Monthly Downloads: 75,265
Programming language: Elixir
License: MIT License
Tags: Authentication    
Latest version: v1.1.0

goth alternatives and similar packages

Based on the "Authentication" category.
Alternatively, view goth alternatives based on common mentions on social networks and blogs.

Do you think we are missing an alternative of goth or a related project?

Add another 'Authentication' Package


Build Status


Google + Auth = Goth

A simple library to generate and retrieve OAuth2 tokens for use with Google Cloud Service accounts.

It can either retrieve tokens using service account credentials or from Google's metadata service for applications running on Google Cloud Platform.


  1. Add Goth to your list of dependencies in mix.exs:

    def deps do
    [{:goth, "~> 1.1.0"}]
  2. Pass in your credentials json downloaded from your GCE account:

  config :goth,
    json: "path/to/google/json/creds.json" |> File.read!

Or, via an ENV var:

  config :goth, json: {:system, "GCP_CREDENTIALS"}

Or, via your own config module:

  config :goth, config_module: MyConfigMod
  defmodule MyConfigMod do
    use Goth.Config

    def init(config) do
      {:ok, Keyword.put(config, :json, System.get_env("MY_GCP_JSON_CREDENTIALS"))}

You can also use a JSON file containing an array of service accounts to be able to use different identities in your application. Each service account will be identified by its client_email, which can be passed to Goth.Token.for_scope/1 to specify which service account to use.

For example, if your JSON file contains the following:

    "client_email": "[email protected]",
    "client_email": "[email protected]",

You can use the following to get a token for the second service account:

def get_token do
  {:ok, token} = Goth.Token.for_scope({
    "[email protected]",

You can skip the last step if your application will run on a GCP or GKE instance with appropriate permissions.

If you need to set the email account to impersonate. For example when using service accounts

  config :goth,
    json: {:system, "GCP_CREDENTIALS"},
    actor_email: "[email protected]"

Alternatively, you can pass your sub email on a per-call basis, for example:

                       "[email protected]")

If you need to disable Goth in certain environments, you can set a disabled flag in your config:

  config :goth,
    disabled: true

This initializes Goth with an empty config, so any attempts to actually generate tokens will fail.


Retrieve a token:

Call Token.for_scope/1 passing in a string of scopes, separated by a space:

alias Goth.Token
{:ok, token} = Token.for_scope("https://www.googleapis.com/auth/pubsub")
    expires: 1453356568,
    token: "ya29.cALlJ4ICWRvMkYB-WsAR-CZnExE459PA7QPqKg5nei9y2T9-iqmbcgxq8XrTATNn_BPim",
    type: "Bearer"