Expand description
Subject Token Credential Type.
A subject token is a credential that asserts the identity of a workload, application, or a user. In the case of the Workload Identity Federation flow, this allows applications to authenticate to Google Cloud, instead of using long-lived service account keys. The process involves exchanging this subject token for a short-lived Google Cloud access token via the Security Token Service (STS).
This module provides the SubjectTokenProvider trait, which is used to
fetch subject tokens. The Google Cloud client libraries for Rust will typically
use the SubjectTokenProvider automatically for external account credentials.
You might need to implement this trait for advanced authentication scenarios where
you want to integrate a custom subject token fetching mechanism.
§Example
#[derive(Debug)]
struct CustomProviderError {
message: String,
is_transient: bool,
}
impl fmt::Display for CustomProviderError {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
write!(f, "CustomProviderError: {}", self.message)
}
}
impl Error for CustomProviderError {}
impl SubjectTokenProviderError for CustomProviderError {
fn is_transient(&self) -> bool {
self.is_transient
}
}
#[derive(Debug)]
struct MyCustomProvider {
api_key: String,
}
impl SubjectTokenProvider for MyCustomProvider {
type Error = CustomProviderError;
async fn subject_token(&self) -> Result<SubjectToken, Self::Error> {
let token_from_idp = "a-very-secret-token-from-your-idp";
Ok(SubjectTokenBuilder::new(token_from_idp.to_string()).build())
}
}Structs§
- Builder
- A builder for
SubjectTokeninstances. - Subject
Token - Represents a third-party subject token used for authentication.
Traits§
- Subject
Token Provider - Trait for providing a third-party subject token.