googleauth - Module Google::Auth::ExternalAccount::BaseCredentials (v1.12.0)

Reference documentation and code samples for the googleauth module Google::Auth::ExternalAccount::BaseCredentials.

Authenticates requests using External Account credentials, such as those provided by the AWS provider or OIDC provider like Azure, etc.

Includes

Methods

#access_token

def access_token()

Returns the value of attribute access_token.

#access_token=

def access_token=(value)

Sets the attribute access_token

#expires_at

def expires_at()

Returns the value of attribute expires_at.

#expires_at=

def expires_at=(new_expires_at)

#expires_within?

def expires_within?(seconds) -> Boolean
Returns
  • (Boolean)

#fetch_access_token!

def fetch_access_token!(_options = {})

#is_workforce_pool?

def is_workforce_pool?() -> bool

Returns whether the credentials represent a workforce pool (True) or workload (False) based on the credentials' audience.

Returns
  • (bool) — true if the credentials represent a workforce pool. false if they represent a workload.

#retrieve_subject_token!

def retrieve_subject_token!() -> string

Retrieves the subject token using the credential_source object.

Returns
  • (string) — The retrieved subject token.
Raises
  • (NoMethodError)

#universe_domain

def universe_domain()

Returns the value of attribute universe_domain.

#universe_domain=

def universe_domain=(value)

Sets the attribute universe_domain

Constants

EXTERNAL_ACCOUNT_JSON_TYPE

value: "external_account".freeze
External account JSON type identifier.

STS_GRANT_TYPE

value: "urn:ietf:params:oauth:grant-type:token-exchange".freeze
The token exchange grant_type used for exchanging credentials.

STS_REQUESTED_TOKEN_TYPE

value: "urn:ietf:params:oauth:token-type:access_token".freeze
The token exchange requested_token_type. This is always an access_token.

IAM_SCOPE

value: ["https://www.googleapis.com/auth/iam".freeze].freeze
Default IAM_SCOPE