{"id":13878161,"url":"https://github.com/googleapis/google-auth-library-ruby","last_synced_at":"2025-04-23T20:57:34.431Z","repository":{"id":22154179,"uuid":"25485518","full_name":"googleapis/google-auth-library-ruby","owner":"googleapis","description":"Google Auth Library for Ruby","archived":false,"fork":false,"pushed_at":"2025-03-20T07:22:45.000Z","size":807,"stargazers_count":481,"open_issues_count":25,"forks_count":257,"subscribers_count":58,"default_branch":"main","last_synced_at":"2025-04-18T14:06:39.952Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/googleapis.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-10-20T20:37:47.000Z","updated_at":"2025-04-04T04:09:25.000Z","dependencies_parsed_at":"2024-02-14T20:18:00.154Z","dependency_job_id":"62cd7477-d070-4681-9245-3ae9bea02781","html_url":"https://github.com/googleapis/google-auth-library-ruby","commit_stats":{"total_commits":346,"total_committers":67,"mean_commits":5.164179104477612,"dds":0.7774566473988439,"last_synced_commit":"3f5ed1e077dc8f1505f6b4f038ed8b5b79d4b23b"},"previous_names":["google/google-auth-library-ruby"],"tags_count":63,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-ruby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-ruby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-ruby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fgoogle-auth-library-ruby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/googleapis","download_url":"https://codeload.github.com/googleapis/google-auth-library-ruby/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250366727,"owners_count":21418771,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-06T08:01:41.450Z","updated_at":"2025-04-23T20:57:34.406Z","avatar_url":"https://github.com/googleapis.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# Google Auth Library for Ruby\n\n\u003cdl\u003e\n  \u003cdt\u003eHomepage\u003c/dt\u003e\u003cdd\u003e\u003ca href=\"http://www.github.com/googleapis/google-auth-library-ruby\"\u003ehttp://www.github.com/googleapis/google-auth-library-ruby\u003c/a\u003e\u003c/dd\u003e\n  \u003cdt\u003eAuthors\u003c/dt\u003e\u003cdd\u003e\u003ca href=\"mailto:temiola@google.com\"\u003eTim Emiola\u003c/a\u003e\u003c/dd\u003e\n  \u003cdt\u003eCopyright\u003c/dt\u003e\u003cdd\u003eCopyright © 2015 Google, Inc.\u003c/dd\u003e\n  \u003cdt\u003eLicense\u003c/dt\u003e\u003cdd\u003eApache 2.0\u003c/dd\u003e\n\u003c/dl\u003e\n\n[![Gem Version](https://badge.fury.io/rb/googleauth.svg)](http://badge.fury.io/rb/googleauth)\n\n## Description\n\nThis is Google's officially supported ruby client library for using OAuth 2.0\nauthorization and authentication with Google APIs.\n\n## Install\n\nBe sure `https://rubygems.org/` is in your gem sources.\n\nFor normal client usage, this is sufficient:\n\n```bash\n$ gem install googleauth\n```\n\n## Example Usage\n\n```ruby\nrequire 'googleauth'\n\n# Get the environment configured authorization\nscopes =  ['https://www.googleapis.com/auth/cloud-platform',\n           'https://www.googleapis.com/auth/compute']\nauthorization = Google::Auth.get_application_default(scopes)\n\n# Add the the access token obtained using the authorization to a hash, e.g\n# headers.\nsome_headers = {}\nauthorization.apply(some_headers)\n\n```\n\n## Application Default Credentials\n\nThis library provides an implementation of\n[application default credentials][application default credentials] for Ruby.\n\nThe Application Default Credentials provide a simple way to get authorization\ncredentials for use in calling Google APIs.\n\nThey are best suited for cases when the call needs to have the same identity\nand authorization level for the application independent of the user. This is\nthe recommended approach to authorize calls to Cloud APIs, particularly when\nyou're building an application that uses Google Compute Engine.\n\n## User Credentials\n\nThe library also provides support for requesting and storing user\ncredentials (3-Legged OAuth2.) Two implementations are currently available,\na generic authorizer useful for command line apps or custom integrations as\nwell as a web variant tailored toward Rack-based applications.