Google Cloud Storage C++ Client  1.24.0
A C++ Client Library for Google Cloud Storage
Classes | Enumerations | Functions | Variables
google::cloud::storage::v1::oauth2 Namespace Reference

Classes

class  AnonymousCredentials
 A Credentials type representing "anonymous" Google OAuth2.0 credentials. More...
 
class  AuthorizedUserCredentials
 Wrapper class for Google OAuth 2.0 user account credentials. More...
 
struct  AuthorizedUserCredentialsInfo
 Object to hold information used to instantiate an AuthorizedUserCredentials. More...
 
class  ComputeEngineCredentials
 Wrapper class for Google OAuth 2.0 GCE instance service account credentials. More...
 
class  Credentials
 Interface for OAuth 2.0 credentials used to access Google Cloud services. More...
 
class  RefreshingCredentialsWrapper
 Wrapper for refreshable parts of a Credentials object. More...
 
class  ServiceAccountCredentials
 Wrapper class for Google OAuth 2.0 service account credentials. More...
 
struct  ServiceAccountCredentialsInfo
 Object to hold information used to instantiate an ServiceAccountCredentials. More...
 
struct  ServiceAccountMetadata
 A helper struct that contains service account metadata. More...
 

Enumerations

enum  JwtSigningAlgorithms { JwtSigningAlgorithms::RS256 }
 Supported signing algorithms used in JWT auth flows. More...
 

Functions

StatusOr< AuthorizedUserCredentialsInfoParseAuthorizedUserCredentials (std::string const &content, std::string const &source, std::string const &default_token_uri=GoogleOAuthRefreshEndpoint())
 Parses a user credentials JSON string into an AuthorizedUserCredentialsInfo. More...
 
StatusOr< RefreshingCredentialsWrapper::TemporaryTokenParseAuthorizedUserRefreshResponse (storage::internal::HttpResponse const &response, std::chrono::system_clock::time_point now)
 Parses a refresh response JSON string into an authorization header. More...
 
StatusOr< ServiceAccountMetadataParseMetadataServerResponse (storage::internal::HttpResponse const &response)
 Parses a metadata server response JSON string into a ServiceAccountMetadata. More...
 
StatusOr< RefreshingCredentialsWrapper::TemporaryTokenParseComputeEngineRefreshResponse (storage::internal::HttpResponse const &response, std::chrono::system_clock::time_point now)
 Parses a refresh response JSON string into an authorization header. More...
 
constexpr std::chrono::seconds GoogleOAuthAccessTokenLifetime ()
 The max lifetime in seconds of an access token. More...
 
constexpr std::chrono::seconds GoogleOAuthAccessTokenExpirationSlack ()
 Returns the slack to consider when checking if an access token is expired. More...
 
char const * GoogleOAuthRefreshEndpoint ()
 The endpoint to fetch an OAuth 2.0 access token from. More...
 
char const * GoogleOAuthScopeCloudPlatform ()
 String representing the "cloud-platform" OAuth 2.0 scope. More...
 
std::string GoogleAdcFilePathFromEnvVarOrEmpty ()
 Returns the path to the Application Default Credentials file, if set. More...
 
std::string GoogleAdcFilePathFromWellKnownPathOrEmpty ()
 Returns the path to the Application Default Credentials file, if set. More...
 
char const * GoogleAdcEnvVar ()
 Returns the Application Default Credentials environment variable name. More...
 
char const * GoogleGcloudAdcFileEnvVar ()
 Returns the environment variable to override the gcloud ADC path. More...
 
char const * GoogleAdcHomeEnvVar ()
 Returns the environment variable used to construct the well known ADC path. More...
 
