Load a service account token
credentials_service_account(scopes = NULL, path = "", ..., subject = NULL)
A character vector of scopes to request. Pick from those listed at https://developers.google.com/identity/protocols/oauth2/scopes.
For certain token flows, the
"https://www.googleapis.com/auth/userinfo.email"
scope is unconditionally
included. This grants permission to retrieve the email address associated
with a token; gargle uses this to index cached OAuth tokens. This grants no
permission to view or send email and is generally considered a low-value
scope.
JSON identifying the service account, in one of the forms
supported for the txt
argument of jsonlite::fromJSON()
(typically, a
file path or JSON string).
Additional arguments passed to all credential functions.
An optional subject claim. Use for a service account which has
been granted domain-wide authority by an administrator. Such delegation of
domain-wide authority means that the service account is permitted to act on
behalf of users, without their consent. Identify the user to impersonate
via their email, e.g. subject = "user@example.com"
.
An httr::TokenServiceAccount
or NULL
.
Note that fetching a token for a service account requires a reasonably accurate system clock. For more information, see the vignette How gargle gets tokens.
Additional reading on delegation of domain-wide authority:
Other credential functions:
credentials_app_default()
,
credentials_byo_oauth2()
,
credentials_external_account()
,
credentials_gce()
,
credentials_user_oauth2()
,
token_fetch()
if (FALSE) {
token <- credentials_service_account(
scopes = "https://www.googleapis.com/auth/userinfo.email",
path = "/path/to/your/service-account.json"
)
}