AuthClientSigningExtension extension
Extension providing smart signing capabilities for AuthClient.
This extension adds a universal sign method that automatically selects the appropriate signing strategy based on the authentication context:
- ImpersonatedAuthClient: Uses IAM signBlob with the target principal
- Service account credentials: Uses local RSA-SHA256 signing
- Other auth clients (ADC on GCE/Cloud Run): Uses IAM signBlob with the default service account from metadata server
Example usage:
// Works with service account credentials
final client = await clientViaServiceAccount(credentials, scopes);
final signature = await client.sign(utf8.encode('data to sign'));
// Works with ADC on GCE/Cloud Run
final client = await clientViaApplicationDefaultCredentials(scopes: scopes);
final signature = await client.sign(utf8.encode('data to sign'));
// Works with impersonated credentials
final client = await clientViaServiceAccountImpersonation(
sourceClient: sourceClient,
targetServiceAccount: 'target@project.iam.gserviceaccount.com',
targetScopes: scopes,
);
final signature = await client.sign(utf8.encode('data to sign'));
- on
Methods
-
sign(
List< int> data, {String? endpoint}) → Future<String> -
Available on AuthClient, provided by the AuthClientSigningExtension extension
Signs some bytes using the credentials from this auth client.