StatusOr< std::unique_ptr< Credentials > > LoadCredsFromPath (std::string const &path, bool non_service_account_ok, absl::optional< std::set< std::string >> service_account_scopes, absl::optional< std::string > service_account_subject, ChannelOptions const &options)
 
StatusOr< std::unique_ptr< Credentials > > MaybeLoadCredsFromAdcPaths (bool non_service_account_ok, absl::optional< std::set< std::string >> service_account_scopes, absl::optional< std::string > service_account_subject, ChannelOptions const &options={})
 
StatusOr< std::shared_ptr< Credentials > > GoogleDefaultCredentials (ChannelOptions const &options={})
 Produces a Credentials type based on the runtime environment. More...
 
StatusOr< ServiceAccountCredentialsInfoParseServiceAccountCredentials (std::string const &content, std::string const &source, std::string const &default_token_uri=GoogleOAuthRefreshEndpoint())
 Parses the contents of a JSON keyfile into a ServiceAccountCredentialsInfo. More...
 
StatusOr< ServiceAccountCredentialsInfoParseServiceAccountP12File (std::string const &source, std::string const &default_token_uri=GoogleOAuthRefreshEndpoint())
 Parses the contents of a P12 keyfile into a ServiceAccountCredentialsInfo. More...
 
std::pair< std::string, std::string > AssertionComponentsFromInfo (ServiceAccountCredentialsInfo const &info, std::chrono::system_clock::time_point now)
 Splits a ServiceAccountCredentialsInfo into header and payload components and uses the current time to make a JWT assertion. More...
 
std::string MakeJWTAssertion (std::string const &header, std::string const &payload, std::string const &pem_contents)
 Given a key and a JSON header and payload, creates a JWT assertion string. More...
 
std::string CreateServiceAccountRefreshPayload (ServiceAccountCredentialsInfo const &info, std::string const &grant_type, std::chrono::system_clock::time_point now)
 Uses a ServiceAccountCredentialsInfo and the current time to construct a JWT assertion. More...
 
StatusOr< RefreshingCredentialsWrapper::TemporaryTokenParseServiceAccountRefreshResponse (storage::internal::HttpResponse const &response, std::chrono::system_clock::time_point now)
 Parses a refresh response JSON string and uses the current time to create a TemporaryToken. More...
 
Functions to manually create specific credential types.
std::shared_ptr< CredentialsCreateAnonymousCredentials ()
 Creates an AnonymousCredentials. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateAuthorizedUserCredentialsFromJsonFilePath (std::string const &path)
 Creates an AuthorizedUserCredentials from a JSON file at the specified path. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateAuthorizedUserCredentialsFromJsonContents (std::string const &contents, ChannelOptions const &options={})
 Creates an AuthorizedUserCredentials from a JSON string. More...
 
Load service account key files.
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromFilePath (std::string const &path)
 Creates a ServiceAccountCredentials from a file at the specified path. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromFilePath (std::string const &path, absl::optional< std::set< std::string >> scopes, absl::optional< std::string > subject)
 Creates a ServiceAccountCredentials from a file at the specified path. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromJsonFilePath (std::string const &path)
 Creates a ServiceAccountCredentials from a JSON file at the specified path. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromJsonFilePath (std::string const &path, absl::optional< std::set< std::string >> scopes, absl::optional< std::string > subject, ChannelOptions const &options={})
 Creates a ServiceAccountCredentials from a JSON file at the specified path. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromP12FilePath (std::string const &path, absl::optional< std::set< std::string >> scopes, absl::optional< std::string > subject, ChannelOptions const &options={})
 Creates a ServiceAccountCredentials from a P12 file at the specified path. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromP12FilePath (std::string const &path)
 Creates a ServiceAccountCredentials from a P12 file at the specified path. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromDefaultPaths (ChannelOptions const &options={})
 Produces a ServiceAccountCredentials type by trying to load the standard Application Default Credentials paths. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromDefaultPaths (absl::optional< std::set< std::string >> scopes, absl::optional< std::string > subject, ChannelOptions const &options={})
 Produces a ServiceAccountCredentials type by trying to load the standard Application Default Credentials paths. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromJsonContents (std::string const &contents, ChannelOptions const &options={})
 Creates a ServiceAccountCredentials from a JSON string. More...
 
