Google Cloud Storage C++ Client 2.13.0
A C++ Client Library for Google Cloud Storage
Loading...
Searching...
No Matches
Public Member Functions | List of all members
google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType > Class Template Reference

Wrapper class for Google OAuth 2.0 service account credentials. More...

#include <google/cloud/storage/oauth2/service_account_credentials.h>

Public Member Functions

 ServiceAccountCredentials (ServiceAccountCredentialsInfo info)
 
 ServiceAccountCredentials (ServiceAccountCredentialsInfo info, ChannelOptions const &options)
 
StatusOr< std::string > AuthorizationHeader () override
 Attempts to obtain a value for the Authorization HTTP header. More...
 
StatusOr< std::vector< std::uint8_t > > SignBlob (SigningAccount const &signing_account, std::string const &blob) const override
 Create a RSA SHA256 signature of the blob using the Credential object. More...
 
std::string AccountEmail () const override
 Return the account's email associated with these credentials, if any. More...
 
std::string KeyId () const override
 Return the account's key_id associated with these credentials, if any. More...
 

Detailed Description

template<typename HttpRequestBuilderType, typename ClockType>
class google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >

Wrapper class for Google OAuth 2.0 service account credentials.

Takes a ServiceAccountCredentialsInfo and obtains access tokens from the Google Authorization Service as needed. Instances of this class should usually be created via the convenience methods declared in google_credentials.h.

An HTTP Authorization header, with an access token as its value, can be obtained by calling the AuthorizationHeader() method; if the current access token is invalid or nearing expiration, this will class will first obtain a new access token before returning the Authorization header string.

See also
https://developers.google.com/identity/protocols/OAuth2ServiceAccount for an overview of using service accounts with Google's OAuth 2.0 system.
https://cloud.google.com/storage/docs/reference/libraries for details on how to obtain and get started with service account credentials.
Template Parameters
HttpRequestBuilderTypea dependency injection point. It makes it possible to mock internal libcurl wrappers. This should generally not be overridden except for testing.
ClockTypea dependency injection point to fetch the current time. This should generally not be overridden except for testing.
Deprecated:
Prefer using the unified credentials documented in Authentication Components

Constructor & Destructor Documentation

◆ ServiceAccountCredentials() [1/2]

template<typename HttpRequestBuilderType , typename ClockType >
google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >::ServiceAccountCredentials ( ServiceAccountCredentialsInfo  info)
inlineexplicit

◆ ServiceAccountCredentials() [2/2]

template<typename HttpRequestBuilderType , typename ClockType >
google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >::ServiceAccountCredentials ( ServiceAccountCredentialsInfo  info,
ChannelOptions const &  options 
)
inline

Member Function Documentation

◆ AccountEmail()

template<typename HttpRequestBuilderType , typename ClockType >
std::string google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >::AccountEmail ( ) const
inlineoverridevirtual

Return the account's email associated with these credentials, if any.

Deprecated:
Prefer using the unified credentials documented in Authentication Components

Reimplemented from google::cloud::storage::oauth2::Credentials.

◆ AuthorizationHeader()

template<typename HttpRequestBuilderType , typename ClockType >
StatusOr< std::string > google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >::AuthorizationHeader ( )
inlineoverridevirtual

Attempts to obtain a value for the Authorization HTTP header.

If unable to obtain a value for the Authorization header, which could happen for Credentials that need to be periodically refreshed, the underlying Status will indicate failure details from the refresh HTTP request. Otherwise, the returned value will contain the Authorization header to be used in HTTP requests.

Deprecated:
Prefer using the unified credentials documented in Authentication Components

Implements google::cloud::storage::oauth2::Credentials.

◆ KeyId()

template<typename HttpRequestBuilderType , typename ClockType >
std::string google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >::KeyId ( ) const
inlineoverridevirtual

Return the account's key_id associated with these credentials, if any.

Deprecated:
Prefer using the unified credentials documented in Authentication Components

Reimplemented from google::cloud::storage::oauth2::Credentials.

◆ SignBlob()

template<typename HttpRequestBuilderType , typename ClockType >
StatusOr< std::vector< std::uint8_t > > google::cloud::storage::oauth2::ServiceAccountCredentials< HttpRequestBuilderType, ClockType >::SignBlob ( SigningAccount const &  signing_account,
std::string const &  blob 
) const
inlineoverridevirtual

Create a RSA SHA256 signature of the blob using the Credential object.

Parameters
signing_accountthe desired service account which should sign blob. If not set, uses this object's account. If set, it must match this object's service account.
blobthe string to sign. Note that sometimes the application must Base64-encode the data before signing.
Returns
the signed blob as raw bytes. An error if the signing_account does not match the email for the credential's account.
Deprecated:
Prefer using the unified credentials documented in Authentication Components

Reimplemented from google::cloud::storage::oauth2::Credentials.

Generated on Mon Jul 3 2023 20:34:52 for Google Cloud Storage C++ Client by doxygen 1.9.5