EqualCacheKeys returns true if keys are equal.

EqualTokens returns true if tokens are equal.

NewGCETokenProvider returns TokenProvider that knows how to use GCE metadata server.

NewIAMTokenProvider returns TokenProvider that uses SignBlob IAM API to sign assertions on behalf of some service account.

NewLUCIContextTokenProvider returns TokenProvider that knows how to use a local auth server to mint tokens.

NewServiceAccountTokenProvider returns TokenProvider that uses service account private key (on disk or in memory) to make access tokens.

NewUserAuthTokenProvider returns TokenProvider that can perform 3-legged OAuth flow involving interaction with a user.

TokenExpiresIn returns True if the token is not valid or expires within given duration.

TokenExpiresInRnd is like TokenExpiresIn, except it slightly randomizes the token expiration time.

CacheFilename is a name of the file with all cached tokens.

GCAccessTokenMaxAge defines when to remove unused access tokens from the disk cache.

GCRefreshTokenMaxAge defines when to remove unused refresh tokens from the disk cache.

NoEmail indicates an OAuth2 token is not associated with an email.

UnknownEmail indicates an OAuth2 token may potentially be associated with an email, but we haven't tried to fetch the email yet.

ErrBadCredentials is returned by MintToken or RefreshToken if provided offline credentials (like service account key) are invalid.

ErrBadRefreshToken is returned by RefreshToken if refresh token was revoked or otherwise invalid.

ErrInsufficientAccess is returned by MintToken() if token can't be minted for given OAuth scopes.

ProcTokenCache is shared in-process cache to use if disk cache is disabled.

CacheKey identifies a slot in the token cache to store the token in.

DiskTokenCache implements TokenCache on top of a file.

MemoryTokenCache implements TokenCache on top of in-process memory.

Token is an oauth2.Token with an email that corresponds to it.

TokenCache stores access and refresh tokens to avoid requesting them all the time.

TokenProvider knows how to mint new tokens or refresh existing ones.