StatusOr< std::shared_ptr< Credentials > > CreateServiceAccountCredentialsFromJsonContents (std::string const &contents, absl::optional< std::set< std::string >> scopes, absl::optional< std::string > subject, ChannelOptions const &options={})
 Creates a ServiceAccountCredentials from a JSON string. More...
 
std::shared_ptr< CredentialsCreateComputeEngineCredentials ()
 Creates a ComputeEngineCredentials for the VM's default service account. More...
 
std::shared_ptr< CredentialsCreateComputeEngineCredentials (std::string const &service_account_email)
 Creates a ComputeEngineCredentials for the VM's specified service account. More...
 

Variables

constexpr char kAdcLink []
 

Enumeration Type Documentation

◆ JwtSigningAlgorithms

Supported signing algorithms used in JWT auth flows.

We currently only support RSA with SHA-256, but use this enum for readability and easy addition of support for other algorithms.

Enumerator
RS256 

Definition at line 34 of file credential_constants.h.

Function Documentation

◆ AssertionComponentsFromInfo()

std::pair< std::string, std::string > google::cloud::storage::v1::oauth2::AssertionComponentsFromInfo ( ServiceAccountCredentialsInfo const &  info,
std::chrono::system_clock::time_point  now 
)

Splits a ServiceAccountCredentialsInfo into header and payload components and uses the current time to make a JWT assertion.

See also
https://cloud.google.com/endpoints/docs/frameworks/java/troubleshoot-jwt
https://tools.ietf.org/html/rfc7523

Definition at line 209 of file service_account_credentials.cc.

◆ CreateAnonymousCredentials()

std::shared_ptr< Credentials > google::cloud::storage::v1::oauth2::CreateAnonymousCredentials ( )

Creates an AnonymousCredentials.

Definition at line 179 of file google_credentials.cc.

◆ CreateAuthorizedUserCredentialsFromJsonContents()

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateAuthorizedUserCredentialsFromJsonContents ( std::string const &  contents,
ChannelOptions const &  options = {} 
)

Creates an AuthorizedUserCredentials from a JSON string.

Note
It is strongly preferred to instead use service account credentials with Cloud Storage client libraries.

Definition at line 196 of file google_credentials.cc.

◆ CreateAuthorizedUserCredentialsFromJsonFilePath()

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateAuthorizedUserCredentialsFromJsonFilePath ( std::string const &  path)

Creates an AuthorizedUserCredentials from a JSON file at the specified path.

Note
It is strongly preferred to instead use service account credentials with Cloud Storage client libraries.

Definition at line 184 of file google_credentials.cc.

◆ CreateComputeEngineCredentials() [1/2]

std::shared_ptr< Credentials > google::cloud::storage::v1::oauth2::CreateComputeEngineCredentials ( )

Creates a ComputeEngineCredentials for the VM's default service account.

Definition at line 324 of file google_credentials.cc.

◆ CreateComputeEngineCredentials() [2/2]

std::shared_ptr< Credentials > google::cloud::storage::v1::oauth2::CreateComputeEngineCredentials ( std::string const &  service_account_email)

Creates a ComputeEngineCredentials for the VM's specified service account.

Definition at line 328 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromDefaultPaths() [1/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromDefaultPaths ( absl::optional< std::set< std::string >>  scopes,
absl::optional< std::string >  subject,
ChannelOptions const &  options = {} 
)

Produces a ServiceAccountCredentials type by trying to load the standard Application Default Credentials paths.

If the GOOGLE_APPLICATION_CREDENTIALS environment variable is set, the JSON or P12 file it points to will be loaded. Otherwise, if the gcloud utility has configured an Application Default Credentials file, that file is loaded. The loaded file is used to create a ServiceAccountCredentials.

