google

package module

v0.0.0-...-75cf163 Latest Latest Go to latest Published: Aug 18, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/salrashid123/oauth2

Documentation ¶

Index ¶

func ImpersonatedTokenSource(tokenConfig *ImpersonatedTokenConfig) (oauth2.TokenSource, error)
type ImpersonatedTokenConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ImpersonatedTokenSource ¶

func ImpersonatedTokenSource(tokenConfig *ImpersonatedTokenConfig) (oauth2.TokenSource, error)

ImpersonatedTokenSource returns a TokenSource issued to a user or service account to impersonate another. The source project using ImpersonatedTokenSource must enable the "IAMCredentials" API. Also, the target service account must grant the orginating principal the "Service Account Token Creator" IAM role: https://cloud.google.com/iam/docs/service-accounts#the_service_account_token_creator_role

rootSource (TokenSource): The root TokenSource
   used as to acquire the target identity TokenSource.
   rootSource *must* include scopes that contains
   "https://www.googleapis.com/auth/iam"
   or
   "https://www.googleapis.com/auth/cloud.platform"
targetPrincipal (string): The service account to impersonate.
targetScopes ([]string): Scopes to request during the
   authorization grant.
delegates ([]string): The chained list of delegates required
   to grant the final access_token. If set, the sequence of
   identities must have "Service Account Token Creator" capability
   granted to the preceeding identity. For example, if set to
   [serviceAccountB, serviceAccountC], the source_credential
   must have the Token Creator role on serviceAccountB.
   serviceAccountB must have the Token Creator on serviceAccountC.
   Finally, C must have Token Creator on target_principal.
   If left unset, source_credential must have that role on
   target_principal.
lifetime (time.Duration): Number of seconds the impersonated credential should
   be valid for (up to 3600).
subject (string): Subject fieild used for Gsuites Domain Wide Delegation.
   Specify this field ONLY if you wish to use Google GSuites Admin SDK and utilize
   domain wide delegation with impersonated credentials.
   https://developers.google.com/admin-sdk/directory/v1/guides/delegation

Note that this is not a standard OAuth flow, but rather uses Google Cloud IAMCredentials API to exchange one oauth token for an impersonated account see: https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateAccessToken

Types ¶

type ImpersonatedTokenConfig ¶

type ImpersonatedTokenConfig struct {
	RootTokenSource oauth2.TokenSource
	TargetPrincipal string
	Lifetime        time.Duration
	Delegates       []string
	TargetScopes    []string
	Subject         string
}

ImpersonatedTokenConfig prameters to start Credential impersonation exchange.

Source Files ¶

View all Source files

impersonate.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL