-
Notifications
You must be signed in to change notification settings - Fork 305
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: define
google.auth.downscoped.Credentials
class (#801)
* feat: define `google.auth.downscoped.Credentials` class This is based on [Downscoping with Credential Access Boundaries](https://cloud.google.com/iam/docs/downscoping-short-lived-credentials). The new credentials are initialized mainly using elevated source credentials and a `google.auth.downscoped.CredentialAccessBoundary` instance. The credentials will then get access tokens from the source credentials and exchange them via the GCP STS token exchange endpoint using the provided credentials access boundary rules for downscoped access tokens. The new credentials will inherit the source credentials' scopes but the scopes are not exposed as we cannot always determine the scopes form the source credentials. * Fixes typos in comments. * Addresses review comments. * Moves all constants in the test file to module scope.
- Loading branch information
1 parent
d3944af
commit 2f5c3a6
Showing
2 changed files
with
353 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters