Documentation

Overview

Package sts implements call credentials using STS (Security Token Service) as defined in https://tools.ietf.org/html/rfc8693.

Experimental

Notice: All APIs in this package are experimental and may be changed or removed in a later release.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewCredentials

func NewCredentials(opts Options) (credentials.PerRPCCredentials, error)

    NewCredentials returns a new PerRPCCredentials implementation, configured using opts, which performs token exchange using STS.

    Types

    type Options

    type Options struct {
    	// TokenExchangeServiceURI is the address of the server which implements STS
    	// token exchange functionality.
    	TokenExchangeServiceURI string // Required.
    
    	// Resource is a URI that indicates the target service or resource where the
    	// client intends to use the requested security token.
    	Resource string // Optional.
    
    	// Audience is the logical name of the target service where the client
    	// intends to use the requested security token
    	Audience string // Optional.
    
    	// Scope is a list of space-delimited, case-sensitive strings, that allow
    	// the client to specify the desired scope of the requested security token
    	// in the context of the service or resource where the token will be used.
    	// If this field is left unspecified, a default value of
    	// https://www.googleapis.com/auth/cloud-platform will be used.
    	Scope string // Optional.
    
    	// RequestedTokenType is an identifier, as described in
    	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
    	// the requested security token.
    	RequestedTokenType string // Optional.
    
    	// SubjectTokenPath is a filesystem path which contains the security token
    	// that represents the identity of the party on behalf of whom the request
    	// is being made.
    	SubjectTokenPath string // Required.
    
    	// SubjectTokenType is an identifier, as described in
    	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
    	// the security token in the "subject_token_path" parameter.
    	SubjectTokenType string // Required.
    
    	// ActorTokenPath is a  security token that represents the identity of the
    	// acting party.
    	ActorTokenPath string // Optional.
    
    	// ActorTokenType is an identifier, as described in
    	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
    	// the the security token in the "actor_token_path" parameter.
    	ActorTokenType string // Optional.
    }

      Options configures the parameters used for an STS based token exchange.

      func (Options) String

      func (o Options) String() string

      Source Files