1 | import { BaseExternalAccountClient, BaseExternalAccountClientOptions } from './baseexternalclient';
|
2 | import { RefreshOptions } from './oauth2client';
|
3 | declare type SubjectTokenFormatType = 'json' | 'text';
|
4 |
|
5 |
|
6 |
|
7 |
|
8 | export interface IdentityPoolClientOptions extends BaseExternalAccountClientOptions {
|
9 | credential_source: {
|
10 | file?: string;
|
11 | url?: string;
|
12 | headers?: {
|
13 | [key: string]: string;
|
14 | };
|
15 | format?: {
|
16 | type: SubjectTokenFormatType;
|
17 | subject_token_field_name?: string;
|
18 | };
|
19 | };
|
20 | }
|
21 |
|
22 |
|
23 |
|
24 |
|
25 | export declare class IdentityPoolClient extends BaseExternalAccountClient {
|
26 | private readonly file?;
|
27 | private readonly url?;
|
28 | private readonly headers?;
|
29 | private readonly formatType;
|
30 | private readonly formatSubjectTokenFieldName?;
|
31 | |
32 |
|
33 |
|
34 |
|
35 |
|
36 |
|
37 |
|
38 |
|
39 |
|
40 |
|
41 |
|
42 |
|
43 | constructor(options: IdentityPoolClientOptions, additionalOptions?: RefreshOptions);
|
44 | /**
|
45 | * Triggered when a external subject token is needed to be exchanged for a GCP
|
46 | * access token via GCP STS endpoint.
|
47 | * This uses the `options.credential_source` object to figure out how
|
48 | * to retrieve the token using the current environment. In this case,
|
49 | * this either retrieves the local credential from a file location (k8s
|
50 | * workload) or by sending a GET request to a local metadata server (Azure
|
51 | * workloads).
|
52 | * @return A promise that resolves with the external subject token.
|
53 | */
|
54 | retrieveSubjectToken(): Promise<string>;
|
55 | /**
|
56 | * Looks up the external subject token in the file path provided and
|
57 | * resolves with that token.
|
58 | * @param file The file path where the external credential is located.
|
59 | * @param formatType The token file or URL response type (JSON or text).
|
60 | * @param formatSubjectTokenFieldName For JSON response types, this is the
|
61 | * subject_token field name. For Azure, this is access_token. For text
|
62 | * response types, this is ignored.
|
63 | * @return A promise that resolves with the external subject token.
|
64 | */
|
65 | private getTokenFromFile;
|
66 | /**
|
67 | * Sends a GET request to the URL provided and resolves with the returned
|
68 | * external subject token.
|
69 | * @param url The URL to call to retrieve the subject token. This is typically
|
70 | * a local metadata server.
|
71 | * @param formatType The token file or URL response type (JSON or text).
|
72 | * @param formatSubjectTokenFieldName For JSON response types, this is the
|
73 | * subject_token field name. For Azure, this is access_token. For text
|
74 | * response types, this is ignored.
|
75 | * @param headers The optional additional headers to send with the request to
|
76 | * the metadata server url.
|
77 | * @return A promise that resolves with the external subject token.
|
78 | */
|
79 | private getTokenFromUrl;
|
80 | }
|
81 | export {};
|