\n\nThe authorizers are intended for authorization use cases. For sign-on,\nsee [Google Identity Platform](https://developers.google.com/identity/)\n\n## Important notes\n\nIf you accept a credential configuration (credential JSON/File/Stream) from an\nexternal source for authentication to Google Cloud, you must validate it before\nproviding it to any Google API or library. Providing an unvalidated credential\nconfiguration to Google APIs can compromise the security of your systems and data.\nFor more information, refer to [Validate credential configurations from external\nsources](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).\n\n### Example (Web)\n\n```ruby\nrequire 'googleauth'\nrequire 'googleauth/web_user_authorizer'\nrequire 'googleauth/stores/redis_token_store'\nrequire 'redis'\n\nclient_id = Google::Auth::ClientId.from_file('/path/to/client_secrets.json')\nscope = ['https://www.googleapis.com/auth/drive']\ntoken_store = Google::Auth::Stores::RedisTokenStore.new(redis: Redis.new)\nauthorizer = Google::Auth::WebUserAuthorizer.new(\n  client_id, scope, token_store, '/oauth2callback')\n\n\nget('/authorize') do\n  # NOTE: Assumes the user is already authenticated to the app\n  user_id = request.session['user_id']\n  credentials = authorizer.get_credentials(user_id, request)\n  if credentials.nil?\n    redirect authorizer.get_authorization_url(login_hint: user_id, request: request)\n  end\n  # Credentials are valid, can call APIs\n  # ...\nend\n\nget('/oauth2callback') do\n  target_url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(\n    request)\n  redirect target_url\nend\n```\n\n### Example (Web with PKCE)\n\nProof Key for Code Exchange (PKCE) is an [RFC](https://www.rfc-editor.org/rfc/rfc7636) that aims to prevent malicious operating system processes from hijacking an OAUTH 2.0 exchange. PKCE mitigates the above vulnerability by including `code_challenge` and `code_challenge_method` parameters in the Authorization Request and a `code_verifier` parameter in the Access Token Request.\n\n```ruby\nrequire 'googleauth'\nrequire 'googleauth/web_user_authorizer'\nrequire 'googleauth/stores/redis_token_store'\nrequire 'redis'\n\nclient_id = Google::Auth::ClientId.from_file('/path/to/client_secrets.json')\nscope = ['https://www.googleapis.com/auth/drive']\ntoken_store = Google::Auth::Stores::RedisTokenStore.new(redis: Redis.new)\nauthorizer = Google::Auth::WebUserAuthorizer.new(\n  client_id, scope, token_store, '/oauth2callback')\n\n\nget('/authorize') do\n  # NOTE: Assumes the user is already authenticated to the app\n  user_id = request.session['user_id']\n  # User needs to take care of generating the code_verifier and storing it in\n  # the session.\n  request.session['code_verifier'] ||= Google::Auth::WebUserAuthorizer.generate_code_verifier\n  authorizer.code_verifier = request.session['code_verifier']\n  credentials = authorizer.get_credentials(user_id, request)\n  if credentials.nil?\n    redirect authorizer.get_authorization_url(login_hint: user_id, request: request)\n  end\n  # Credentials are valid, can call APIs\n  # ...\nend\n\nget('/oauth2callback') do\n  target_url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(\n    request)\n  redirect target_url\nend\n```\n\n### Example (Command Line) [Deprecated]\n\nThe Google Auth OOB flow has been discontiued on January 31, 2023. The OOB flow is a legacy flow that is no longer considered secure. To continue using Google Auth, please migrate your applications to a more secure flow. For more information on how to do this, please refer to this [OOB Migration](https://developers.google.com/identity/protocols/oauth2/resources/oob-migration) guide.\n\n```ruby\nrequire 'googleauth'\nrequire 'googleauth/stores/file_token_store'\n\nOOB_URI = 'urn:ietf:wg:oauth:2.0:oob'\n\nscope = 'https://www.googleapis.com/auth/drive'\nclient_id = Google::Auth::ClientId.from_file('/path/to/client_secrets.json')\ntoken_store = Google::Auth::Stores::FileTokenStore.new(\n  :file =\u003e '/path/to/tokens.yaml')\nauthorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)\n\nuser_id = ENV['USER']\ncredentials = authorizer.get_credentials(user_id)\nif credentials.nil?