Load a service account token

credentials_service_account(scopes = NULL, path = "", ..., subject = NULL)



A character vector of scopes to request. Pick from those listed at https://developers.google.com/identity/protocols/oauth2/scopes.

For certain token flows, the "https://www.googleapis.com/auth/userinfo.email" scope is unconditionally included. This grants permission to retrieve the email address associated with a token; gargle uses this to index cached OAuth tokens. This grants no permission to view or send email and is generally considered a low-value scope.


JSON identifying the service account, in one of the forms supported for the txt argument of jsonlite::fromJSON() (typically, a file path or JSON string).


Additional arguments passed to all credential functions.


An optional subject claim. Use for a service account which has been granted domain-wide authority by an administrator. Such delegation of domain-wide authority means that the service account is permitted to act on behalf of users, without their consent. Identify the user to impersonate via their email, e.g. subject = "user@example.com".


An httr::TokenServiceAccount or NULL.


Note that fetching a token for a service account requires a reasonably accurate system clock. For more information, see the vignette How gargle gets tokens.


if (FALSE) {
token <- credentials_service_account(
  scopes = "https://www.googleapis.com/auth/userinfo.email",
  path = "/path/to/your/service-account.json"