|
10 | 10 | [mit-badge]: https://img.shields.io/badge/license-MIT-blue.svg |
11 | 11 | [mit-url]: LICENSE |
12 | 12 |
|
13 | | -GCP Auth is a simple, minimal authentication library for Google Cloud Platform (GCP) providing authentication using |
14 | | -services accounts that are used to issues Bearer tokens that can be used to authenticate against GCP services. |
| 13 | +GCP Auth is a simple, minimal authentication library for Google Cloud Platform (GCP) |
| 14 | +providing authentication using services accounts. Once authenticated, the service |
| 15 | +account can be used to acquire bearer tokens for use in authenticating against GCP |
| 16 | +services. |
15 | 17 |
|
16 | 18 | Library implements two authenticatiom methods: |
17 | 19 |
|
18 | 20 | 1. Default service accounts - can be used inside GCP |
19 | | -2. Custom service account - provided using environenment variable |
20 | | -3. Local user authetincation - for development purposes only, using `gcloud auth` application |
| 21 | +2. Custom service account - provided using an environment variable |
| 22 | +3. Local user authentication - for development purposes only, using `gcloud auth` application |
21 | 23 |
|
22 | | -Tokens should not be cached in the application and before every use a new token should be request. The GCP auth library decides |
23 | | -if there is available token with appropriate scope or if a new token should be generated. |
| 24 | +Tokens should not be cached in the application; before every use a new token should |
| 25 | +be requested. The GCP auth library contains logic to determine if an already |
| 26 | +available token can be used, or if a new token should be requested. |
24 | 27 |
|
25 | | -## Default Service Account |
| 28 | +## Default service account |
26 | 29 |
|
27 | | -When running inside GCP the library can be asked directly without any further configuration to provide a Bearer token |
28 | | -for the current service account of the service. |
| 30 | +When running inside GCP the library can be asked without any further configuration to |
| 31 | +provide a bearer token for the current service account of the service. |
29 | 32 |
|
30 | 33 | ```rust |
31 | 34 | let authentication_manager = gcp_auth::init().await?; |
32 | 35 | let token = authentication_manager.get_token().await?; |
33 | 36 | ``` |
34 | 37 |
|
35 | | -## Custom Service Account |
| 38 | +## Custom service account |
36 | 39 |
|
37 | | -When running outside of GCP e.g on development laptop to allow finer granularity for permission a |
38 | | -custom service account can be used. To use a custom service account a configuration file containing key |
39 | | -has to be downloaded in IAM service for the service account you intend to use. The configuration file has to |
40 | | -be available to the application at run time. The path to the configuration file is specified by |
| 40 | +When running outside of GCP (for example, on a developer's laptop), a custom service |
| 41 | +account may be used to grant some permissions. To use a custom service account a |
| 42 | +configuration file containing a private key can be downloaded in IAM service for the |
| 43 | +service account you intend to use. The configuration file has to be available to the |
| 44 | +application at run time. The path to the configuration file is specified by the |
41 | 45 | `GOOGLE_APPLICATION_CREDENTIALS` environment variable. |
42 | 46 |
|
43 | 47 | ```rust |
44 | | -// GOOGLE_APPLICATION_CREDENTIALS environtment variable is set-up |
| 48 | +// With the GOOGLE_APPLICATION_CREDENTIALS environment variable set |
45 | 49 | let authentication_manager = gcp_auth::init().await?; |
46 | 50 | let token = authentication_manager.get_token().await?; |
47 | 51 | ``` |
48 | 52 |
|
49 | 53 | ## Local user authentication |
50 | | -This authentication method allows developers to authenticate again GCP ices when developign locally. |
51 | | -The method is intended only for development. Credentials can be set-up g `gcloud auth` utility. |
52 | | -Credentials are read from file `~/.config/gcloud/ication_default_credentials.json`. |
| 54 | + |
| 55 | +This authentication method allows developers to authenticate again GCP when |
| 56 | +developing locally. Its use should be limited to development. Credentials can be |
| 57 | +set up using the `gcloud auth` utility. Credentials are read from file `~/.config/gcloud/ication_default_credentials.json`. |
53 | 58 |
|
54 | 59 | ## FAQ |
55 | 60 |
|
56 | | -### Does library support windows? |
| 61 | +### Does the library support windows? |
57 | 62 |
|
58 | | -No |
| 63 | +No. |
59 | 64 |
|
60 | 65 | # License |
61 | | -Parts of implementatino have been sourced from [yup-oauth2](https://github.com/dermesser/yup-oauth2) |
62 | 66 |
|
63 | | -Licensed under [MIT license](http://opensource.org/licenses/MIT). |
| 67 | +Parts of the implementatino have been sourced from [yup-oauth2](https://github.com/dermesser/yup-oauth2). |
| 68 | + |
| 69 | +Licensed under [MIT license](http://opensource.org/licenses/MIT). |
0 commit comments