GcpGcs.Auth (GcpGcs v0.2.0)

Copy Markdown View Source

Authentication for Google Cloud Storage.

Retrieves OAuth2 access tokens (with ETS-based caching) using, in order of preference:

  1. Goth — if configured (config :gcp_gcs, :goth, MyApp.Goth)
  2. gcloud CLIgcloud auth application-default print-access-token
  3. Returns a structured GcpGcs.Error if no credentials are available

When an emulator is configured (see GcpGcs.Config), authentication is skipped entirely and requests are sent without an authorization header.

Using Goth

children = [
  {Goth, name: MyApp.Goth, source: {:service_account, credentials,
    scopes: ["https://www.googleapis.com/auth/devstorage.read_write"]}}
]

config :gcp_gcs, :goth, MyApp.Goth

Summary

Functions

Clears the cached access token, forcing a refresh on the next request.

Returns a bearer token string ("Bearer <token>"), cached in ETS.

Returns the HTTP headers needed to authenticate a request.

Functions

clear_cache()

@spec clear_cache() :: :ok

Clears the cached access token, forcing a refresh on the next request.

Useful after rotating credentials.

get_token()

@spec get_token() :: {:ok, String.t()} | {:error, GcpGcs.Error.t()}

Returns a bearer token string ("Bearer <token>"), cached in ETS.

request_headers()

@spec request_headers() ::
  {:ok, [{String.t(), String.t()}]} | {:error, GcpGcs.Error.t()}

Returns the HTTP headers needed to authenticate a request.

In emulator mode returns {:ok, []}. In production returns {:ok, [{"authorization", "Bearer <token>"}]}.