GetDefaultEmail is a helper method for users on GCE or the 2nd generation GAE environment.

GetUserClaims will return the Google identity claim set if it exists in the context.

IAMClaimsDecoderFunc is an auth.ClaimsDecoderFunc for GCP identity tokens.

IAMVerifyFunc auth.VerifyFunc wrapper around the IAMClaimSet.

IdentityClaimsDecoderFunc is an auth.ClaimsDecoderFunc for GCP identity tokens.

IdentityVerifyFunc auth.VerifyFunc wrapper around the IdentityClaimSet.

NewAuthenticator will instantiate a new Authenticator, which can be used for verifying a number of authentication styles within the Google Cloud Platform ecosystem.

NewContextIAMTokenSource returns an oauth2.TokenSource that uses Google's IAM services to sign a JWT with the default service account and the given audience.

NewDefaultIAMVerifier will verify tokens that have the same default service account as the server running this verifier.

NewDefaultIdentityVerifier will verify tokens that have the same default service account as the server running this verifier.

NewIAMPublicKeySource returns a PublicKeySource that uses the Google IAM service for fetching public keys of a given service account.

NewIAMTokenSource returns an oauth2.TokenSource that uses Google's IAM services to sign a JWT with the default service account and the given audience.

NewIdentityPublicKeySource fetches Google's public oauth2 certificates to be used with the auth.Verifier tool.

NewIdentityTokenSource will use the GCP metadata services to generate GCP Identity tokens.

ValidIAMClaims ensures the token audience issuers matches expectations.

ValidIdentityClaims ensures the token audience and issuers match expectations.

VerifyIAMEmails is an auth.VerifyFunc that ensures IAMClaimSets are valid and have the expected email and audience in their payload.

VerifyIdentityEmails is an auth.VerifyFunc that ensures IdentityClaimSets are valid and have the expected email and audience in their payload.

Issuers contains the known Google account issuers for identity tokens.

IAMClaimSet contains just an email for service account identification.

IAMConfig contains the information required for generating or verifying IAM JWTs.

IdentityClaimSet holds all the expected values for the various versions of the GCP identity token.

IdentityConfig contains the information required for generating or verifying identity JWTs.

ContextTokenSource is an oauth2.TokenSource that is capable of running on the 1st generation App Engine environment because it can create a urlfetch.Client from the given context.