Wrapper class for Google OAuth 2.0 service account credentials.
Takes a ServiceAccountCredentialsInfo and obtains access tokens from the Google Authorization Service as needed. Instances of this class should usually be created via the convenience methods declared in google_credentials.h.
An HTTP Authorization header, with an access token as its value, can be obtained by calling the AuthorizationHeader() method; if the current access token is invalid or nearing expiration, this will class will first obtain a new access token before returning the Authorization header string.
See Also
https://developers.google.com/identity/protocols/OAuth2ServiceAccount for an overview of using service accounts with Google's OAuth 2.0 system.
See Also
https://cloud.google.com/storage/docs/reference/libraries for details on how to obtain and get started with service account credentials.
Constructors
ServiceAccountCredentials(ServiceAccountCredentialsInfo)
Parameter | |
---|---|
Name | Description |
info |
ServiceAccountCredentialsInfo
|
ServiceAccountCredentials(ServiceAccountCredentialsInfo, ChannelOptions const &)
Parameters | |
---|---|
Name | Description |
info |
ServiceAccountCredentialsInfo
|
options |
ChannelOptions const &
|
Functions
virtual AuthorizationHeader()
Attempts to obtain a value for the Authorization HTTP header.
If unable to obtain a value for the Authorization header, which could happen for Credentials
that need to be periodically refreshed, the underlying Status
will indicate failure details from the refresh HTTP request. Otherwise, the returned value will contain the Authorization header to be used in HTTP requests.
Returns | |
---|---|
Type | Description |
StatusOr< std::string > |
virtual SignBlob(SigningAccount const &, std::string const &) const
Create a RSA SHA256 signature of the blob using the Credential object.
Parameters | |
---|---|
Name | Description |
signing_account |
SigningAccount const &
the desired service account which should sign |
blob |
std::string const &
the string to sign. Note that sometimes the application must Base64-encode the data before signing. |
Returns | |
---|---|
Type | Description |
StatusOr< std::vector< std::uint8_t > > |
the signed blob as raw bytes. An error if the |
virtual AccountEmail() const
Return the account's email associated with these credentials, if any.
Returns | |
---|---|
Type | Description |
std::string |
virtual KeyId() const
Return the account's key_id associated with these credentials, if any.
Returns | |
---|---|
Type | Description |
std::string |