Parameters
scopesthe scopes to request during the authorization grant. If omitted, the cloud-platform scope, defined by GoogleOAuthScopeCloudPlatform(), is used as a default.
subjectfor domain-wide delegation; the email address of the user for which to request delegated access. If omitted, no "subject" attribute is included in the authorization grant.
optionsany configuration needed for the transport channel to Google's authentication servers.
See also
https://developers.google.com/identity/protocols/googlescopes for a list of OAuth 2.0 scopes used with Google APIs.
https://cloud.google.com/docs/authentication/production for details about Application Default Credentials.

Definition at line 274 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromDefaultPaths() [2/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromDefaultPaths ( ChannelOptions const &  options = {})

Produces a ServiceAccountCredentials type by trying to load the standard Application Default Credentials paths.

If the GOOGLE_APPLICATION_CREDENTIALS environment variable is set, the JSON or P12 file it points to will be loaded. Otherwise, if the gcloud utility has configured an Application Default Credentials file, that file is loaded. The loaded file is used to create a ServiceAccountCredentials.

Parameters
optionsany configuration needed for the transport channel to Google's authentication servers.
See also
https://cloud.google.com/docs/authentication/production for details about Application Default Credentials.

Definition at line 269 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromFilePath() [1/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromFilePath ( std::string const &  path)

Creates a ServiceAccountCredentials from a file at the specified path.

Note
This function automatically detects if the file is a JSON or P12 (aka PFX aka PKCS#12) file and tries to load the file as a service account credential. We strongly recommend that applications use JSON files for service account key files.

These credentials use the cloud-platform OAuth 2.0 scope, defined by GoogleOAuthScopeCloudPlatform(). To specify alternate scopes, use the overloaded version of this function.

Definition at line 207 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromFilePath() [2/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromFilePath ( std::string const &  path,
absl::optional< std::set< std::string >>  scopes,
absl::optional< std::string >  subject 
)

Creates a ServiceAccountCredentials from a file at the specified path.

Note
This function automatically detects if the file is a JSON or P12 (aka PFX aka PKCS#12) file and tries to load the file as a service account credential. We strongly recommend that applications use JSON files for service account key files.
Parameters
paththe path to the file containing service account JSON credentials.
scopesthe scopes to request during the authorization grant. If omitted, the cloud-platform scope, defined by GoogleOAuthScopeCloudPlatform(), is used as a default.
subjectfor domain-wide delegation; the email address of the user for which to request delegated access. If omitted, no "subject" attribute is included in the authorization grant.
See also
https://developers.google.com/identity/protocols/googlescopes for a list of OAuth 2.0 scopes used with Google APIs.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount for more information about domain-wide delegation.

Definition at line 212 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromJsonContents() [1/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromJsonContents ( std::string const &  contents,
absl::optional< std::set< std::string >>  scopes,
absl::optional< std::string >  subject,
ChannelOptions const &  options = {} 
)

Creates a ServiceAccountCredentials from a JSON string.

Parameters
contentsthe string containing the JSON contents of a service account credentials file.
scopesthe scopes to request during the authorization grant. If omitted, the cloud-platform scope, defined by GoogleOAuthScopeCloudPlatform(), is used as a default.
subjectfor domain-wide delegation; the email address of the user for which to request delegated access. If omitted, no "subject" attribute is included in the authorization grant.
optionsany configuration needed for the transport channel to Google's authentication servers.
See also
https://developers.google.com/identity/protocols/googlescopes for a list of OAuth 2.0 scopes used with Google APIs.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount for more information about domain-wide delegation.

Definition at line 302 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromJsonContents() [2/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromJsonContents ( std::string const &  contents,
ChannelOptions const &  options = {} 
)

Creates a ServiceAccountCredentials from a JSON string.

These credentials use the cloud-platform OAuth 2.0 scope, defined by GoogleOAuthScopeCloudPlatform(). To specify an alternate set of scopes, use the overloaded version of this function.

Definition at line 295 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromJsonFilePath() [1/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromJsonFilePath ( std::string const &  path)

Creates a ServiceAccountCredentials from a JSON file at the specified path.

