1 // Copyright 2018 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4 5 // Package google provides support for making OAuth2 authorized and authenticated
6 // HTTP requests to Google APIs. It supports the Web server flow, client-side
7 // credentials, service accounts, Google Compute Engine service accounts,
8 // Google App Engine service accounts and workload identity federation
9 // from non-Google cloud platforms.
10 //
11 // A brief overview of the package follows. For more information, please read
12 // https://developers.google.com/accounts/docs/OAuth2
13 // and
14 // https://developers.google.com/accounts/docs/application-default-credentials.
15 // For more information on using workload identity federation, refer to
16 // https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation.
17 //
18 // # OAuth2 Configs
19 //
20 // Two functions in this package return golang.org/x/oauth2.Config values from Google credential
21 // data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
22 // the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
23 // create an http.Client.
24 //
25 // # Workload and Workforce Identity Federation
26 //
27 // For information on how to use Workload and Workforce Identity Federation, see [golang.org/x/oauth2/google/externalaccount].
28 //
29 // # Credentials
30 //
31 // The Credentials type represents Google credentials, including Application Default
32 // Credentials.
33 //
34 // Use FindDefaultCredentials to obtain Application Default Credentials.
35 // FindDefaultCredentials looks in some well-known places for a credentials file, and
36 // will call AppEngineTokenSource or ComputeTokenSource as needed.
37 //
38 // Application Default Credentials also support workload identity federation to
39 // access Google Cloud resources from non-Google Cloud platforms including Amazon
40 // Web Services (AWS), Microsoft Azure or any identity provider that supports
41 // OpenID Connect (OIDC). Workload identity federation is recommended for
42 // non-Google Cloud environments as it avoids the need to download, manage and
43 // store service account private keys locally.
44 //
45 // DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
46 // then use the credentials to construct an http.Client or an oauth2.TokenSource.
47 //
48 // Use CredentialsFromJSON to obtain credentials from either of the two JSON formats
49 // described in OAuth2 Configs, above. The TokenSource in the returned value is the
50 // same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
51 // JWTConfigFromJSON, but the Credentials may contain additional information
52 // that is useful is some circumstances.
53 package google // import "golang.org/x/oauth2/google"
54