package sts

import "google.golang.org/grpc/credentials/sts"

Package sts implements call credentials using STS (Security Token Service) as defined in https://tools.ietf.org/html/rfc8693.

Experimental

Notice: All APIs in this package are experimental and may be changed or removed in a later release.

Index

Functions

func NewCredentials 

func NewCredentials(opts Options) (credentials.PerRPCCredentials, error)

NewCredentials returns a new PerRPCCredentials implementation, configured using opts, which performs token exchange using STS.

Types

type Options 

type Options struct {
	// TokenExchangeServiceURI is the address of the server which implements STS
	// token exchange functionality.
	TokenExchangeServiceURI string // Required.

	// Resource is a URI that indicates the target service or resource where the
	// client intends to use the requested security token.
	Resource string // Optional.

	// Audience is the logical name of the target service where the client
	// intends to use the requested security token
	Audience string // Optional.

	// Scope is a list of space-delimited, case-sensitive strings, that allow
	// the client to specify the desired scope of the requested security token
	// in the context of the service or resource where the token will be used.
	// If this field is left unspecified, a default value of
	// https://www.googleapis.com/auth/cloud-platform will be used.
	Scope string // Optional.

	// RequestedTokenType is an identifier, as described in
	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
	// the requested security token.
	RequestedTokenType string // Optional.

	// SubjectTokenPath is a filesystem path which contains the security token
	// that represents the identity of the party on behalf of whom the request
	// is being made.
	SubjectTokenPath string // Required.

	// SubjectTokenType is an identifier, as described in
	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
	// the security token in the "subject_token_path" parameter.
	SubjectTokenType string // Required.

	// ActorTokenPath is a  security token that represents the identity of the
	// acting party.
	ActorTokenPath string // Optional.

	// ActorTokenType is an identifier, as described in
	// https://tools.ietf.org/html/rfc8693#section-3, that indicates the type of
	// the security token in the "actor_token_path" parameter.
	ActorTokenType string // Optional.
}

Options configures the parameters used for an STS based token exchange.

func (Options) String 

func (o Options) String() string

Source Files

sts.go

Version
v1.70.0 (latest)
Published
Jan 23, 2025
Platform
linux/amd64
Imports
15 packages
Last checked
17 hours ago

Tools for package owners.