gogol-0.4.0: Comprehensive Google Services SDK.

Copyright(c) 2015-2016 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay@gmail.com>
Stabilityprovisional
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.Google.Auth.ApplicationDefault

Description

Application Default Credentials are suited for cases when access to a Google service needs to have the same identity and authorization level for the application independent of the user. This is Google's the recommended approach to authorize calls to Google Cloud APIs, particularly when you're building an application that is deployed to Google App Engine or Google Compute Engine virtual machines.

See: Application Default Documentation.

Synopsis

Documentation

cloudSDKConfigDir :: String Source #

The environment variable name which is used to specify the directory containing the application_default_credentials.json generated by gcloud init.

cloudSDKConfigPath :: MonadIO m => m FilePath Source #

Return the filepath to the Cloud SDK well known file location such as ~/.config/gcloud/application_default_credentials.json.

defaultCredentialsFile :: String Source #

The environment variable pointing the file with local Application Default Credentials.

defaultCredentialsPath :: MonadIO m => m (Maybe FilePath) Source #

Lookup the GOOGLE_APPLICATION_CREDENTIALS environment variable for the default application credentials filepath.

getApplicationDefault :: (MonadIO m, MonadCatch m) => Manager -> m (Credentials s) Source #

Performs credentials discovery in the following order:

  1. Read the default credentials from a file specified by the environment variable GOOGLE_APPLICATION_CREDENTIALS if it exists.
  2. Read the platform equivalent of ~/.config/gcloud/application_default_credentials.json if it exists. The ~/.config component of the path can be overriden by the environment variable CLOUDSDK_CONFIG if it exists.
  3. Retrieve the default service account application credentials if running on GCE. The environment variable NO_GCE_CHECK can be used to skip this check if set to a truthy value such as 1 or true.

The specified Scopes are used to authorize any service_account that is found with the appropriate OAuth2 scopes, otherwise they are not used. See the top-level module of each individual gogol-* library for a list of available scopes, such as Network.Google.Compute.computeScope.

See: Application Default Credentials

fromWellKnownPath :: (MonadIO m, MonadCatch m) => m (Credentials s) Source #

Attempt to load either a service_account or authorized_user formatted file to obtain the credentials neccessary to perform a token refresh.

The specified Scopes are used to authorize any service_account that is found with the appropriate scopes, otherwise they are not used. See the top-level module of each individual gogol-* library for a list of available scopes, such as Network.Google.Compute.computeScope.

See: cloudSDKConfigPath, defaultCredentialsPath.

fromFilePath :: (MonadIO m, MonadCatch m) => FilePath -> m (Credentials s) Source #

Attempt to load either a service_account or authorized_user formatted file to obtain the credentials neccessary to perform a token refresh from the specified file.

The specified Scopes are used to authorize any service_account that is found with the appropriate scopes, otherwise they are not used. See the top-level module of each individual gogol-* library for a list of available scopes, such as Network.Google.Compute.computeScope.

saveAuthorizedUserToWellKnownPath Source #

Arguments

:: (MonadIO m, MonadCatch m) 
=> Bool

Force to save if True

-> AuthorizedUser 
-> m () 

Save AuthorizedUser See: cloudSDKConfigPath, defaultCredentialsPath.

saveAuthorizedUser Source #

Arguments

:: (MonadIO m, MonadCatch m) 
=> FilePath 
-> Bool

Force to save if True

-> AuthorizedUser 
-> m () 

Save AuthorizedUser

fromJSONCredentials :: ByteString -> Either String (Credentials s) Source #

Attempt to parse either a service_account or authorized_user formatted JSON value to obtain credentials.