Hi Manh, By the way gRPC does this automatically via the GOOGLE_APPLICATION_CREDENTIALS environment variable defined in grpc_security_constants.h <https://github.com/grpc/grpc/blob/dde6dfbb0bd1dfb3deac0b4f703d63528e1dc798/include/grpc/grpc_security_constants.h#L54-L57> :
/* Environment variable that points to the google default application credentials json key or refresh token. Used in the grpc_google_default_credentials_create function. */ #define GRPC_GOOGLE_CREDENTIALS_ENV_VAR "GOOGLE_APPLICATION_CREDENTIALS" Keep in mind if you go via the the GoogleDefaultCredentials() function - as Yang previously suggested - it basically performs several checks to find a way to authenticate you. Basically the call in secure_credentials.cc <https://github.com/grpc/grpc/blob/master/src/cpp/client/secure_credentials.cc#L84-L87> calls grpc_google_default_credentials_create()as such: std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials() { GrpcLibraryCodegen init; // To call grpc_init(). return WrapChannelCredentials(grpc_google_default_credentials_create()); } Which grpc_google_default_credentials_create() goes through a multitude of checks in google_default_credentials.c <https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/google_default/google_default_credentials.c> : grpc_channel_credentials *grpc_google_default_credentials_create(void) { ... /* First, try the environment variable. */ err = create_default_creds_from_path( gpr_getenv(GRPC_GOOGLE_CREDENTIALS_ENV_VAR), &call_creds); ... /* Then the well-known file. */ err = create_default_creds_from_path( grpc_get_well_known_google_credentials_file_path(), &call_creds); ... /* At last try to see if we're on compute engine (do the detection only once since it requires a network test). */ if (!compute_engine_detection_done) { int need_compute_engine_creds = is_stack_running_on_compute_engine(); compute_engine_detection_done = 1; if (need_compute_engine_creds) { call_creds = grpc_google_compute_engine_credentials_create(NULL); ... } Then create_default_creds_from_path() performs these two checks: /* First, try an auth json key. */ key = grpc_auth_json_key_create_from_json(json); ... /* Then try a refresh token if the auth json key was invalid. */ token = grpc_auth_refresh_token_create_from_json(json); ... And the last function above looks up the stored gcloud credentials: char *grpc_get_well_known_google_credentials_file_path(void) { if (creds_path_getter != NULL) return creds_path_getter(); return grpc_get_well_known_google_credentials_file_path_impl(); } The returned function call is in credentials_posix.c <https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/google_default/credentials_posix.c#L54-L56> : gpr_asprintf(&result, "%s/.config/%s/%s", home, GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY, GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE); And the two above variables are stored in google_default_credentials.h <https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/google_default/google_default_credentials.h#L39-L41> : #define GRPC_GOOGLE_CLOUD_SDK_CONFIG_DIRECTORY "gcloud" #define GRPC_GOOGLE_WELL_KNOWN_CREDENTIALS_FILE \ "application_default_credentials.json" If you tried to see if you have this file - which you will by running gcloud beta auth application-default login - you will see the following directory as constructed above (the one below is for how it looks for me): $ ls ~/.config/gcloud/application_default_credentials.json /home/pgrosu/.config/gcloud/application_default_credentials.json $ And sure it is possible via the Google APIs Client Library for C++ <https://github.com/google/google-api-cpp-client>. In the example file <https://github.com/google/google-api-cpp-client/blob/master/src/samples/webflow_sample_main.cc> you'll notice the following on lines 657-661 <https://github.com/google/google-api-cpp-client/blob/master/src/samples/webflow_sample_main.cc#L657-L661> : googleapis::util::Status status; flow_.reset(OAuth2AuthorizationFlow::MakeFlowFromClientSecretsPath( FLAGS_client_secrets_path, config_->NewDefaultTransportOrDie(), &status)); I think you might also find the following links helpful: https://developers.google.com/identity/protocols/OAuth2 http://google.github.io/google-api-cpp-client/latest/doxygen/classgoogleapis_1_1client_1_1OAuth2AuthorizationFlow.html http://google.github.io/google-api-cpp-client/latest/doxygen/classgoogleapis_1_1client_1_1OAuth2Credential.html Hope it helps, Paul On Thursday, August 25, 2016 at 10:54:35 PM UTC-4, Manh Tran wrote: > > It seem only read access_token from OAuth2Credential* credential. > Currently, I've credentials-key.json. Are there any way using > this credentials-key.json file to get access token from google's server. > > Thanks. > > On Friday, August 26, 2016 at 4:10:02 AM UTC+7, Paul Grosu wrote: >> >> Gladly :) Check out webflow_sample_main.cc example >> <https://github.com/google/google-api-cpp-client/blob/master/src/samples/webflow_sample_main.cc> >> >> on line 386 >> <https://github.com/google/google-api-cpp-client/blob/master/src/samples/webflow_sample_main.cc#L386> >> : >> >> string new_access_token = credential->access_token().as_string(); >> >> Hope it helps, >> ~p >> >> >> On Thursday, August 25, 2016 at 3:29:47 AM UTC-4, Manh Tran wrote: >>> >>> Could you show me detail using the Google APIs Client Library for C++? >>> >>> Thank you so much. >>> >>> On Thursday, August 25, 2016 at 12:16:13 PM UTC+7, Paul Grosu wrote: >>>> >>>> >>>> Of course :) You have two options: >>>> >>>> 1) Use the Google APIs Client Library for C++: >>>> >>>> >>>> https://google.github.io/google-api-cpp-client/latest/guide/oauth2.html >>>> <https://google.github.io/google-api-cpp-client/latest/guide/oauth2.html> >>>> >>>> 2) Or just use execve system call to run an external program to >>>> provide the token :) >>>> >>>> ~p >>>> >>>> On Thursday, August 25, 2016 at 1:05:08 AM UTC-4, Manh Tran wrote: >>>>> >>>>> Are there any way to get token within my C++ program? >>>>> >>>>> Thanks. >>>>> On Thursday, August 25, 2016 at 9:09:54 AM UTC+7, Nicolas Noble wrote: >>>>>> >>>>>> It depends on your platform. But basically, you need to use and >>>>>> authenticate with the gcloud command line tool, which will create the >>>>>> token >>>>>> for you that will be read by grpc automatically. >>>>>> >>>>>> See https://cloud.google.com/sdk/gcloud/reference/auth/login about >>>>>> how to do that. >>>>>> >>>>>> On Wed, Aug 24, 2016, 18:43 Manh Tran <[email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I'm writing a gRPC client connect to google cloud speech. I think it >>>>>>> needs an access token to connect to google cloud. Please tell me how to >>>>>>> get >>>>>>> an access token OAuth2 on gRPC C++. >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "grpc.io" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/grpc-io/25d7e7d5-8d67-4f0c-96bd-775a9397e4d4%40googlegroups.com >>>>>>> >>>>>>> <https://groups.google.com/d/msgid/grpc-io/25d7e7d5-8d67-4f0c-96bd-775a9397e4d4%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/27455db0-28b3-4c35-afd8-fe2eb08c4779%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
