|
40 | 40 | // Microsoft Azure: https://cloud.google.com/iam/docs/access-resources-azure |
41 | 41 | // OIDC identity provider: https://cloud.google.com/iam/docs/access-resources-oidc |
42 | 42 | // |
43 | | -// For OIDC providers, the library can retrieve OIDC tokens either from a |
44 | | -// local file location (file-sourced credentials) or from a local server |
45 | | -// (URL-sourced credentials). |
| 43 | +// For OIDC and SAML providers, the library can retrieve tokens in three ways: |
| 44 | +// from a local file location (file-sourced credentials), from a server |
| 45 | +// (URL-sourced credentials), or from a local executable (executable-sourced |
| 46 | +// credentials). |
46 | 47 | // For file-sourced credentials, a background process needs to be continuously |
47 | 48 | // refreshing the file location with a new OIDC token prior to expiration. |
48 | 49 | // For tokens with one hour lifetimes, the token needs to be updated in the file |
49 | 50 | // every hour. The token can be stored directly as plain text or in JSON format. |
50 | 51 | // For URL-sourced credentials, a local server needs to host a GET endpoint to |
51 | 52 | // return the OIDC token. The response can be in plain text or JSON. |
52 | 53 | // Additional required request headers can also be specified. |
| 54 | +// For executable-sourced credentials, an application needs to be available to |
| 55 | +// output the OIDC token and other information in a JSON format. |
| 56 | +// For more information on how these work (and how to implement |
| 57 | +// executable-sourced credentials), please check out: |
| 58 | +// https://cloud.google.com/iam/docs/using-workload-identity-federation#oidc |
53 | 59 | // |
54 | 60 | // # Credentials |
55 | 61 | // |
|
0 commit comments