Scopes populated by the client library by default. We differentiate between these and user defined scopes when deciding whether to use a self-signed JWT.
Export DefaultTransporter as a static property of the class.
Determines whether the auth layer is running on Google Compute Engine. Checks for GCP Residency, then fallback to checking if metadata server is available.
A promise that resolves with the boolean.
Attempts to load default credentials from a file at the given path..
The path to the file to read.
Promise that resolves with the OAuth2Client
Attempts to load default credentials from the environment variable path..
Promise that resolves with the OAuth2Client or null.
Attempts to load default credentials from a well-known file location
Promise that resolves with the OAuth2Client or null.
Obtain credentials for a request, then attach the appropriate headers to the request options.
Axios or Request options on which to attach the headers
Create a credentials instance using the given API key string.
The API key string
An optional options object.
A JWT loaded from the key
Create a credentials instance using a given impersonated input options.
The impersonated input object.
JWT or UserRefresh Client with data
Create a credentials instance using the given input options.
The input object.
The JWT or UserRefresh options for the client
JWT or UserRefresh Client with data
Create a credentials instance using the given input stream.
The input stream.
Automatically obtain application default credentials, and return an access token for making requests.
Obtains the default service-level credentials for the application.
Promise that resolves with the ADCResponse (if no callback was passed).
Automatically obtain an AuthClient based on the
provided configuration. If no options were passed, use Application
Default Credentials.
The callback function handles a credential object that contains the client_email and private_key (if exists). getCredentials first checks if the client is using an external account and uses the service account email in place of client_email. If that doesn't exist, it checks for these values from the user JSON. If the user JSON doesn't exist, and the environment is on GCE, it gets the client_email from the cloud metadata server.
Determine the compute environment in which the code is running.
Creates a client which will fetch an ID token for authorization.
the audience for the fetched ID token.
IdTokenClient for making HTTP calls authenticated with ID tokens.
Obtains the default project ID for the application.
Retrieves in the following order of precedence:
projectId provided in this object's constructiongcloud config config-helper --format jsonObtain the HTTP headers that will provide authorization for a given request.
Automatically obtain application default credentials, and make an HTTP request using the given options.
Axios request options for the HTTP request.
Sign the given data with the current private key, or go out to the IAM API to sign it.
The data to be signed.
Configuration is resolved in the following order of precedence:
credentialskeyFilenamekeyFileclientOptionsare passed to theAuthClients.