These credentials use the cloud-platform OAuth 2.0 scope, defined by GoogleOAuthScopeCloudPlatform(). To specify alternate scopes, use the overloaded version of this function.

Definition at line 225 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromJsonFilePath() [2/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromJsonFilePath ( std::string const &  path,
absl::optional< std::set< std::string >>  scopes,
absl::optional< std::string >  subject,
ChannelOptions const &  options = {} 
)

Creates a ServiceAccountCredentials from a JSON file at the specified path.

Parameters
paththe path to the file containing service account JSON credentials.
scopesthe scopes to request during the authorization grant. If omitted, the cloud-platform scope, defined by GoogleOAuthScopeCloudPlatform(), is used as a default.
subjectfor domain-wide delegation; the email address of the user for which to request delegated access. If omitted, no "subject" attribute is included in the authorization grant.
optionsany configuration needed for the transport channel to Google's authentication servers.
See also
https://developers.google.com/identity/protocols/googlescopes for a list of OAuth 2.0 scopes used with Google APIs.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount for more information about domain-wide delegation.

Definition at line 230 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromP12FilePath() [1/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromP12FilePath ( std::string const &  path)

Creates a ServiceAccountCredentials from a P12 file at the specified path.

These credentials use the cloud-platform OAuth 2.0 scope, defined by GoogleOAuthScopeCloudPlatform(). To specify alternate scopes, use the overloaded version of this function.

Definition at line 264 of file google_credentials.cc.

◆ CreateServiceAccountCredentialsFromP12FilePath() [2/2]

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::CreateServiceAccountCredentialsFromP12FilePath ( std::string const &  path,
absl::optional< std::set< std::string >>  scopes,
absl::optional< std::string >  subject,
ChannelOptions const &  options = {} 
)

Creates a ServiceAccountCredentials from a P12 file at the specified path.

Parameters
paththe path to the file containing service account JSON credentials.
scopesthe scopes to request during the authorization grant. If omitted, the cloud-platform scope, defined by GoogleOAuthScopeCloudPlatform(), is used as a default.
subjectfor domain-wide delegation; the email address of the user for which to request delegated access. If omitted, no "subject" attribute is included in the authorization grant.
optionsany configuration needed for the transport channel to Google's authentication servers.
See also
https://developers.google.com/identity/protocols/googlescopes for a list of OAuth 2.0 scopes used with Google APIs.
https://developers.google.com/identity/protocols/OAuth2ServiceAccount for more information about domain-wide delegation.

Definition at line 248 of file google_credentials.cc.

◆ CreateServiceAccountRefreshPayload()

std::string google::cloud::storage::v1::oauth2::CreateServiceAccountRefreshPayload ( ServiceAccountCredentialsInfo const &  info,
std::string const &  grant_type,
std::chrono::system_clock::time_point  now 
)

Uses a ServiceAccountCredentialsInfo and the current time to construct a JWT assertion.

The assertion combined with the grant type is used to create the refresh payload.

Definition at line 256 of file service_account_credentials.cc.

◆ GoogleAdcEnvVar()

char const* google::cloud::storage::v1::oauth2::GoogleAdcEnvVar ( )
inline

Returns the Application Default Credentials environment variable name.

This environment variable should be checked for a valid file path when attempting to load Google Application Default Credentials.

Definition at line 33 of file google_application_default_credentials_file.h.

◆ GoogleAdcFilePathFromEnvVarOrEmpty()

std::string google::cloud::storage::v1::oauth2::GoogleAdcFilePathFromEnvVarOrEmpty ( )

Returns the path to the Application Default Credentials file, if set.

If the Application Default Credentials environment variable is set, we check the path specified by its value for a file containing ADCs. Returns an empty string if no such path exists or the environment variable is not set.

Definition at line 40 of file google_application_default_credentials_file.cc.

