krombel/oauth2
1
0
Fork 0
forked from remote/oauth2
Code Pull Requests 1 Activity

Update basecredentials.go

Browse Source
This commit is contained in:
gIthuriel
2021-06-22 13:03:04 -07:00
committed by GitHub
parent 89cec012bb
commit 78072af7e1
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
google/internal/externalaccount/basecredentials.go
View File

@@ -16,13 +16,13 @@ import (
// now aliases time.Now for testing // now aliases time.Now for testing
var now = time.Now var now = time.Now
// Config stores the configuration for fetching tokens with external credentials: // Config stores the configuration for fetching tokens with external credentials.
type Config struct { type Config struct {
// Audience is the STS audience which contains the resource name for the workload // Audience is the Secure Token Service (STS) audience which contains the resource name for the workload
// identity pool or the workforce pool and the provider identifier in that pool. // identity pool or the workforce pool and the provider identifier in that pool.
Audience string Audience string
// SubjectTokenType is the STS token type based on the Oauth2.0 token exchange spec // SubjectTokenType is the STS token type based on the Oauth2.0 token exchange spec
// e.g. `urn:ietf:params:oauth:token-type:jwt` // e.g. `urn:ietf:params:oauth:token-type:jwt`.
SubjectTokenType string SubjectTokenType string
// TokenURL is the STS token exchange endpoint. // TokenURL is the STS token exchange endpoint.
TokenURL string TokenURL string
@@ -33,10 +33,11 @@ type Config struct {
// ServiceAccountImpersonationURL is the URL for the service account impersonation request. This is only // ServiceAccountImpersonationURL is the URL for the service account impersonation request. This is only
// required for workload identity pools when APIs to be accessed have not integrated with UberMint. // required for workload identity pools when APIs to be accessed have not integrated with UberMint.
ServiceAccountImpersonationURL string ServiceAccountImpersonationURL string
// ClientID and ClientSecret are currently only required if token_info endpoint also // ClientSecret is currently only required if token_info endpoint also
// needs to be called with the generated GCP access token. When provided, STS will be // needs to be called with the generated GCP access token. When provided, STS will be
// called with additional basic authentication using client_id as username and client_secret as password. // called with additional basic authentication using client_id as username and client_secret as password.
ClientSecret string ClientSecret string
// ClientID is only required in conjunction with ClientSecret, as described above.
ClientID string ClientID string
// CredentialSource contains the necessary information to retrieve the token itself, as well // CredentialSource contains the necessary information to retrieve the token itself, as well
// as some environmental information. // as some environmental information.