Go to file

Mike Moore 9f395a2338 Fix Credentials.default bug If no PATH_ENV_VARS were found Credentials.default would return an empty array. Update each default lookup method to return nil if no match was found. Fix call to from_default_paths method, was calling from_default_vars instead. Add spec coverage for path, json, and default cases. Add spec coverage for application_default case. Fix spec coverage to check the return type from calling Credentials.default.		2017-11-10 15:59:34 -07:00
lib	Fix Credentials.default bug	2017-11-10 15:59:34 -07:00
spec	Fix Credentials.default bug	2017-11-10 15:59:34 -07:00
.gitignore	Ignore emacs backup files and Gemfile.lock	2015-02-11 19:19:47 -08:00
.rspec	Adds top-level documentation and testing metadata	2015-02-24 18:20:43 -08:00
.rubocop.yml	Fix rubocop Ruby 1.9.3 compatibility issues	2017-07-12 17:11:49 -07:00
.travis.yml	Use specific version of JRuby to fix CI for now	2017-09-18 11:38:44 +02:00
CHANGELOG.md	Bump version and update changelog for 0.6.1 release	2017-10-18 10:43:08 -07:00
CONTRIBUTING.md	CONTRIBUTING: Unbreak CLA links [ci skip]	2017-09-13 14:52:08 +02:00
COPYING	Adds top-level documentation and testing metadata	2015-02-24 18:20:43 -08:00
Gemfile	Fix rubocop for Ruby 1.9.3 on CI	2017-09-18 11:26:07 +02:00
README.md	README: Use SVG badges [ci skip]	2017-09-13 14:49:57 +02:00
Rakefile	Fix rubocop Ruby 1.9.3 compatibility issues	2017-07-12 17:11:49 -07:00
googleauth.gemspec	Support ruby-jwt 2.0	2017-09-16 01:11:12 +02:00

README.md

Google Auth Library for Ruby

Homepage: http://www.github.com/google/google-auth-library-ruby
Authors: Tim Emiola
Copyright: Copyright © 2015 Google, Inc.
License: Apache 2.0

Description

This is Google's officially supported ruby client library for using OAuth 2.0 authorization and authentication with Google APIs.

Alpha

This library is in Alpha. We will make an effort to support the library, but we reserve the right to make incompatible changes when necessary.

Install

Be sure https://rubygems.org/ is in your gem sources.

For normal client usage, this is sufficient:

$ gem install googleauth

Example Usage

require 'googleauth'

# Get the environment configured authorization
scopes =  ['https://www.googleapis.com/auth/cloud-platform',
           'https://www.googleapis.com/auth/compute']
authorization = Google::Auth.get_application_default(scopes)

# Add the the access token obtained using the authorization to a hash, e.g
# headers.
some_headers = {}
authorization.apply(some_headers)

Application Default Credentials

This library provides an implementation of application default credentials for Ruby.

The Application Default Credentials provide a simple way to get authorization credentials for use in calling Google APIs.

They are best suited for cases when the call needs to have the same identity and authorization level for the application independent of the user. This is the recommended approach to authorize calls to Cloud APIs, particularly when you're building an application that uses Google Compute Engine.

User Credentials

The library also provides support for requesting and storing user credentials (3-Legged OAuth2.) Two implementations are currently available, a generic authorizer useful for command line apps or custom integrations as well as a web variant tailored toward Rack-based applications.

The authorizers are intended for authorization use cases. For sign-on, see Google Identity Platform

Example (Web)

require 'googleauth'
require 'googleauth/web_user_authorizer'
require 'googleauth/stores/redis_token_store'
require 'redis'

client_id = Google::Auth::ClientId.from_file('/path/to/client_secrets.json')
scope = ['https://www.googleapis.com/auth/drive']
token_store = Google::Auth::Stores::RedisTokenStore.new(redis: Redis.new)
authorizer = Google::Auth::WebUserAuthorizer.new(
  client_id, scope, token_store, '/oauth2callback')


get('/authorize') do
  # NOTE: Assumes the user is already authenticated to the app
  user_id = request.session['user_id']
  credentials = authorizer.get_credentials(user_id, request)
  if credentials.nil?
    redirect authorizer.get_authorization_url(login_hint: user_id, request: request)
  end
  # Credentials are valid, can call APIs
  # ...
end

get('/oauth2callback') do
  target_url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(
    request)
  redirect target_url
end

Example (Command Line)

require 'googleauth'
require 'googleauth/stores/file_token_store'

OOB_URI = 'urn:ietf:wg:oauth:2.0:oob'

scope = 'https://www.googleapis.com/auth/drive'
client_id = Google::Auth::ClientId.from_file('/path/to/client_secrets.json')
token_store = Google::Auth::Stores::FileTokenStore.new(
  :file => '/path/to/tokens.yaml')
authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)

credentials = authorizer.get_credentials(user_id)
if credentials.nil?
  url = authorizer.get_authorization_url(base_url: OOB_URI )
  puts "Open #{url} in your browser and enter the resulting code:"
  code = gets
  credentials = authorizer.get_and_store_credentials_from_code(
    user_id: user_id, code: code, base_url: OOB_URI)
end

# OK to use credentials

Example (Service Account)

scope = 'https://www.googleapis.com/auth/androidpublisher'

authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open('/path/to/service_account_json_key.json'),
  scope: scope)
  
authorizer.fetch_access_token!

Storage

Authorizers require a storage instance to manage long term persistence of access and refresh tokens. Two storage implementations are included:

Google::Auth::Stores::FileTokenStore
Google::Auth::Stores::RedisTokenStore

Custom storage implementations can also be used. See token_store.rb for additional details.

License

This library is licensed under Apache 2.0. Full license text is available in COPYING.

Contributing

See CONTRIBUTING.

Support

Please report bugs at the project on Github. Don't hesitate to ask questions about the client or APIs on StackOverflow.