[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[],[],null,["# googleauth - Module Google::Auth::ExternalAccount::BaseCredentials (v1.15.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.15.0 (latest)](/ruby/docs/reference/googleauth/latest/Google-Auth-ExternalAccount-BaseCredentials)\n- [1.14.0](/ruby/docs/reference/googleauth/1.14.0/Google-Auth-ExternalAccount-BaseCredentials)\n- [1.13.1](/ruby/docs/reference/googleauth/1.13.1/Google-Auth-ExternalAccount-BaseCredentials)\n- [1.12.2](/ruby/docs/reference/googleauth/1.12.2/Google-Auth-ExternalAccount-BaseCredentials) \nReference documentation and code samples for the googleauth module Google::Auth::ExternalAccount::BaseCredentials.\n\nAuthenticates requests using External Account credentials, such\nas those provided by the AWS provider or OIDC provider like Azure, etc. \n\nIncludes\n--------\n\n- [Google::Auth::BaseClient](./Google-Auth-BaseClient)\n- [Google::Auth::Helpers::Connection](./Google-Auth-Helpers-Connection)\n\nMethods\n-------\n\n### #access_token\n\n def access_token()\n\nReturns the value of attribute access_token.\n\n### #access_token=\n\n def access_token=(value)\n\nSets the attribute access_token\n\n### #expires_at\n\n def expires_at()\n\nReturns the value of attribute expires_at.\n\n### #expires_at=\n\n def expires_at=(new_expires_at)\n\n### #expires_within?\n\n def expires_within?(seconds) -\u003e Boolean\n\n**Returns**\n\n- (Boolean)\n\n### #fetch_access_token!\n\n def fetch_access_token!(_options = {})\n\n### #is_workforce_pool?\n\n def is_workforce_pool?() -\u003e bool\n\nReturns whether the credentials represent a workforce pool (True) or\nworkload (False) based on the credentials' audience. \n**Returns**\n\n- (bool) --- true if the credentials represent a workforce pool. false if they represent a workload.\n\n### #retrieve_subject_token!\n\n def retrieve_subject_token!() -\u003e string\n\nRetrieves the subject token using the credential_source object. \n**Returns**\n\n- (string) --- The retrieved subject token. \n**Raises**\n\n- (NoMethodError)\n\n### #universe_domain\n\n def universe_domain()\n\nReturns the value of attribute universe_domain.\n\n### #universe_domain=\n\n def universe_domain=(value)\n\nSets the attribute universe_domain\n\nConstants\n---------\n\n### EXTERNAL_ACCOUNT_JSON_TYPE\n\n**value:** \"external_account\".freeze \nExternal account JSON type identifier.\n\n### STS_GRANT_TYPE\n\n**value:** \"urn:ietf:params:oauth:grant-type:token-exchange\".freeze \nThe token exchange grant_type used for exchanging credentials.\n\n### STS_REQUESTED_TOKEN_TYPE\n\n**value:** \"urn:ietf:params:oauth:token-type:access_token\".freeze \nThe token exchange requested_token_type. This is always an access_token.\n\n### IAM_SCOPE\n\n**value:** \\[\"https://www.googleapis.com/auth/iam\".freeze\\].freeze \nDefault IAM_SCOPE"]]
