2 * Copyright 2019 Google LLC. All Rights Reserved.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 /// <reference types="node" />
17 import * as fs from 'fs';
18 import { GaxiosOptions, GaxiosResponse } from 'gaxios';
19 import * as stream from 'stream';
20 import { DefaultTransporter, Transporter } from '../transporters';
21 import { Compute } from './computeclient';
22 import { CredentialBody, JWTInput } from './credentials';
23 import { GCPEnv } from './envDetect';
24 import { JWT, JWTOptions } from './jwtclient';
25 import { Headers, OAuth2Client, OAuth2ClientOptions, RefreshOptions } from './oauth2client';
26 import { UserRefreshClient, UserRefreshClientOptions } from './refreshclient';
27 export interface ProjectIdCallback {
28 (err?: Error | null, projectId?: string | null): void;
30 export interface CredentialCallback {
31 (err: Error | null, result?: UserRefreshClient | JWT): void;
33 export interface ADCCallback {
34 (err: Error | null, credential?: OAuth2Client, projectId?: string | null): void;
36 export interface ADCResponse {
37 credential: OAuth2Client;
38 projectId: string | null;
40 export interface GoogleAuthOptions {
42 * Path to a .json, .pem, or .p12 key file
46 * Path to a .json, .pem, or .p12 key file
50 * Object containing client_email and private_key properties
52 credentials?: CredentialBody;
54 * Options object passed to the constructor of the client
56 clientOptions?: JWTOptions | OAuth2ClientOptions | UserRefreshClientOptions;
58 * Required scopes for the desired API request
60 scopes?: string | string[];
66 export declare const CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com";
67 export declare class GoogleAuth {
68 transporter?: Transporter;
70 * Caches a value indicating whether the auth layer is running on Google
75 readonly isGCE: boolean | undefined;
76 private _getDefaultProjectIdPromise?;
77 private _cachedProjectId?;
78 jsonContent: JWTInput | null;
79 cachedCredential: JWT | UserRefreshClient | Compute | null;
82 private clientOptions?;
84 * Export DefaultTransporter as a static property of the class.
86 static DefaultTransporter: typeof DefaultTransporter;
87 constructor(opts?: GoogleAuthOptions);
89 * THIS METHOD HAS BEEN DEPRECATED.
90 * It will be removed in 3.0. Please use getProjectId instead.
92 getDefaultProjectId(): Promise<string>;
93 getDefaultProjectId(callback: ProjectIdCallback): void;
95 * Obtains the default project ID for the application.
96 * @param callback Optional callback
97 * @returns Promise that resolves with project Id (if used without callback)
99 getProjectId(): Promise<string>;
100 getProjectId(callback: ProjectIdCallback): void;
101 private getProjectIdAsync;
103 * Obtains the default service-level credentials for the application.
104 * @param callback Optional callback.
105 * @returns Promise that resolves with the ADCResponse (if no callback was
108 getApplicationDefault(): Promise<ADCResponse>;
109 getApplicationDefault(callback: ADCCallback): void;
110 getApplicationDefault(options: RefreshOptions): Promise<ADCResponse>;
111 getApplicationDefault(options: RefreshOptions, callback: ADCCallback): void;
112 private getApplicationDefaultAsync;
114 * Determines whether the auth layer is running on Google Compute Engine.
115 * @returns A promise that resolves with the boolean.
118 _checkIsGCE(): Promise<boolean>;
120 * Attempts to load default credentials from the environment variable path..
121 * @returns Promise that resolves with the OAuth2Client or null.
124 _tryGetApplicationCredentialsFromEnvironmentVariable(options?: RefreshOptions): Promise<JWT | UserRefreshClient | null>;
126 * Attempts to load default credentials from a well-known file location
127 * @return Promise that resolves with the OAuth2Client or null.
130 _tryGetApplicationCredentialsFromWellKnownFile(options?: RefreshOptions): Promise<JWT | UserRefreshClient | null>;
132 * Attempts to load default credentials from a file at the given path..
133 * @param filePath The path to the file to read.
