Skip to content

Latest commit

 

History

History
88 lines (64 loc) · 2.93 KB

README.md

File metadata and controls

88 lines (64 loc) · 2.93 KB

GCPAuth

Build Status Hex.pm Hex.pm

GCP (Google Cloud Platform) auth library using Application Default Credentials. This is intended to be used for Server to Server Applications.

Installation and Usage

Add :gcp_auth to application and deps in mix.exs.

def deps do
  [{:gcp_auth, "~> 0.1"}]
end

def application do
  [applications: [:gcp_auth]]
end

And add :scopes to your config.ex. The full list of OAuth2 scopes for Google APIs can be seen at https://developers.google.com/identity/protocols/googlescopes

config :gcp_auth,
  scopes: ["https://www.googleapis.com/auth/devstorage.read_write"]

To get access token, call GCPAuth.Token.get().

> GCPAuth.Token.get()
"xxxx.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"

Examples

An example for uploading a file to GCS (Google Cloud Storage) is as follows:

access_token = GCPAuth.Token.get()
bucket = "your-bucket"
upload_path = "uploads/filename"
uri = %URI{scheme: "https",
           host: "www.googleapis.com",
           path: "/upload/storage/v1/b/#{bucket}/o",
           query: "uploadType=media&predefinedAcl=publicRead&name=#{upload_path}"}
local_path = "path/to/existing/localfile"
body = {:file, local_path}
headers = %{"Authorization" => "Bearer #{access_token}"}
HTTPoison.post(uri, body, headers)

Configuration

Disabling

To disable GCPAuth at specific environments e.g. dev or test, set :enabled to false.

config :gcp_auth,
  enabled: false

Overriding Application Default Credentials

By default, GCPAuth uses ADC (Application Default Credentials). That is to say

  1. If the environment variable GOOGLE_APPLICATION_CREDENTIALS is specified, the file is used as the credentials file.
  2. If ~/.config/gcloud/application_default_credentials.json exists, it is used. This wellknown file is created by running gcloud auth application-default login.
  3. (Not supported for now) If you are running in GAE (Google App Engine), the built-in service account associated with the application will be used.
  4. If you are running in GCE (Google Compute Engine), the built-in service account associated with the virtual machine instance will be used.

You can override this by adding :credentials_file to config.ex.

config :gcp_auth,
  credentials_file: "credentials.json",
  scopes: ["https://www.googleapis.com/auth/devstorage.read_write"]