new GoogleAuth(opts)
Configuration is resolved in the following order of precedence:
credentialskeyFilenamekeyFile
clientOptions are passed to the
AuthClients.
Parameters:
| Name | Type | Description |
|---|---|---|
opts |
Members
defaultScopes
Scopes populated by the client library by default. We differentiate between these and user defined scopes when deciding whether to use a self-signed JWT.
Methods
_cacheClientFromJSON(json, options)
Return a JWT or UserRefreshClient from JavaScript object, caching both the object used to instantiate and the client.
Parameters:
| Name | Type | Description |
|---|---|---|
json |
The input object. |
|
options |
The JWT or UserRefresh options for the client |
Returns:
| Type | Description |
|---|---|
|
JWT or UserRefresh Client with data |
(async) _checkIsGCE()
Determines whether the auth layer is running on Google Compute Engine. Checks for GCP Residency, then fallback to checking if metadata server is available.
Returns:
| Type | Description |
|---|---|
|
A promise that resolves with the boolean. |
(async) _getApplicationCredentialsFromFilePath(filePath)
Attempts to load default credentials from a file at the given path..
Parameters:
| Name | Type | Description |
|---|---|---|
filePath |
The path to the file to read. |
Returns:
| Type | Description |
|---|---|
|
Promise that resolves with the OAuth2Client |
_isWindows()
Determines whether the current operating system is Windows.
(async) _tryGetApplicationCredentialsFromEnvironmentVariable()
Attempts to load default credentials from the environment variable path..
Returns:
| Type | Description |
|---|---|
|
Promise that resolves with the OAuth2Client or null. |
(async) _tryGetApplicationCredentialsFromWellKnownFile()
Attempts to load default credentials from a well-known file location
Returns:
| Type | Description |
|---|---|
|
Promise that resolves with the OAuth2Client or null. |
(async) authorizeRequest(opts)
Obtain credentials for a request, then attach the appropriate headers to the request options.
Parameters:
| Name | Type | Description |
|---|---|---|
opts |
Axios or Request options on which to attach the headers |
(async) fetch(…args)
A fetch compliant API for GoogleAuth.
Parameters:
| Name | Type | Attributes | Description |
|---|---|---|---|
args |
<repeatable> |
|
Returns:
| Type | Description |
|---|---|
|
the GaxiosResponse with Gaxios-added properties |
- See:
-
- GoogleAuth.request for the classic method.
Example
```ts
const auth = new GoogleAuth();
const fetchWithAuth: typeof fetch = (...args) => auth.fetch(...args);
await fetchWithAuth('https://example.com');
```(async) findAndCacheProjectId()
A private method for finding and caching a projectId.
Supports environments in order of precedence:
- GCLOUD_PROJECT or GOOGLE_CLOUD_PROJECT environment variable
- GOOGLE_APPLICATION_CREDENTIALS JSON file
- Cloud SDK:
gcloud config config-helper --format json - GCE project ID from metadata server
Returns:
| Type | Description |
|---|---|
|
projectId |
fromAPIKey(apiKey, options)
Create a credentials instance using the given API key string.
The created client is not cached. In order to create and cache it use the getClient method after first providing an apiKey.
Parameters:
| Name | Type | Description |
|---|---|---|
apiKey |
The API key string |
|
options |
An optional options object. |
Returns:
| Type | Description |
|---|---|
|
A JWT loaded from the key |
fromImpersonatedJSON(json)
Create a credentials instance using a given impersonated input options.
Parameters:
| Name | Type | Description |
|---|---|---|
json |
The impersonated input object. |
Returns:
| Type | Description |
|---|---|
|
JWT or UserRefresh Client with data |
fromJSON(json, options)
Create a credentials instance using the given input options. This client is not cached.
Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to Validate credential configurations from external sources.
Parameters:
| Name | Type | Description |
|---|---|---|
json |
The input object. |
|
options |
The JWT or UserRefresh options for the client |
Returns:
| Type | Description |
|---|---|
|
JWT or UserRefresh Client with data |
(async) getAccessToken()
Automatically obtain application default credentials, and return an access token for making requests.
getAnyScopes()
Returns:
| Type | Description |
|---|---|
|
Any scopes (user-specified or default scopes specified by the client library) that need to be set on the current Auth client. |
(async) getClient()
Automatically obtain an AuthClient based on the
provided configuration. If no options were passed, use Application
Default Credentials.
(async) getDefaultServiceProjectId()
Run the Google Cloud SDK command that prints the default project ID
getEnv()
Determine the compute environment in which the code is running.
(async) getExternalAccountClientProjectId()
Gets the project ID from external account client if available.
(async) getFileProjectId()
Loads the project id from the GOOGLE_APPLICATION_CREDENTIALS json file.
(async) getGCEProjectId()
Gets the Compute Engine project ID if it can be inferred.
(async) getIdTokenClient(targetAudience)
Creates a client which will fetch an ID token for authorization.
Parameters:
| Name | Type | Description |
|---|---|---|
targetAudience |
the audience for the fetched ID token. |
Returns:
| Type | Description |
|---|---|
|
IdTokenClient for making HTTP calls authenticated with ID tokens. |
getProductionProjectId()
Loads the project id from environment variables.
(async) getProjectIdOptional()
A temporary method for internal getProjectId usages where null is
acceptable. In a future major release, getProjectId should return null
(as the Promise<string | null> base signature describes) and this private
method should be removed.
Returns:
| Type | Description |
|---|---|
|
Promise that resolves with project id (or |
(async) getRequestHeaders()
Obtain the HTTP headers that will provide authorization for a given request.
(async) getUniverseDomain()
Retrieves, caches, and returns the universe domain in the following order of precedence:
- The universe domain in GoogleAuth.clientOptions
- An existing or ADC AuthClient's universe domain
- gcpMetadata.universe, if Compute client
Returns:
| Type | Description |
|---|---|
|
The universe domain |
(async) getUniverseDomainFromMetadataServer()
Retrieves a universe domain from the metadata server via gcpMetadata.universe.
Returns:
| Type | Description |
|---|---|
|
a universe domain |
(async) request(opts)
Automatically obtain application default credentials, and make an HTTP request using the given options.
Parameters:
| Name | Type | Description |
|---|---|---|
opts |
Axios request options for the HTTP request. |
- See:
-
- GoogleAuth.fetch for the modern method.
(async) sign(data, endpoint)
Sign the given data with the current private key, or go out to the IAM API to sign it.
Parameters:
| Name | Type | Description |
|---|---|---|
data |
The data to be signed. |
|
endpoint |
A custom endpoint to use. |