bq_auth {bigrquery} | R Documentation |
Authorize bigrquery
Description
Authorize bigrquery to view and manage your BigQuery projects. This function is a
wrapper around gargle::token_fetch()
.
By default, you are directed to a web browser, asked to sign in to your Google account, and to grant bigrquery permission to operate on your behalf with Google BigQuery. By default, with your permission, these user credentials are cached in a folder below your home directory, from where they can be automatically refreshed, as necessary. Storage at the user level means the same token can be used across multiple projects and tokens are less likely to be synced to the cloud by accident.
Usage
bq_auth(
email = gargle::gargle_oauth_email(),
path = NULL,
scopes = c("https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/cloud-platform"),
cache = gargle::gargle_oauth_cache(),
use_oob = gargle::gargle_oob_default(),
token = NULL
)
Arguments
email |
Optional. If specified,
Defaults to the option named |
path |
JSON identifying the service account, in one of the forms
supported for the |
scopes |
A character vector of scopes to request. Pick from those listed at https://developers.google.com/identity/protocols/oauth2/scopes. |
cache |
Specifies the OAuth token cache. Defaults to the option named
|
use_oob |
Whether to use out-of-band authentication (or, perhaps, a
variant implemented by gargle and known as "pseudo-OOB") when first
acquiring the token. Defaults to the value returned by
If the OAuth client is provided implicitly by a wrapper package, its type
probably defaults to the value returned by
|
token |
A token with class Token2.0 or an object of
httr's class |
Details
Most users, most of the time, do not need to call bq_auth()
explicitly – it is triggered by the first action that requires
authorization. Even when called, the default arguments often suffice.
However, when necessary, bq_auth()
allows the user to explicitly:
Declare which Google identity to use, via an
email
specification.Use a service account token or workload identity federation via
path
.Bring your own
token
.Customize
scopes
.Use a non-default
cache
folder or turn caching off.Explicitly request out-of-band (OOB) auth via
use_oob
.
If you are interacting with R within a browser (applies to RStudio
Server, Posit Workbench, Posit Cloud, and Google Colaboratory), you need
OOB auth or the pseudo-OOB variant. If this does not happen
automatically, you can request it explicitly with use_oob = TRUE
or,
more persistently, by setting an option via
options(gargle_oob_default = TRUE)
.
The choice between conventional OOB or pseudo-OOB auth is determined
by the type of OAuth client. If the client is of the "installed" type,
use_oob = TRUE
results in conventional OOB auth. If the client is of
the "web" type, use_oob = TRUE
results in pseudo-OOB auth. Packages
that provide a built-in OAuth client can usually detect which type of
client to use. But if you need to set this explicitly, use the
"gargle_oauth_client_type"
option:
options(gargle_oauth_client_type = "web") # pseudo-OOB # or, alternatively options(gargle_oauth_client_type = "installed") # conventional OOB
For details on the many ways to find a token, see
gargle::token_fetch()
. For deeper control over auth, use
bq_auth_configure()
to bring your own OAuth client or API key.
To learn more about gargle options, see gargle::gargle_options.
See Also
Other auth functions:
bq_auth_configure()
,
bq_deauth()
Examples
## Not run:
## load/refresh existing credentials, if available
## otherwise, go to browser for authentication and authorization
bq_auth()
## force use of a token associated with a specific email
bq_auth(email = "jenny@example.com")
## force a menu where you can choose from existing tokens or
## choose to get a new one
bq_auth(email = NA)
## use a 'read only' scope, so it's impossible to change data
bq_auth(
scopes = "https://www.googleapis.com/auth/devstorage.read_only"
)
## use a service account token
bq_auth(path = "foofy-83ee9e7c9c48.json")
## End(Not run)