by searching the environment variables and paths configured on the class, and with the default values configured on the class.
The auth credentials are searched for in the following order:
- configured environment variables (see Credentials.env_vars )
- configured default file paths (see Credentials.paths )
- application default (see get_application_default )
- options(Hash) —
The options for configuring the credentials instance. The following is supported:
- +:scope+ - the scope for the client
- +"project_id"+ (and optionally +"project"+) - the project identifier for the client
- +:connection_builder+ - the connection builder to use for the client
- +:default_connection+ - the default connection to use for the client
- ( Credentials )
.env_vars
def
self
.
env_vars
()
-
>
Array<String>
The environment variables to search for credentials. Values can either be a file path to the credentials file, or the JSON contents of the credentials file. The env_vars will never be nil. If there are no vars, the empty array is returned.
- (Array<String>)
.env_vars=
def
self
.
env_vars=
(
new_env_vars
)
Sets the environment variables to search for credentials.
Setting to nil
"unsets" the value, and defaults to the superclass
(or to the empty array if there is no superclass).
- new_env_vars(String, Array<String>, nil)
.paths
def
self
.
paths
()
-
>
Array<String>
The file paths to search for credentials files. The paths will never be nil. If there are no paths, the empty array is returned.
- (Array<String>)
.paths=
def
self
.
paths=
(
new_paths
)
Set the file paths to search for credentials files.
Setting to nil
"unsets" the value, and defaults to the superclass
(or to the empty array if there is no superclass).
- new_paths(String, Array<String>, nil)
.scope
def
self
.
scope
()
-
>
String
,
Array<String>
,
nil
The default scope to be used when none is provided during initialization. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.
Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
- (String, Array<String>, nil)
.scope=
def
self
.
scope=
(
new_scope
)
Sets the default scope to be used when none is provided during initialization.
Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
- new_scope(String, Array<String>, nil)
.target_audience
def
self
.
target_audience
()
-
>
String
,
nil
The default final target audience for ID tokens, to be used when none is provided during initialization.
Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
- (String, nil)
.target_audience=
def
self
.
target_audience=
(
new_target_audience
)
Sets the default final target audience for ID tokens, to be used when none is provided during initialization.
Either #scope or #target_audience , but not both, should be non-nil. If #scope is set, this credential will produce access tokens. If #target_audience is set, this credential will produce ID tokens.
- new_target_audience(String, nil)
.token_credential_uri
def
self
.
token_credential_uri
()
-
>
String
The default token credential URI to be used when none is provided during initialization. The URI is the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
- (String)
.token_credential_uri=
def
self
.
token_credential_uri=
(
new_token_credential_uri
)
Set the default token credential URI to be used when none is provided during initialization.
- new_token_credential_uri(String)
#audience
def
audience
()
-
>
String
- (String) — The target audience ID when issuing assertions. Used only by the assertion grant type.
#client
def
client
()
-
>
Signet
::
OAuth2
::
Client
The Signet::OAuth2::Client object the Credentials instance is using.
#client=
def
client=
(
value
)
-
>
Signet
::
OAuth2
::
Client
The Signet::OAuth2::Client object the Credentials instance is using.
- value( Signet::OAuth2::Client )
#initialize
def
initialize
(
keyfile
,
options
=
{})
-
>
Credentials
Creates a new Credentials instance with the provided auth credentials, and with the default values configured on the class.
- keyfile(String, Hash, Signet::OAuth2::Client
) —
The keyfile can be provided as one of the following:
- The path to a JSON keyfile (as a
String) - The contents of a JSON keyfile (as a
Hash) - A
Signet::OAuth2::Clientobject
- The path to a JSON keyfile (as a
- options(Hash) —
The options for configuring the credentials instance. The following is supported:
-
:scope- the scope for the client -
project_id(and optionallyproject) - the project identifier for the client -
:connection_builder- the connection builder to use for the client -
:default_connection- the default connection to use for the client -
:logger- the logger used to log credential operations such as token refresh.
-
- ( Credentials ) — a new instance of Credentials
#issuer
def
issuer
()
-
>
String
- (String) — The issuer ID associated with this client.
#logger
def
logger
()
-
>
Logger
- (Logger) — The logger used to log credential operations such as token refresh.
#logger=
def
logger=
(
value
)
-
>
Logger
- value(Logger) — The logger used to log credential operations such as token refresh.
- (Logger) — The logger used to log credential operations such as token refresh.
#project_id
def
project_id
()
-
>
String
Identifier for the project the client is authenticating with.
- (String)
#quota_project_id
def
quota_project_id
()
-
>
String
,
nil
Identifier for a separate project used for billing/quota, if any.
- (String, nil)
#scope
def
scope
()
-
>
String
,
Array<String>
- (String, Array<String>) — The scope for this client. A scope is an access range defined by the authorization server. The scope can be a single value or a list of values.
#signing_key
def
signing_key
()
-
>
String
,
OpenSSL
::
PKey
- (String, OpenSSL::PKey) — The signing key associated with this client.
#target_audience
def
target_audience
()
-
>
String
- (String) — The final target audience for ID tokens returned by this credential.
#token_credential_uri
def
token_credential_uri
()
-
>
String
- (String) — The token credential URI. The URI is the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
#universe_domain
def
universe_domain
()
-
>
String
- (String) — The universe domain issuing these credentials.
#universe_domain=
def
universe_domain=
(
value
)
-
>
String
- value(String) — The universe domain issuing these credentials.
- (String) — The universe domain issuing these credentials.
#updater_proc
def
updater_proc
()
-
>
Proc
- (Proc) — Returns a reference to the {Signet::OAuth2::Client#apply} method, suitable for passing as a closure.
Constants
TOKEN_CREDENTIAL_URI
value:
" https://oauth2.googleapis.com/token".freeze
The default token credential URI to be used when none is provided during initialization.
AUDIENCE
value:
" https://oauth2.googleapis.com/token".freeze
The default target audience ID to be used when none is provided during initialization.
