...

Package externalaccountuser

import "cloud.google.com/go/auth/credentials/internal/externalaccountuser"
Overview
Index

Overview ▾

func NewTokenProvider

func NewTokenProvider(opts *Options) (auth.TokenProvider, error)

NewTokenProvider returns a cloud.google.com/go/auth.TokenProvider configured with the provided options.

type Options

Options stores the configuration for fetching tokens with external authorized user credentials.

type Options struct {
    // Audience is the Secure Token Service (STS) audience which contains the
    // resource name for the workforce pool and the provider identifier in that
    // pool.
    Audience string
    // RefreshToken is the OAuth 2.0 refresh token.
    RefreshToken string
    // TokenURL is the STS token exchange endpoint for refresh.
    TokenURL string
    // TokenInfoURL is the STS endpoint URL for token introspection. Optional.
    TokenInfoURL string
    // ClientID is only required in conjunction with ClientSecret, as described
    // below.
    ClientID string
    // ClientSecret is currently only required if token_info endpoint also needs
    // to be called with the generated a cloud access token. When provided, STS
    // will be called with additional basic authentication using client_id as
    // username and client_secret as password.
    ClientSecret string
    // Scopes contains the desired scopes for the returned access token.
    Scopes []string

    // Client for token request.
    Client *http.Client
}