class Google::Auth::DefaultCredentials
DefaultCredentials
is used to preload the credentials file, to determine which type of credentials should be loaded.
Public Class Methods
Source
# File lib/googleauth/default_credentials.rb, line 74 def self.determine_creds_class json_key_io json_key = MultiJson.load json_key_io.read key = "type" raise "the json is missing the '#{key}' field" unless json_key.key? key type = json_key[key] case type when "service_account" [json_key, ServiceAccountCredentials] when "authorized_user" [json_key, UserRefreshCredentials] when "external_account" [json_key, ExternalAccount::Credentials] else raise "credentials type '#{type}' is not supported" end end
Reads the input json and determines which creds class to use.
Source
# File lib/googleauth/default_credentials.rb, line 45 def self.make_creds options = {} json_key_io = options[:json_key_io] if json_key_io json_key, clz = determine_creds_class json_key_io io = StringIO.new MultiJson.dump(json_key) clz.make_creds options.merge(json_key_io: io) else clz = read_creds clz.make_creds options end end
Override CredentialsLoader#make_creds
to use the class determined by loading the json.
Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google
Cloud, you must validate it before providing it to any Google
API or library. Providing an unvalidated credential configuration to Google
APIs can compromise the security of your systems and data. For more information, refer to [Validate credential configurations from external sources](cloud.google.com/docs/authentication/external/externally-sourced-credentials).
Source
# File lib/googleauth/default_credentials.rb, line 57 def self.read_creds env_var = CredentialsLoader::ACCOUNT_TYPE_VAR type = ENV[env_var] raise "#{env_var} is undefined in env" unless type case type when "service_account" ServiceAccountCredentials when "authorized_user" UserRefreshCredentials when "external_account" ExternalAccount::Credentials else raise "credentials type '#{type}' is not supported" end end