google-cloud

jaihindhreddy 2025-10-05T12:24:21.892069Z

Is google's credential discovery chain available as a lightweight Clojure lib with a small number of dependencies? Google's official library pulls in a boat load of stuff, and that irks me 🙂. Also, their Java libs have a extreme amount of indirection and mutable-OOP stuff I'd like to avoid. According to https://cloud.google.com/docs/authentication/application-default-credentials, and a cursory look at the equivalent Python lib called https://github.com/googleapis/google-auth-library-python/blob/ca94ead4035beea4741dc5384449032f8e6f75d8/google/auth/_default.py#L639-L648, it looks like we should be able to get away with just two functions: 1. A discover-creds fn which looks for creds in these places (in this order): a. a JSON filepath in GOOGLE_APPLICATION_CREDENTIALS. b. a JSON file in a well known location: ~/.config/gcloud/application_default_credentials.json (slightly different on windows ofc) c. If on GAE, calls some GRPC stuff to get data. d. If on GCE, calls Google's metadata server to get data. 2. A auth-from-creds fn which given the creds and some opts, returns a fn that returns the value of Authorization header to use, caching that value, and refreshing when needed. There are https://github.com/googleapis/google-auth-library-python/blob/ca94ead4035beea4741dc5384449032f8e6f75d8/google/auth/_default.py#L33-L38, identified by the value of the type key in the creds. Except for requiring GRPC in GAE, I don't see any reason why anything other than an HTTP client and a JSON lib are required to implement this. And besides, Google seems to auto-include a GRPC lib when running in GAE. Is there such a lightweight option already available, that I'm not seeing?

xlfe 2025-10-18T10:41:08.035819Z

Yeah we've had good luck with - I don't think it pulls in many deps (compare to some of the Google Java libraries which seem to pull in everything!) com.google.auth/google-auth-library-oauth2-http

lukasz 2025-10-05T14:08:41.035059Z

I’m not at my computer right now but there’s a library that’s a core dep of GCP Java SDK which only deals with auth, that might be sufficient. Just my 2c: In my experience Cloud SDK libraries aren’t that bad - at work I maintain internal wrappers for PubSub, GCS, Vertex and couple of others.

1