credentials_app_default: Load Application Default Credentials
In gargle: Utilities for Working with Google APIs
View source: R/credentials_app_default.R
credentials_app_default R Documentation
Load Application Default Credentials
Description
Loads credentials from a file identified via a search strategy known as
Application Default Credentials (ADC). The hope is to make auth "just work"
for someone working on Google-provided infrastructure or who has used Google
tooling to get started, such as the gcloud command line tool.
A sequence of paths is consulted, which we describe here, with some abuse of
notation. ALL_CAPS represents the value of an environment variable and %||%
is used in the spirit of a null coalescing operator.
GOOGLE_APPLICATION_CREDENTIALS
CLOUDSDK_CONFIG/application_default_credentials.json
# on Windows:
(APPDATA %||% SystemDrive %||% C:)\gcloud\application_default_credentials.json
# on not-Windows:
~/.config/gcloud/application_default_credentials.json
If the above search successfully identifies a JSON file, it is parsed and
ingested as a service account, an external account ("workload identity
federation"), or a user account. Literally, if the JSON describes a service
account, we call credentials_service_account() and if it describes an
external account, we call credentials_external_account().
Usage
credentials_app_default(scopes = NULL, ..., subject = NULL)
Arguments
scopes
A character vector of scopes to request. Pick from those listed
at https://developers.google.com/identity/protocols/oauth2/scopes.
For certain token flows, the
"https://www.googleapis.com/auth/userinfo.email" scope is unconditionally
included. This grants permission to retrieve the email address associated
with a token; gargle uses this to index cached OAuth tokens. This grants no
permission to view or send email and is generally considered a low-value
scope.
...
Additional arguments passed to all credential functions.
subject
An optional subject claim. Specify this if you wish to use the
service account represented by path to impersonate the subject, who is
a normal user. Before this can work, an administrator must grant the service
account domain-wide authority. Identify the user to impersonate via their
email, e.g. subject = "user@example.com". Note that gargle automatically
adds the non-sensitive "https://www.googleapis.com/auth/userinfo.email"
scope, so this scope must be enabled for the service account, along with
any other scopes being requested.
Value
An httr::TokenServiceAccount, a WifToken,
an httr::Token2.0 or NULL.
See Also
Other credential functions:
credentials_byo_oauth2(),
credentials_external_account(),
credentials_gce(),
credentials_service_account(),
credentials_user_oauth2(),
token_fetch()
Examples
## Not run:
credentials_app_default()
## End(Not run)
gargle documentation built on July 26, 2023, 5:29 p.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
View source: R/credentials_app_default.R
| credentials_app_default | R Documentation |
Load Application Default Credentials
Description
Loads credentials from a file identified via a search strategy known as
Application Default Credentials (ADC). The hope is to make auth "just work"
for someone working on Google-provided infrastructure or who has used Google
tooling to get started, such as the gcloud command line tool.
A sequence of paths is consulted, which we describe here, with some abuse of
notation. ALL_CAPS represents the value of an environment variable and %||%
is used in the spirit of a null coalescing operator.
GOOGLE_APPLICATION_CREDENTIALS CLOUDSDK_CONFIG/application_default_credentials.json # on Windows: (APPDATA %||% SystemDrive %||% C:)\gcloud\application_default_credentials.json # on not-Windows: ~/.config/gcloud/application_default_credentials.json
If the above search successfully identifies a JSON file, it is parsed and
ingested as a service account, an external account ("workload identity
federation"), or a user account. Literally, if the JSON describes a service
account, we call credentials_service_account() and if it describes an
external account, we call credentials_external_account().
Usage
credentials_app_default(scopes = NULL, ..., subject = NULL)
Arguments
scopes |
A character vector of scopes to request. Pick from those listed at https://developers.google.com/identity/protocols/oauth2/scopes. For certain token flows, the
|
... |
Additional arguments passed to all credential functions. |
subject |
An optional subject claim. Specify this if you wish to use the
service account represented by |
Value
An httr::TokenServiceAccount, a WifToken,
an httr::Token2.0 or NULL.
See Also
Other credential functions:
credentials_byo_oauth2(),
credentials_external_account(),
credentials_gce(),
credentials_service_account(),
credentials_user_oauth2(),
token_fetch()
Examples
## Not run:
credentials_app_default()
## End(Not run)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.