oauth_external_token

Generate OAuth token for an external account.

internal

Provides utilities for working with Google APIs
<https://developers.google.com/apis-explorer>. This includes
functions and classes for handling common credential types and for
preparing, executing, and processing HTTP requests.

Jennifer Bryan

gargle

Utilities for Working with Google APIs

Craig Citro

Hadley Wickham

Google Inc 

RStudio 

oauth_external_token function

<dl><dt>path</dt>
<dd>JSON containing the workload identity configuration for the
external account, in one of the forms supported for the <code>txt</code> argument of
<code><a href="/link/jsonlite%3A%3AfromJSON()?package=gargle&version=1.2.1" data-mini-rdoc="gargle::jsonlite::fromJSON()">jsonlite::fromJSON()</a></code> (probably, a file path, although it could be a JSON
string). The instructions for generating this configuration are given at
<a href="https://cloud.google.com/iam/docs/configuring-workload-identity-federation">Configuring workload identity federation</a>.
Note that external account tokens are a natural fit for use as Application
Default Credentials, so consider storing the configuration file in one of
the standard locations consulted for ADC, instead of providing <code>path</code>
explicitly. See <code>credentials_app_default()</code> for more.</dd>
<dt>scopes</dt>
<dd>A character vector of scopes to request. Pick from those listed
at <a href="https://developers.google.com/identity/protocols/oauth2/scopes">https://developers.google.com/identity/protocols/oauth2/scopes</a>.
For certain token flows, the
<code>"https://www.googleapis.com/auth/userinfo.email"</code> scope is unconditionally
included. This grants permission to retrieve the email address associated
with a token; gargle uses this to index cached OAuth tokens. This grants no
permission to view or send email and is generally considered a low-value
scope.</dd></dl>

Arguments

Generate OAuth token for an external account. — oauth_external_token

<dl>

<dt>path</dt>
<dd>JSON containing the workload identity configuration for the
external account, in one of the forms supported for the <code>txt</code> argument of
<code><a href='https://rdrr.io/pkg/jsonlite/man/fromJSON.html'>jsonlite::fromJSON()</a></code> (probably, a file path, although it could be a JSON
string). The instructions for generating this configuration are given at
<a href='https://cloud.google.com/iam/docs/configuring-workload-identity-federation'>Configuring workload identity federation</a>.
Note that external account tokens are a natural fit for use as Application
Default Credentials, so consider storing the configuration file in one of
the standard locations consulted for ADC, instead of providing <code>path</code>
explicitly. See <code>credentials_app_default()</code> for more.</dd>


<dt>scopes</dt>
<dd>A character vector of scopes to request. Pick from those listed
at <a href='https://developers.google.com/identity/protocols/oauth2/scopes'>https://developers.google.com/identity/protocols/oauth2/scopes</a>.
For certain token flows, the
<code>"https://www.googleapis.com/auth/userinfo.email"</code> scope is unconditionally
included. This grants permission to retrieve the email address associated
with a token; gargle uses this to index cached OAuth tokens. This grants no
permission to view or send email and is generally considered a low-value
scope.</dd>

</dl>

oauth_external_token: Generate OAuth token for an external account.

Description

Usage

Arguments