Reference documentation and code samples for the googleauth class Google::Auth::ServiceAccountCredentials.
Authenticates requests using Google's Service Account credentials via an
OAuth access token.
This class allows authorizing requests for service accounts directly
from credentials from a json key file downloaded from the developer
console (via 'Generate new Json Key').
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# googleauth - Class Google::Auth::ServiceAccountCredentials (v1.15.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.15.0 (latest)](/ruby/docs/reference/googleauth/latest/Google-Auth-ServiceAccountCredentials)\n- [1.14.0](/ruby/docs/reference/googleauth/1.14.0/Google-Auth-ServiceAccountCredentials)\n- [1.13.1](/ruby/docs/reference/googleauth/1.13.1/Google-Auth-ServiceAccountCredentials)\n- [1.12.2](/ruby/docs/reference/googleauth/1.12.2/Google-Auth-ServiceAccountCredentials) \nReference documentation and code samples for the googleauth class Google::Auth::ServiceAccountCredentials.\n\nAuthenticates requests using Google's Service Account credentials via an\nOAuth access token.\n\n\nThis class allows authorizing requests for service accounts directly\nfrom credentials from a json key file downloaded from the developer\nconsole (via 'Generate new Json Key').\n\n\u003cbr /\u003e\n\ncf [Application Default Credentials](https://cloud.google.com/docs/authentication/production) \n\nInherits\n--------\n\n- [Signet::OAuth2::Client](./Signet-OAuth2-Client) \n\nExtended By\n-----------\n\n- [Google::Auth::CredentialsLoader](./Google-Auth-CredentialsLoader)\n- [Google::Auth::JsonKeyReader](./Google-Auth-JsonKeyReader)\n\nMethods\n-------\n\n### .make_creds\n\n def self.make_creds(options = {})\n\nCreates a ServiceAccountCredentials. \n**Parameters**\n\n- **json_key_io** (IO) --- An IO object containing the JSON key\n- **scope** (string\\|array\\|nil) --- the scope(s) to access \n**Raises**\n\n- (ArgumentError) --- If both scope and target_audience are specified\n\n### .unescape\n\n def self.unescape(str) -\u003e String\n\nHandles certain escape sequences that sometimes appear in input.\nSpecifically, interprets the \"\\\\n\" sequence for newline, and removes\nenclosing quotes. \n**Parameter**\n\n- **str** (String) --- The string to unescape \n**Returns**\n\n- (String) --- The unescaped string\n\n### #apply!\n\n def apply!(a_hash, opts = {})\n\nExtends the base class to use a transient\nServiceAccountJwtHeaderCredentials for certain cases.\n\n### #duplicate\n\n def duplicate(options = {})\n\nCreates a duplicate of these credentials\nwithout the Signet::OAuth2::Client-specific\ntransient state (e.g. cached tokens) \n**Parameter**\n\n- **options** (Hash) ---\n\n Overrides for the credentials parameters.\n The following keys are recognized in addition to keys in the\n Signet::OAuth2::Client\n - `:enable_self_signed_jwt` Whether the self-signed JWT should be used for the authentication\n - `project_id` the project id to use during the authentication\n - `quota_project_id` the quota project id to use during the authentication\n\n### #enable_self_signed_jwt?\n\n def enable_self_signed_jwt?() -\u003e Boolean\n\n**Returns**\n\n- (Boolean)\n\n### #initialize\n\n def initialize(options = {}) -\u003e ServiceAccountCredentials\n\n**Returns**\n\n- ([ServiceAccountCredentials](./Google-Auth-ServiceAccountCredentials)) --- a new instance of ServiceAccountCredentials\n\n### #needs_access_token?\n\n def needs_access_token?() -\u003e Boolean\n\nModifies this logic so it also requires self-signed-jwt to be disabled \n**Returns**\n\n- (Boolean)\n\n### #project_id\n\n def project_id()\n\nReturns the value of attribute project_id.\n\n### #quota_project_id\n\n def quota_project_id()\n\nReturns the value of attribute quota_project_id.\n\n### #update!\n\n def update!(options = {}) -\u003e Google::Auth::ServiceAccountCredentials\n\nDestructively updates these credentials\n\n\n\u003cbr /\u003e\n\nThis method is called by `Signet::OAuth2::Client`'s constructor \n**Parameter**\n\n- **options** (Hash) ---\n\n Overrides for the credentials parameters.\n The following keys are recognized in addition to keys in the\n Signet::OAuth2::Client\n - `:enable_self_signed_jwt` Whether the self-signed JWT should be used for the authentication\n - `project_id` the project id to use during the authentication\n- `quota_project_id` the quota project id to use during the authentication \n**Returns**\n\n- ([Google::Auth::ServiceAccountCredentials](./Google-Auth-ServiceAccountCredentials))\n\nConstants\n---------\n\n### TOKEN_CRED_URI\n\n**value:** \"\u003chttps://www.googleapis.com/oauth2/v4/token\".freeze\u003e"]]
