Gemini.Auth.VertexStrategy (GeminiEx v0.10.0)

Copy Markdown View Source

Authentication strategy for Google Vertex AI using OAuth2/Service Account.

This strategy supports multiple authentication methods:

  • Service Account JSON file (via VERTEX_JSON_FILE environment variable)
  • OAuth2 access tokens
  • Application Default Credentials (ADC)

Based on the Vertex AI documentation, this strategy can generate self-signed JWTs for authenticated endpoints and standard Bearer tokens for regular API calls.

ADC Support

If no explicit credentials are provided, this strategy will automatically fall back to Application Default Credentials (ADC), which searches for credentials in the following order:

  1. GOOGLE_APPLICATION_CREDENTIALS environment variable
  2. User credentials from gcloud CLI (~/.config/gcloud/application_default_credentials.json)
  3. GCP metadata server (for Cloud Run, GKE, Compute Engine, etc.)

Summary

Functions

authenticate(arg1)

Authenticate with Vertex AI using various methods.

create_signed_jwt(service_account_email, audience, credentials, opts \\ [])

Create a signed JWT for authenticated Vertex AI endpoints.

headers(credentials)

Get authentication headers for Vertex AI requests.

Functions

authenticate(arg1)

Authenticate with Vertex AI using various methods.

Supports the following authentication methods:

  • OAuth2 with project_id and location
  • Service Account with key file path
  • Service Account with key data
  • Direct access token

create_signed_jwt(service_account_email, audience, credentials, opts \\ [])

@spec create_signed_jwt(String.t(), String.t(), map(), keyword()) ::
  {:ok, String.t()} | {:error, term()}

Create a signed JWT for authenticated Vertex AI endpoints.

This is used for Vector Search endpoints with JWT authentication as described in v1.md.

Parameters

  • service_account_email: The service account email (issuer)
  • audience: The audience specified during index deployment
  • credentials: The credentials map containing authentication info
  • opts: Additional options for JWT creation

Examples

iex> credentials = %{service_account_key: "/path/to/key.json"}
iex> {:ok, jwt} = Gemini.Auth.VertexStrategy.create_signed_jwt(
...>   "my-service@project.iam.gserviceaccount.com",
...>   "my-app-audience",
...>   credentials
...> )

headers(credentials)

Get authentication headers for Vertex AI requests.

Supports multiple credential types:

  • %{access_token: token} - Direct access token
  • %{service_account_key: path} - Service account JSON file path
  • %{service_account_data: data} - Service account JSON data
  • %{jwt_token: token} - Pre-signed JWT token

Returns {:ok, headers} on success, or {:error, reason} if authentication fails.