https://github.com/bakins/iap-token-source

Go oauth2 Token Source for client authentication with GCP Identity Aware Proxy
https://github.com/bakins/iap-token-source

go golang google-cloud grpc iap oauth2

Last synced: 2 months ago
JSON representation

Go oauth2 Token Source for client authentication with GCP Identity Aware Proxy

• Host: GitHub
• URL: https://github.com/bakins/iap-token-source
• Owner: bakins
• License: apache-2.0
• Archived: true
• Created: 2019-04-30T13:08:10.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2020-06-16T14:18:10.000Z (almost 6 years ago)
• Last Synced: 2025-08-13T23:57:47.142Z (7 months ago)
• Topics: go, golang, google-cloud, grpc, iap, oauth2
• Language: Go
• Homepage:
• Size: 2.04 MB
• Stars: 5
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
Deprecated:  use https://pkg.go.dev/google.golang.org/api/idtoken?tab=doc

[![GoDoc](https://godoc.org/github.com/bakins/iap-token-source?status.svg)](https://godoc.org/github.com/bakins/iap-token-source)

[![CircleCI](https://circleci.com/gh/bakins/iap-token-source.svg?style=svg)](https://circleci.com/gh/bakins/iap-token-source)

# iap-token-source

Go package that provides an [oauth2 token source](https://godoc.org/golang.org/x/oauth2#TokenSource) to use

for authentication to services secured with [Google Identity Aware Proxy](https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_service_account).

## Status

Under development.  This has been tested with only a few IAP configurations.

## Usage

Note: this package only works with [Google Service Accounts](https://cloud.google.com/iam/docs/understanding-service-accounts)

This package can be used to authenticate HTTP and gRPC clients with [Google's Identity Aware Proxy](https://cloud.google.com/iap/) (better known as 

"IAP").

By default, the package uses [Application Default Credentials](https://cloud.google.com/video-intelligence/docs/common/auth#authenticating_with_application_default_credentials) - it will use the service account key at the path specified in the environment 

variable `GOOGLE_APPLICATION_CREDENTIALS`.

See the [gRPC](./examples/grpc/) and [HTTP](./examples/http/) examples for more information.

## References

* Huge thanks to https://github.com/b4b4r07/iap_curl which provided great examples.

* https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_service_account

## LICENSE

See [LICENSE](./LICENSE)