credentials_service_account: Load a service account token

View source: R/credentials_service_account.R

credentials_service_accountR Documentation

Load a service account token


Load a service account token


credentials_service_account(scopes = NULL, path = "", ..., subject = NULL)



A character vector of scopes to request. Pick from those listed at

For certain token flows, the "" scope is unconditionally included. This grants permission to retrieve the email address associated with a token; gargle uses this to index cached OAuth tokens. This grants no permission to view or send email and is generally considered a low-value scope.


JSON identifying the service account, in one of the forms supported for the txt argument of jsonlite::fromJSON() (typically, a file path or JSON string).


Additional arguments passed to all credential functions.


An optional subject claim. Use for a service account which has been granted domain-wide authority by an administrator. Such delegation of domain-wide authority means that the service account is permitted to act on behalf of users, without their consent. Identify the user to impersonate via their email, e.g. subject = "".


Note that fetching a token for a service account requires a reasonably accurate system clock. For more information, see the vignette How gargle gets tokens.


An httr::TokenServiceAccount or NULL.

See Also

Additional reading on delegation of domain-wide authority:

Other credential functions: credentials_app_default(), credentials_byo_oauth2(), credentials_external_account(), credentials_gce(), credentials_user_oauth2(), token_fetch()


## Not run: 
token <- credentials_service_account(
  scopes = "",
  path = "/path/to/your/service-account.json"

## End(Not run)

gargle documentation built on Sept. 8, 2022, 9:07 a.m.