Package google-auth-library (7.12.0)

AWS external account client. This is used for AWS workloads, where AWS STS GetCallerIdentity serialized signed requests are exchanged for GCP access token.

Base external account client. This is used to instantiate AuthClients for exchanging external account credentials for GCP access token and authorizing requests to GCP APIs. The base class implements common logic for exchanging various type of external credentials for GCP access token. The logic of determining and retrieving the external credential based on the environment and credential_source will be left for the subclasses.

Defines a set of Google credentials that are downscoped from an existing set of Google OAuth2 credentials. This is useful to restrict the Identity and Access Management (IAM) permissions that a short-lived credential can use. The common pattern of usage is to have a token broker with elevated access generate these downscoped credentials from higher access source credentials and pass the downscoped short-lived access tokens to a token consumer via some secure authenticated channel for limited access to Google Cloud Storage resources.

Dummy class with no constructor. Developers are expected to use fromJSON.

Defines the Url-sourced and file-sourced external account clients mainly used for K8s and Azure workloads.

AWS credentials JSON interface. This is used for AWS workloads.

Base external account credentials json interface.

The results from the generateCodeVerifierAsync method. To learn more, See the sample: https://github.com/googleapis/google-auth-library-nodejs/blob/main/samples/oauth2-codeVerifier.js

Defines an upper bound of permissions available for a GCP credential.

Url-sourced/file-sourced credentials json interface. This is used for K8s and Azure workloads.