gcloud-auth

Crates.io	gcloud-auth
lib.rs	gcloud-auth
version
source	src
created_at	2025-02-06 23:36:39.541425+00
updated_at	2025-04-01 03:20:03.339659+00
description	Google Cloud Platform server application authentication library.
homepage
repository	https://github.com/yoshidan/google-cloud-rust/tree/main/foundation/auth
max_upload_size
id	1546259
Cargo.toml error:	TOML parse error at line 18, column 1 \| 18 \| autolib = false \| ^^^^^^^ unknown field `autolib`, expected one of `name`, `version`, `edition`, `authors`, `description`, `readme`, `license`, `repository`, `homepage`, `documentation`, `build`, `resolver`, `links`, `default-run`, `default_dash_run`, `rust-version`, `rust_dash_version`, `rust_version`, `license-file`, `license_dash_file`, `license_file`, `licenseFile`, `license_capital_file`, `forced-target`, `forced_dash_target`, `autobins`, `autotests`, `autoexamples`, `autobenches`, `publish`, `metadata`, `keywords`, `categories`, `exclude`, `include`
size	0

Naohiro Yoshida (yoshidan)

documentation

README

google-cloud-auth

Google Cloud Platform server application authentication library.

Installation

[dependencies]
google-cloud-auth = { package="gcloud-auth", version="1.0.0" }

Quickstart

#[tokio::main]
async fn main() -> Result<(), error::Error> {
    use google_cloud_auth::{project::Config, token::DefaultTokenSourceProvider};
    use google_cloud_token::TokenSourceProvider as _;

    let audience = "https://spanner.googleapis.com/";
    let scopes = [
        "https://www.googleapis.com/auth/cloud-platform",
        "https://www.googleapis.com/auth/spanner.data",
    ];
    let config = Config {
        // audience is required only for service account jwt-auth
        // https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth
        audience: Some(audience),
        // scopes is required only for service account Oauth2
        // https://developers.google.com/identity/protocols/oauth2/service-account
        scopes: Some(&scopes),
        sub: None,
    };
    let tsp = DefaultTokenSourceProvider::new(config).await?;
    let ts = tsp.token_source();
    let token = ts.token().await?;
    println!("token is {}", token);
    Ok(())
}

DefaultTokenSourceProvider::new(config) looks for credentials in the following places, preferring the first location found:

A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable.
A JSON file in a location known to the gcloud command-line tool. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json.
On Google Compute Engine, it fetches credentials from the metadata server.

Supported Credentials

Service Account(JWT)
Service Account(OAuth 2.0)
Authorized User
External Account
Google Developers Console client_credentials.json

Supported Workload Identity

https://cloud.google.com/iam/docs/workload-identity-federation

AWS
Azure Active Directory
On-premises Active Directory
Okta
Kubernetes clusters

Commit count: 0