Documentation

Overview

Package sts implements call credentials using STS (Security Token Service) as defined in https://tools.ietf.org/html/rfc8693.

Experimental

Notice: All APIs in this package are experimental and may be changed or removed in a later release.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCredentials

func NewCredentials(opts Options) (credentials.PerRPCCredentials, error)

NewCredentials returns a new PerRPCCredentials implementation, configured using opts, which performs token exchange using STS.

Types

type Options

type Options struct {
	// TokenExchangeServiceURI is the address of the server which implements STS
	// token exchange functionality.
	TokenExchangeServiceURI string // Required.

	// Resource is a URI that indicates the target service or resource where the
	// client intends to use the requested security token.
	Resource string // Optional.

	// Audience is the logical name of the target service where the client
	// intends to use the requested security token
	Audience string // Optional.

	// Scope is a list of space-delimited, case-sensitive strings, that allow
	// the client to specify the desired scope of the requested security token
	// in the context of the service or resource where the token will be used.
	// If this field is left unspecified, a default value of
	// https://www.googleapis.com/auth/cloud-platform will be used.
	Scope string // Optional.

	// RequestedTokenType is an identifier, as described in
	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
	// the requested security token.
	RequestedTokenType string // Optional.

	// SubjectTokenPath is a filesystem path which contains the security token
	// that represents the identity of the party on behalf of whom the request
	// is being made.
	SubjectTokenPath string // Required.

	// SubjectTokenType is an identifier, as described in
	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
	// the security token in the "subject_token_path" parameter.
	SubjectTokenType string // Required.

	// ActorTokenPath is a  security token that represents the identity of the
	// acting party.
	ActorTokenPath string // Optional.

	// ActorTokenType is an identifier, as described in
	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
	// the the security token in the "actor_token_path" parameter.
	ActorTokenType string // Optional.
}

Options configures the parameters used for an STS based token exchange.

func (Options) String

func (o Options) String() string

Source Files