README.md

# GCPAuth

[![Build Status](https://travis-ci.org/aktsk/gcp_auth.svg?branch=master)](https://travis-ci.org/aktsk/gcp_auth)
[![Hex.pm](https://img.shields.io/hexpm/v/gcp_auth.svg)](https://hex.pm/packages/gcp_auth)
[![Hex.pm](https://img.shields.io/hexpm/l/gcp_auth.svg)](https://github.com/aktsk/gcp_auth/blob/master/LICENSE)

GCP (Google Cloud Platform) auth library using [Application Default Credentials](https://developers.google.com/identity/protocols/application-default-credentials
).
This is intended to be used for [Server to Server Applications](https://developers.google.com/identity/protocols/OAuth2ServiceAccount).


## Installation and Usage

Add `:gcp_auth` to `application` and `deps` in `mix.exs`.

```elixir
def deps do
  [{:gcp_auth, "~> 0.1"}]
end

def application do
  [applications: [:gcp_auth]]
end
```

And add `:scopes` to your `config.ex`.
The full list of OAuth2 scopes for Google APIs can be seen at https://developers.google.com/identity/protocols/googlescopes

```elixir
config :gcp_auth,
  scopes: ["https://www.googleapis.com/auth/devstorage.read_write"]
```

To get access token, call `GCPAuth.Token.get()`.

```elixir
> GCPAuth.Token.get()
"xxxx.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
```

### Examples

An example for uploading a file to GCS (Google Cloud Storage) is as follows:

```elixir
access_token = GCPAuth.Token.get()
bucket = "your-bucket"
upload_path = "uploads/filename"
uri = %URI{scheme: "https",
           host: "www.googleapis.com",
           path: "/upload/storage/v1/b/#{bucket}/o",
           query: "uploadType=media&predefinedAcl=publicRead&name=#{upload_path}"}
local_path = "path/to/existing/localfile"
body = {:file, local_path}
headers = %{"Authorization" => "Bearer #{access_token}"}
HTTPoison.post(uri, body, headers)
```


## Configuration

### Disabling

To disable GCPAuth at specific environments e.g. `dev` or `test`, set `:enabled` to `false`.

```elixir
config :gcp_auth,
  enabled: false
```

### Overriding Application Default Credentials

By default, GCPAuth uses [ADC (Application Default Credentials)](https://developers.google.com/identity/protocols/application-default-credentials
).
That is to say

1. If the environment variable GOOGLE_APPLICATION_CREDENTIALS is specified, the file is used as the credentials file.
2. If `~/.config/gcloud/application_default_credentials.json` exists, it is used. This wellknown file is created by running `gcloud auth application-default login`.
3. (Not supported for now) If you are running in GAE (Google App Engine), the built-in service account associated with the application will be used.
4. If you are running in GCE (Google Compute Engine), the built-in service account associated with the virtual machine instance will be used.

You can override this by adding `:credentials_file` to `config.ex`.

```elixir
config :gcp_auth,
  credentials_file: "credentials.json",
  scopes: ["https://www.googleapis.com/auth/devstorage.read_write"]
```