Loads credentials from a file identified via a search strategy known as
Application Default Credentials (ADC). The hope is to make auth "just work"
for someone working on Google-provided infrastructure or who has used Google
tooling to get started, such as the gcloud
command line tool.
A sequence of paths is consulted, which we describe here, with some abuse of
notation. ALL_CAPS represents the value of an environment variable and %||%
is used in the spirit of a null coalescing operator.
GOOGLE_APPLICATION_CREDENTIALS/application_default_credentials.json
CLOUDSDK_CONFIG# on Windows:
%||% SystemDrive %||% C:)\gcloud\application_default_credentials.json
(APPDATA # on not-Windows:
~/.config/gcloud/application_default_credentials.json
If the above search successfully identifies a JSON file, it is parsed and
ingested as a service account, an external account ("workload identity
federation"), or a user account. Literally, if the JSON describes a service
account, we call credentials_service_account()
and if it describes an
external account, we call credentials_external_account()
.
Arguments
- scopes
A character vector of scopes to request. Pick from those listed at https://developers.google.com/identity/protocols/oauth2/scopes.
For certain token flows, the
"https://www.googleapis.com/auth/userinfo.email"
scope is unconditionally included. This grants permission to retrieve the email address associated with a token; gargle uses this to index cached OAuth tokens. This grants no permission to view or send email and is generally considered a low-value scope.- ...
Additional arguments passed to all credential functions.
- subject
An optional subject claim. Use for a service account which has been granted domain-wide authority by an administrator. Such delegation of domain-wide authority means that the service account is permitted to act on behalf of users, without their consent. Identify the user to impersonate via their email, e.g.
subject = "user@example.com"
.
Value
An httr::TokenServiceAccount
, a WifToken
,
an httr::Token2.0
or NULL
.
See also
Other credential functions:
credentials_byo_oauth2()
,
credentials_external_account()
,
credentials_gce()
,
credentials_service_account()
,
credentials_user_oauth2()
,
token_fetch()