134 * @returns Promise that resolves with the OAuth2Client
137 _getApplicationCredentialsFromFilePath(filePath: string, options?: RefreshOptions): Promise<JWT | UserRefreshClient>;
139 * Credentials from the Cloud SDK that are associated with Cloud SDK's project
140 * are problematic because they may not have APIs enabled and have limited
141 * quota. If this is the case, warn about it.
143 protected warnOnProblematicCredentials(client: JWT): void;
145 * Create a credentials instance using the given input options.
146 * @param json The input object.
147 * @param options The JWT or UserRefresh options for the client
148 * @returns JWT or UserRefresh Client with data
150 fromJSON(json: JWTInput, options?: RefreshOptions): JWT | UserRefreshClient;
152 * Create a credentials instance using the given input stream.
153 * @param inputStream The input stream.
154 * @param callback Optional callback.
156 fromStream(inputStream: stream.Readable): Promise<JWT | UserRefreshClient>;
157 fromStream(inputStream: stream.Readable, callback: CredentialCallback): void;
158 fromStream(inputStream: stream.Readable, options: RefreshOptions): Promise<JWT | UserRefreshClient>;
159 fromStream(inputStream: stream.Readable, options: RefreshOptions, callback: CredentialCallback): void;
160 private fromStreamAsync;
162 * Create a credentials instance using the given API key string.
163 * @param apiKey The API key string
164 * @param options An optional options object.
165 * @returns A JWT loaded from the key
167 fromAPIKey(apiKey: string, options?: RefreshOptions): JWT;
169 * Determines whether the current operating system is Windows.
174 * Creates a file stream. Allows mocking.
177 _createReadStream(filePath: string): fs.ReadStream;
179 * Gets the current operating system platform. Allows mocking.
182 _osPlatform(): NodeJS.Platform;
184 * Determines whether a file exists. Allows mocking.
187 _fileExists(filePath: string): boolean;
189 * Joins two parts of a path. Allows mocking.
192 _pathJoin(item1: string, item2: string): string;
194 * Allows mocking of the path to a well-known file.
197 _mockWellKnownFilePath(filePath: string): string;
200 * Run the Google Cloud SDK command that prints the default project ID
202 private getDefaultServiceProjectId;
204 * Loads the project id from environment variables.
207 private getProductionProjectId;
209 * Loads the project id from the GOOGLE_APPLICATION_CREDENTIALS json file.
212 private getFileProjectId;
214 * Gets the Compute Engine project ID if it can be inferred.
216 private getGCEProjectId;
218 * The callback function handles a credential object that contains the
219 * client_email and private_key (if exists).
220 * getCredentials checks for these values from the user JSON at first.
221 * If it doesn't exist, and the environment is on GCE, it gets the
222 * client_email from the cloud metadata server.
223 * @param callback Callback that handles the credential object that contains
224 * a client_email and optional private key, or the error.
227 getCredentials(): Promise<CredentialBody>;
228 getCredentials(callback: (err: Error | null, credentials?: CredentialBody) => void): void;
229 private getCredentialsAsync;
231 * Automatically obtain a client based on the provided configuration. If no
232 * options were passed, use Application Default Credentials.
234 getClient(options?: GoogleAuthOptions): Promise<Compute | JWT | UserRefreshClient>;
236 * Automatically obtain application default credentials, and return
237 * an access token for making requests.
239 getAccessToken(): Promise<string | null | undefined>;
241 * Obtain the HTTP headers that will provide authorization for a given
244 getRequestHeaders(url?: string): Promise<Headers>;
246 * Obtain credentials for a request, then attach the appropriate headers to
247 * the request options.
248 * @param opts Axios or Request options on which to attach the headers
250 authorizeRequest(opts: {
255 url?: string | undefined;
256 uri?: string | undefined;
257 headers?: Headers | undefined;
260 * Automatically obtain application default credentials, and make an
261 * HTTP request using the given options.
262 * @param opts Axios request options for the HTTP request.
264 request<T = any>(opts: GaxiosOptions): Promise<GaxiosResponse<T>>;
266 * Determine the compute environment in which the code is running.
268 getEnv(): Promise<GCPEnv>;
270 * Sign the given data with the current private key, or go out
271 * to the IAM API to sign it.
272 * @param data The data to be signed.
274 sign(data: string): Promise<string>;
276 export interface SignBlobResponse {