Documentation ¶
Overview ¶
Package gserviceaccount provides a simple way to load Google service account credentials and create a corresponding oauth2.TokenSource from it.
Index ¶
Constants ¶
const ( // DefaultAlgorithm is the default jwt.Algothrithm to use with service // account tokens. DefaultAlgorithm = jwt.RS256 // DefaultExpiration is the default token expiration duration to use with // service account tokens. DefaultExpiration = 1 * time.Hour )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GServiceAccount ¶
type GServiceAccount struct { Type string `json:"type,omitempty"` ProjectID string `json:"project_id,omitempty"` PrivateKeyID string `json:"private_key_id,omitempty"` PrivateKey string `json:"private_key,omitempty"` ClientEmail string `json:"client_email,omitempty"` ClientID string `json:"client_id,omitempty"` AuthURI string `json:"auth_uri,omitempty"` TokenURI string `json:"token_uri,omitempty"` AuthProviderX509CertURL string `json:"auth_provider_x509_cert_url,omitempty"` ClientX509CertURL string `json:"client_x509_cert_url,omitempty"` // contains filtered or unexported fields }
GServiceAccount wraps Google Service Account parameters, and are the same values found in a standard JSON-encoded credentials file provided by Google.
func FromFile ¶
func FromFile(path string, opts ...Option) (*GServiceAccount, error)
FromFile loads Google service account credentials from a reader.
func FromJSON ¶
func FromJSON(buf []byte, opts ...Option) (*GServiceAccount, error)
FromJSON loads service account credentials from the JSON encoded buf.
func FromReader ¶
func FromReader(r io.Reader, opts ...Option) (*GServiceAccount, error)
FromReader loads Google service account credentials from a reader.
func (*GServiceAccount) Client ¶
Client returns a HTTP client using the provided context and scopes for the service account as the underlying transport.
When called with the appropriate scopes, the created client can be used to create any Google API Service:
import ( dns "google.golang.org/api/dns/v2beta1" ) cl, err := gsa.Client(ctx, dns.CloudPlatformScope, dns.NdevClouddnsReadwriteScope) if err != nil { /* ... */ } dnsService, err := dns.New(cl) if err != nil { /* ... */ }
Note: this is a convenience func only.
func (*GServiceAccount) Signer ¶
func (gsa *GServiceAccount) Signer() (jwt.Signer, error)
Signer returns a jwt.Signer for use when signing tokens.
func (*GServiceAccount) TokenSource ¶
func (gsa *GServiceAccount) TokenSource(ctx context.Context, scopes ...string) (*bearer.Bearer, error)
TokenSource returns a oauth2.TokenSource for the Google Service Account using the provided context and scopes. The resulting token source should be wrapped with oauth2.ReusableTokenSource prior to being used elsewhere.
If additional claims need to be added to the TokenSource (ie, subject or the "sub" field), use WithClaim option to add claims before wrapping the TokenSource with oauth2.ReusableTokenSource.
type Option ¶
type Option func(*GServiceAccount) error
Option is a GServiceAccount option.
func WithClaim ¶
WithClaim is a GServiceAccount option to set additional claims for tokens generated from the token source.
func WithExpiration ¶
WithExpiration is a GServiceAccount option to set a expiration limit for tokens generated from the token source.
func WithProxy ¶
WithProxy is a GServiceAccount option to set a HTTP proxy used for by the token source.
func WithSubject ¶
WithSubject is a GServiceAccount option to set a subject ("sub") claim for tokens generated from the token source.
This is useful when using domain-wide delegation to impersonate a user.
Example:
import ( "github.com/kenshaw/jwt/gserviceaccount" admin "google.golang.org/api/admin/directory/v1" ) func main() { gsa, err := gserviceaccount.FromFile("/path/to/gsa.json", gserviceaccount.WithSubject("user@example.com")) if err != nil { /* ... */ } cl, err := gsa.Client() if err != nil { /* ... */ } adminService, err := admin.New(cl) if err != nil { /* ... */ } users, err := adminService.Users.Domain("example.com").List() if err != nil { /* ... */ } for _, u := range users.Users { /* ... */ } }
func WithTransport ¶
func WithTransport(transport http.RoundTripper) Option
WithTransport is a GServiceAccount option to set the client transport used by the token source.