◆ GoogleAdcFilePathFromWellKnownPathOrEmpty()

std::string google::cloud::storage::v1::oauth2::GoogleAdcFilePathFromWellKnownPathOrEmpty ( )

Returns the path to the Application Default Credentials file, if set.

If the gcloud utility has configured an Application Default Credentials file, the path to that file is returned. Returns an empty string if no such file exists at the well known path.

Definition at line 48 of file google_application_default_credentials_file.cc.

◆ GoogleAdcHomeEnvVar()

char const* google::cloud::storage::v1::oauth2::GoogleAdcHomeEnvVar ( )
inline

Returns the environment variable used to construct the well known ADC path.

The directory containing a user's application configuration data, indicated by this environment variable, varies across environments. That directory is used when constructing the well known path of the Application Default Credentials file.

Definition at line 75 of file google_application_default_credentials_file.h.

◆ GoogleDefaultCredentials()

StatusOr< std::shared_ptr< Credentials > > google::cloud::storage::v1::oauth2::GoogleDefaultCredentials ( ChannelOptions const &  options = {})

Produces a Credentials type based on the runtime environment.

If the GOOGLE_APPLICATION_CREDENTIALS environment variable is set, the JSON file it points to will be loaded and used to create a credential of the specified type. Otherwise, if running on a Google-hosted environment (e.g. Compute Engine), credentials for the the environment's default service account will be used.

See also
https://cloud.google.com/docs/authentication/production for details about Application Default Credentials.

Definition at line 149 of file google_credentials.cc.

◆ GoogleGcloudAdcFileEnvVar()

char const* google::cloud::storage::v1::oauth2::GoogleGcloudAdcFileEnvVar ( )
inline

Returns the environment variable to override the gcloud ADC path.

This environment variable is used for testing to override the path that should be searched for the gcloud Application Default Credentials file.

Definition at line 62 of file google_application_default_credentials_file.h.

◆ GoogleOAuthAccessTokenExpirationSlack()

constexpr std::chrono::seconds google::cloud::storage::v1::oauth2::GoogleOAuthAccessTokenExpirationSlack ( )
constexpr

Returns the slack to consider when checking if an access token is expired.

This time should be subtracted from a token's expiration time when checking if it is expired. This prevents race conditions where, for example, one might check expiration time one second before the expiration, see that the token is still valid, then attempt to use it two seconds later and receive an error.

Definition at line 50 of file credential_constants.h.

◆ GoogleOAuthAccessTokenLifetime()

constexpr std::chrono::seconds google::cloud::storage::v1::oauth2::GoogleOAuthAccessTokenLifetime ( )
constexpr

The max lifetime in seconds of an access token.

Definition at line 37 of file credential_constants.h.

◆ GoogleOAuthRefreshEndpoint()

char const* google::cloud::storage::v1::oauth2::GoogleOAuthRefreshEndpoint ( )
inline

The endpoint to fetch an OAuth 2.0 access token from.

Definition at line 55 of file credential_constants.h.

◆ GoogleOAuthScopeCloudPlatform()

char const* google::cloud::storage::v1::oauth2::GoogleOAuthScopeCloudPlatform ( )
inline

String representing the "cloud-platform" OAuth 2.0 scope.

Definition at line 61 of file credential_constants.h.

◆ LoadCredsFromPath()

StatusOr<std::unique_ptr<Credentials> > google::cloud::storage::v1::oauth2::LoadCredsFromPath ( std::string const &  path,
bool  non_service_account_ok,
absl::optional< std::set< std::string >>  service_account_scopes,
absl::optional< std::string >  service_account_subject,
ChannelOptions const &  options 
)

Definition at line 46 of file google_credentials.cc.

◆ MakeJWTAssertion()

std::string google::cloud::storage::v1::oauth2::MakeJWTAssertion ( std::string const &  header,
std::string const &  payload,
std::string const &  pem_contents 
)

Given a key and a JSON header and payload, creates a JWT assertion string.

See also
https://tools.ietf.org/html/rfc7519

Definition at line 249 of file service_account_credentials.cc.

