Class ComputeEngineCredentials<HttpRequestBuilderType, ClockType> (2.21.0)

Takes a service account email address or alias (e.g. "default") and uses the Google Compute Engine instance's metadata server to obtain service account metadata and OAuth 2.0 access tokens as needed. Instances of this class should usually be created via the convenience methods declared in google_credentials.h.

An HTTP Authorization header, with an access token as its value, can be obtained by calling the AuthorizationHeader() method; if the current access token is invalid or nearing expiration, this will class will first obtain a new access token before returning the Authorization header string.

See Also

https://cloud.google.com/compute/docs/authentication#using for details on how to get started with Compute Engine service account credentials.

Prefer using the unified credentials documented in Authentication Components

If unable to obtain a value for the Authorization header, which could happen for Credentials that need to be periodically refreshed, the underlying Status will indicate failure details from the refresh HTTP request. Otherwise, the returned value will contain the Authorization header to be used in HTTP requests.

Some Credentials types can locally sign a blob, most often just on behalf of an specific service account. This function returns an error if the credentials cannot sign the blob at all, or if the service account is a mismatch.