\n  url = authorizer.get_authorization_url(base_url: OOB_URI )\n  puts \"Open #{url} in your browser and enter the resulting code:\"\n  code = gets\n  credentials = authorizer.get_and_store_credentials_from_code(\n    user_id: user_id, code: code, base_url: OOB_URI)\nend\n\n# OK to use credentials\n```\n\n### Example (Service Account)\n\n```ruby\nscope = 'https://www.googleapis.com/auth/androidpublisher'\n\nauthorizer = Google::Auth::ServiceAccountCredentials.make_creds(\n  json_key_io: File.open('/path/to/service_account_json_key.json'),\n  scope: scope)\n\nauthorizer.fetch_access_token!\n```\n\nYou can also use a JSON keyfile by setting the `GOOGLE_APPLICATION_CREDENTIALS` environment variable.\n\n```bash\nexport GOOGLE_APPLICATION_CREDENTIALS=/path/to/service_account_json_key.json\n```\n\n```ruby\nrequire 'googleauth'\nrequire 'google/apis/drive_v3'\n\nDrive = ::Google::Apis::DriveV3\ndrive = Drive::DriveService.new\n\nscope = 'https://www.googleapis.com/auth/drive'\n\nauthorizer = Google::Auth::ServiceAccountCredentials.from_env(scope: scope)\ndrive.authorization = authorizer\n\nlist_files = drive.list_files()\n```\n\n### 3-Legged OAuth with a Service Account\n\nThis is similar to regular service account authorization (see [this answer](https://support.google.com/a/answer/2538798?hl=en) for more details on the differences), but you'll need to indicate which user your service account is impersonating by manually updating the `sub` field.\n\n```ruby\nscope = 'https://www.googleapis.com/auth/androidpublisher'\n\nauthorizer = Google::Auth::ServiceAccountCredentials.make_creds(\n  json_key_io: File.open('/path/to/service_account_json_key.json'),\n  scope: scope\n)\nauthorizer.update!(sub: \"email-to-impersonate@your-domain.com\")\n\nauthorizer.fetch_access_token!\n```\n\n### Example (Environment Variables)\n\n```bash\nexport GOOGLE_ACCOUNT_TYPE=service_account\nexport GOOGLE_CLIENT_ID=000000000000000000000\nexport GOOGLE_CLIENT_EMAIL=xxxx@xxxx.iam.gserviceaccount.com\nexport GOOGLE_PRIVATE_KEY=\"-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n\"\n```\n\n```ruby\nrequire 'googleauth'\nrequire 'google/apis/drive_v3'\n\nDrive = ::Google::Apis::DriveV3\ndrive = Drive::DriveService.new\n\n# Auths with ENV vars:\n# \"GOOGLE_CLIENT_ID\",\n# \"GOOGLE_CLIENT_EMAIL\",\n# \"GOOGLE_ACCOUNT_TYPE\", \n# \"GOOGLE_PRIVATE_KEY\"\nauth = ::Google::Auth::ServiceAccountCredentials\n  .make_creds(scope: 'https://www.googleapis.com/auth/drive')\ndrive.authorization = auth\n\nlist_files = drive.list_files()\n\n```\n\n### Storage\n\nAuthorizers require a storage instance to manage long term persistence of\naccess and refresh tokens. Two storage implementations are included:\n\n*   Google::Auth::Stores::FileTokenStore\n*   Google::Auth::Stores::RedisTokenStore\n\nCustom storage implementations can also be used. See\n[token_store.rb](https://googleapis.dev/ruby/googleauth/latest/Google/Auth/TokenStore.html) for additional details.\n\n## Supported Ruby Versions\n\nThis library is supported on Ruby 3.0+.\n\nGoogle provides official support for Ruby versions that are actively supported\nby Ruby Core—that is, Ruby versions that are either in normal maintenance or\nin security maintenance, and not end of life. Older versions of Ruby _may_\nstill work, but are unsupported and not recommended. See\nhttps://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby\nsupport schedule.\n\n## License\n\nThis library is licensed under Apache 2.0. Full license text is\navailable in [LICENSE][license].\n\n## Contributing\n\nSee [CONTRIBUTING][contributing].\n\n## Support\n\nPlease\n[report bugs at the project on Github](https://github.com/google/google-auth-library-ruby/issues). Don't\nhesitate to\n[ask questions](http://stackoverflow.com/questions/tagged/google-auth-library-ruby)\nabout the client or APIs on [StackOverflow](http://stackoverflow.com).\n\n[application default credentials]: https://cloud.google.com/docs/authentication/provide-credentials-adc\n[contributing]: https://github.com/googleapis/google-auth-library-ruby/tree/main/.github/CONTRIBUTING.md\n[license]: https://github.com/googleapis/google-auth-library-ruby/tree/main/LICENSE\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleapis%2Fgoogle-auth-library-ruby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogleapis%2Fgoogle-auth-library-ruby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleapis%2Fgoogle-auth-library-ruby/lists"}