We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
moby
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: cd8873dd3d
分支列表 標籤列表
moby
/
vendor
/
golang.org
/
x
/
oauth2
/
google
/
doc.go

doc.go 4.6 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. // Copyright 2018 The Go Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. // Package google provides support for making OAuth2 authorized and authenticated
    6. 

  6. // HTTP requests to Google APIs. It supports the Web server flow, client-side
    7. 

  7. // credentials, service accounts, Google Compute Engine service accounts,
    8. 

  8. // Google App Engine service accounts and workload identity federation
    9. 

  9. // from non-Google cloud platforms.
    10. 

  10. //
    11. 

  11. // A brief overview of the package follows. For more information, please read
    12. 

  12. // https://developers.google.com/accounts/docs/OAuth2
    13. 

  13. // and
    14. 

  14. // https://developers.google.com/accounts/docs/application-default-credentials.
    15. 

  15. // For more information on using workload identity federation, refer to
    16. 

  16. // https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation.
    17. 

  17. //
    18. 

  18. // # OAuth2 Configs
    19. 

  19. //
    20. 

  20. // Two functions in this package return golang.org/x/oauth2.Config values from Google credential
    21. 

  21. // data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
    22. 

  22. // the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
    23. 

  23. // create an http.Client.
    24. 

  24. //
    25. 

  25. // # Workload Identity Federation
    26. 

  26. //
    27. 

  27. // Using workload identity federation, your application can access Google Cloud
    28. 

  28. // resources from Amazon Web Services (AWS), Microsoft Azure or any identity
    29. 

  29. // provider that supports OpenID Connect (OIDC).
    30. 

  30. // Traditionally, applications running outside Google Cloud have used service
    31. 

  31. // account keys to access Google Cloud resources. Using identity federation,
    32. 

  32. // you can allow your workload to impersonate a service account.
    33. 

  33. // This lets you access Google Cloud resources directly, eliminating the
    34. 

  34. // maintenance and security burden associated with service account keys.
    35. 

  35. //
    36. 

  36. // Follow the detailed instructions on how to configure Workload Identity Federation
    37. 

  37. // in various platforms:
    38. 

  38. //
    39. 

  39. //	Amazon Web Services (AWS): https://cloud.google.com/iam/docs/access-resources-aws
    40. 

  40. //	Microsoft Azure: https://cloud.google.com/iam/docs/access-resources-azure
    41. 

  41. //	OIDC identity provider: https://cloud.google.com/iam/docs/access-resources-oidc
    42. 

  42. //
    43. 

  43. // For OIDC and SAML providers, the library can retrieve tokens in three ways:
    44. 

  44. // from a local file location (file-sourced credentials), from a server
    45. 

  45. // (URL-sourced credentials), or from a local executable (executable-sourced
    46. 

  46. // credentials).
    47. 

  47. // For file-sourced credentials, a background process needs to be continuously
    48. 

  48. // refreshing the file location with a new OIDC token prior to expiration.
    49. 

  49. // For tokens with one hour lifetimes, the token needs to be updated in the file
    50. 

  50. // every hour. The token can be stored directly as plain text or in JSON format.
    51. 

  51. // For URL-sourced credentials, a local server needs to host a GET endpoint to
    52. 

  52. // return the OIDC token. The response can be in plain text or JSON.
    53. 

  53. // Additional required request headers can also be specified.
    54. 

  54. // For executable-sourced credentials, an application needs to be available to
    55. 

  55. // output the OIDC token and other information in a JSON format.
    56. 

  56. // For more information on how these work (and how to implement
    57. 

  57. // executable-sourced credentials), please check out:
    58. 

  58. // https://cloud.google.com/iam/docs/using-workload-identity-federation#oidc
    59. 

  59. //
    60. 

  60. // # Credentials
    61. 

  61. //
    62. 

  62. // The Credentials type represents Google credentials, including Application Default
    63. 

  63. // Credentials.
    64. 

  64. //
    65. 

  65. // Use FindDefaultCredentials to obtain Application Default Credentials.
    66. 

  66. // FindDefaultCredentials looks in some well-known places for a credentials file, and
    67. 

  67. // will call AppEngineTokenSource or ComputeTokenSource as needed.
    68. 

  68. //
    69. 

  69. // Application Default Credentials also support workload identity federation to
    70. 

  70. // access Google Cloud resources from non-Google Cloud platforms including Amazon
    71. 

  71. // Web Services (AWS), Microsoft Azure or any identity provider that supports
    72. 

  72. // OpenID Connect (OIDC). Workload identity federation is recommended for
    73. 

  73. // non-Google Cloud environments as it avoids the need to download, manage and
    74. 

  74. // store service account private keys locally.
    75. 

  75. //
    76. 

  76. // DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
    77. 

  77. // then use the credentials to construct an http.Client or an oauth2.TokenSource.
    78. 

  78. //
    79. 

  79. // Use CredentialsFromJSON to obtain credentials from either of the two JSON formats
    80. 

  80. // described in OAuth2 Configs, above. The TokenSource in the returned value is the
    81. 

  81. // same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
    82. 

  82. // JWTConfigFromJSON, but the Credentials may contain additional information
    83. 

  83. // that is useful is some circumstances.
    84. 

  84. package google // import "golang.org/x/oauth2/google"
    85.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5