Defines the Url-sourced and file-sourced external account clients mainly used for K8s and Azure workloads.
Package
google-auth-libraryConstructors
(constructor)(options, additionalOptions)
constructor(options: IdentityPoolClientOptions, additionalOptions?: RefreshOptions);
Instantiate an IdentityPoolClient instance using the provided JSON object loaded from an external account credentials file. An error is thrown if the credential is not a valid file-sourced or url-sourced credential or a workforce pool user project is provided with a non workforce audience.
Name | Description |
options |
IdentityPoolClientOptions
The external account options object typically loaded from the external account JSON credential file. |
additionalOptions |
RefreshOptions
Optional additional behavior customization options. These currently customize expiration threshold time and whether to retry on 401/403 API request errors. |
Methods
retrieveSubjectToken()
retrieveSubjectToken(): Promise<string>;
Triggered when a external subject token is needed to be exchanged for a GCP access token via GCP STS endpoint. This uses the options.credential_source
object to figure out how to retrieve the token using the current environment. In this case, this either retrieves the local credential from a file location (k8s workload) or by sending a GET request to a local metadata server (Azure workloads). A promise that resolves with the external subject token.
Type | Description |
Promise<string> |