◆ MaybeLoadCredsFromAdcPaths()

StatusOr<std::unique_ptr<Credentials> > google::cloud::storage::v1::oauth2::MaybeLoadCredsFromAdcPaths ( bool  non_service_account_ok,
absl::optional< std::set< std::string >>  service_account_scopes,
absl::optional< std::string >  service_account_subject,
ChannelOptions const &  options = {} 
)

Definition at line 119 of file google_credentials.cc.

◆ ParseAuthorizedUserCredentials()

StatusOr< AuthorizedUserCredentialsInfo > google::cloud::storage::v1::oauth2::ParseAuthorizedUserCredentials ( std::string const &  content,
std::string const &  source,
std::string const &  default_token_uri 
)

Parses a user credentials JSON string into an AuthorizedUserCredentialsInfo.

Definition at line 23 of file authorized_user_credentials.cc.

◆ ParseAuthorizedUserRefreshResponse()

StatusOr< RefreshingCredentialsWrapper::TemporaryToken > google::cloud::storage::v1::oauth2::ParseAuthorizedUserRefreshResponse ( storage::internal::HttpResponse const &  response,
std::chrono::system_clock::time_point  now 
)

Parses a refresh response JSON string into an authorization header.

The header and the current time (for the expiration) form a TemporaryToken.

Definition at line 63 of file authorized_user_credentials.cc.

◆ ParseComputeEngineRefreshResponse()

StatusOr< RefreshingCredentialsWrapper::TemporaryToken > google::cloud::storage::v1::oauth2::ParseComputeEngineRefreshResponse ( storage::internal::HttpResponse const &  response,
std::chrono::system_clock::time_point  now 
)

Parses a refresh response JSON string into an authorization header.

The header and the current time (for the expiration) form a TemporaryToken.

Definition at line 49 of file compute_engine_credentials.cc.

◆ ParseMetadataServerResponse()

StatusOr< ServiceAccountMetadata > google::cloud::storage::v1::oauth2::ParseMetadataServerResponse ( storage::internal::HttpResponse const &  response)

Parses a metadata server response JSON string into a ServiceAccountMetadata.

Definition at line 23 of file compute_engine_credentials.cc.

◆ ParseServiceAccountCredentials()

StatusOr< ServiceAccountCredentialsInfo > google::cloud::storage::v1::oauth2::ParseServiceAccountCredentials ( std::string const &  content,
std::string const &  source,
std::string const &  default_token_uri 
)

Parses the contents of a JSON keyfile into a ServiceAccountCredentialsInfo.

Definition at line 52 of file service_account_credentials.cc.

◆ ParseServiceAccountP12File()

StatusOr< ServiceAccountCredentialsInfo > google::cloud::storage::v1::oauth2::ParseServiceAccountP12File ( std::string const &  source,
std::string const &  default_token_uri = GoogleOAuthRefreshEndpoint() 
)

Parses the contents of a P12 keyfile into a ServiceAccountCredentialsInfo.

Warning
We strongly recommend that applications use JSON keyfiles instead.
Note
Note that P12 keyfiles do not contain the client_email for the service account, the application must obtain this through some other means and provide them to the function.

Definition at line 101 of file service_account_credentials.cc.

◆ ParseServiceAccountRefreshResponse()

StatusOr< RefreshingCredentialsWrapper::TemporaryToken > google::cloud::storage::v1::oauth2::ParseServiceAccountRefreshResponse ( storage::internal::HttpResponse const &  response,
std::chrono::system_clock::time_point  now 
)

Parses a refresh response JSON string and uses the current time to create a TemporaryToken.

Definition at line 268 of file service_account_credentials.cc.

Variable Documentation

◆ kAdcLink

constexpr char google::cloud::storage::v1::oauth2::kAdcLink[]
constexpr
Initial value:
=
"https://developers.google.com/identity/protocols/"
"application-default-credentials"

Definition at line 35 of file google_credentials.cc.