Authentication for Google Cloud Storage.
Retrieves OAuth2 access tokens (with ETS-based caching) using, in order of preference:
- Goth — if configured (
config :gcp_gcs, :goth, MyApp.Goth) - gcloud CLI —
gcloud auth application-default print-access-token - Returns a structured
GcpGcs.Errorif no credentials are available
When an emulator is configured (see GcpGcs.Config), authentication is
skipped entirely and requests are sent without an authorization header.
Using Goth
children = [
{Goth, name: MyApp.Goth, source: {:service_account, credentials,
scopes: ["https://www.googleapis.com/auth/devstorage.read_write"]}}
]
config :gcp_gcs, :goth, MyApp.Goth
Summary
Functions
Clears the cached access token, forcing a refresh on the next request.
Returns a bearer token string ("Bearer <token>"), cached in ETS.
Returns the HTTP headers needed to authenticate a request.
Functions
@spec clear_cache() :: :ok
Clears the cached access token, forcing a refresh on the next request.
Useful after rotating credentials.
@spec get_token() :: {:ok, String.t()} | {:error, GcpGcs.Error.t()}
Returns a bearer token string ("Bearer <token>"), cached in ETS.
@spec request_headers() :: {:ok, [{String.t(), String.t()}]} | {:error, GcpGcs.Error.t()}
Returns the HTTP headers needed to authenticate a request.
In emulator mode returns {:ok, []}. In production returns
{:ok, [{"authorization", "Bearer <token>"}]}.