...

Package sts

import "google.golang.org/grpc/credentials/sts"
Overview
Index

Overview ▾

Package sts implements call credentials using STS (Security Token Service) as defined in https://tools.ietf.org/html/rfc8693.

Experimental

Notice: All APIs in this package are experimental and may be changed or removed in a later release.

func NewCredentials 

func NewCredentials(opts Options) (credentials.PerRPCCredentials, error)

NewCredentials returns a new PerRPCCredentials implementation, configured using opts, which performs token exchange using STS.

type Options

Options configures the parameters used for an STS based token exchange. 

type Options struct {
    // TokenExchangeServiceURI is the address of the server which implements STS
    // token exchange functionality.
    TokenExchangeServiceURI string // Required.

    // Resource is a URI that indicates the target service or resource where the
    // client intends to use the requested security token.
    Resource string // Optional.

    // Audience is the logical name of the target service where the client
    // intends to use the requested security token
    Audience string // Optional.

    // Scope is a list of space-delimited, case-sensitive strings, that allow
    // the client to specify the desired scope of the requested security token
    // in the context of the service or resource where the token will be used.
    // If this field is left unspecified, a default value of
    // https://www.googleapis.com/auth/cloud-platform will be used.
    Scope string // Optional.

    // RequestedTokenType is an identifier, as described in
    // https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
    // the requested security token.
    RequestedTokenType string // Optional.

    // SubjectTokenPath is a filesystem path which contains the security token
    // that represents the identity of the party on behalf of whom the request
    // is being made.
    SubjectTokenPath string // Required.

    // SubjectTokenType is an identifier, as described in
    // https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
    // the security token in the "subject_token_path" parameter.
    SubjectTokenType string // Required.

    // ActorTokenPath is a  security token that represents the identity of the
    // acting party.
    ActorTokenPath string // Optional.

    // ActorTokenType is an identifier, as described in
    // https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
    // the security token in the "actor_token_path" parameter.
    ActorTokenType string // Optional.
}

func (Options) String 

func (o Options) String() string