Class IdentityPoolClient (7.13.0)

Defines the Url-sourced and file-sourced external account clients mainly used for K8s and Azure workloads.

Inheritance

EventEmitter > AuthClient > BaseExternalAccountClient > IdentityPoolClient

Package

google-auth-library

Constructors

(constructor)(options, additionalOptions)

constructor(options: IdentityPoolClientOptions, additionalOptions?: RefreshOptions);

Instantiate an IdentityPoolClient instance using the provided JSON object loaded from an external account credentials file. An error is thrown if the credential is not a valid file-sourced or url-sourced credential or a workforce pool user project is provided with a non workforce audience.

Parameters
NameDescription
options IdentityPoolClientOptions

The external account options object typically loaded from the external account JSON credential file.

additionalOptions RefreshOptions

Optional additional behavior customization options. These currently customize expiration threshold time and whether to retry on 401/403 API request errors.

Methods

retrieveSubjectToken()

retrieveSubjectToken(): Promise<string>;

Triggered when a external subject token is needed to be exchanged for a GCP access token via GCP STS endpoint. This uses the options.credential_source object to figure out how to retrieve the token using the current environment. In this case, this either retrieves the local credential from a file location (k8s workload) or by sending a GET request to a local metadata server (Azure workloads). A promise that resolves with the external subject token.

Returns
TypeDescription
Promise<string>