func NewTokenProvider(opts *Options) (auth.TokenProvider, error)
NewTokenProvider uses a source credential, stored in Ts, to request an access token to the provided URL. Scopes can be defined when the access token is requested.
Options for NewTokenProvider.
type Options struct {
// Tp is the source credential used to generate a token on the
// impersonated service account. Required.
Tp auth.TokenProvider
// URL is the endpoint to call to generate a token
// on behalf of the service account. Required.
URL string
// Scopes that the impersonated credential should have. Required.
Scopes []string
// Delegates are the service account email addresses in a delegation chain.
// Each service account must be granted roles/iam.serviceAccountTokenCreator
// on the next service account in the chain. Optional.
Delegates []string
// TokenLifetimeSeconds is the number of seconds the impersonation token will
// be valid for. Defaults to 1 hour if unset. Optional.
TokenLifetimeSeconds int
// Client configures the underlying client used to make network requests
// when fetching tokens. Required.
Client *http.Client
}
func (o *Options) Token(ctx context.Context) (*auth.Token, error)
Token performs the exchange to get a temporary service account token to allow access to GCP.