google-auth-library-php icon indicating copy to clipboard operation
google-auth-library-php copied to clipboard

Published 20 hours ago verified publisher icon googleapis

Add support for "executable" credential source

Open bshaffer opened this issue 1 year ago • 0 comments

See the NodeJs implementation for reference.

Support the "executable" credential source for external account credentials. For example:

{
  "type": "external_account", 
  "audience": "//iam.googleapis.com/locations/global/workforcePools/$WF_POOL_ID/providers/$PROVIDER_ID",
  "subject_token_type": "urn:ietf:params:oauth:token-type:jwt",
  "token_url": "https://sts.googleapis.com/v1/token",
  "token_info_url": "https://sts.googleapis.com/v1alpha/token_info", 
  "credential_source": {
    "executable": {
      "command": "/path/to/get/credentials.sh --arg1=value1 --arg2=value2",
      "timeout_millis": 1500,
      "interactive_timeout_millis": 30000,
      "output_file": "/path/to/generated/cached/credentials/"
    }
  }
}

bshaffer avatar Jan 11 '24 19:01 bshaffer