### Get HTTP Client from Context Source: https://pkg.go.dev/golang.org/x/oauth2/internal Retrieves an http.Client from a context. This is useful for associating an http.Client with a request context. ```go func ContextClient(ctx context.Context) *http.Client ``` -------------------------------- ### Get OAuth 2.0 Scopes from SDKConfig Source: https://pkg.go.dev/golang.org/x/oauth2/google Retrieves the OAuth 2.0 scopes that the current account is authorized for. ```go func (c *SDKConfig) Scopes() []string ``` -------------------------------- ### LazyAuthStyleCache.Get Source: https://pkg.go.dev/golang.org/x/oauth2/internal Get initializes and returns the AuthStyleCache for LazyAuthStyleCache. ```APIDOC ## (*LazyAuthStyleCache) Get ### Description Initializes the `AuthStyleCache` if it hasn't been already and returns a pointer to it. ### Method Signature ```go func (lc *LazyAuthStyleCache) Get() *AuthStyleCache ``` ``` -------------------------------- ### Get Default HTTP Client with Auth Source: https://pkg.go.dev/golang.org/x/oauth2/google Retrieves an HTTP client that uses the default token source for authentication. Useful for making authenticated requests. ```go func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) ``` -------------------------------- ### Get HTTP Client from SDKConfig Source: https://pkg.go.dev/golang.org/x/oauth2/google Returns an HTTP client authorized with Google Cloud SDK credentials. The token automatically refreshes as needed. The underlying http.RoundTripper is obtained from the provided context. Do not modify the returned client or its Transport. ```go func (c *SDKConfig) Client(ctx context.Context) *http.Client ``` -------------------------------- ### Pinterest OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Defines the authorization and token URLs for Pinterest's OAuth2 service. Refer to Pinterest's developer documentation for setup instructions. ```go var Pinterest = oauth2.Endpoint{ AuthURL: "https://www.pinterest.com/oauth", TokenURL: "https://api.pinterest.com/v5/oauth/token", } ``` -------------------------------- ### Get Default Token Source Source: https://pkg.go.dev/golang.org/x/oauth2/google Returns the token source for Application Default Credentials. This is a shortcut for FindDefaultCredentials(ctx, scope).TokenSource. ```go func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSource, error) ``` -------------------------------- ### Get HTTP Client with Auto-Refreshing Token Source: https://pkg.go.dev/golang.org/x/oauth2/clientcredentials Obtains an HTTP client that automatically refreshes its access token as needed. The returned http.Client and its Transport should not be modified. ```go func (c *Config) Client(ctx context.Context) *http.Client ``` -------------------------------- ### ImpersonateTokenSource Token Method Source: https://pkg.go.dev/golang.org/x/oauth2/google/internal/impersonate Performs the exchange to get a temporary service account token to allow access to GCP. This method is part of the ImpersonateTokenSource type. ```go func (its ImpersonateTokenSource) Token() (*oauth2.Token, error) ``` -------------------------------- ### Get TokenSource from SDKConfig Source: https://pkg.go.dev/golang.org/x/oauth2/google Returns an oauth2.TokenSource that retrieves tokens from Google Cloud SDK credentials using the provided context. It provides the current access token and refreshes it when expired, but does not update the credentials with the new token. ```go func (c *SDKConfig) TokenSource(ctx context.Context) oauth2.TokenSource ``` -------------------------------- ### ImpersonateTokenSource.Token Method Source: https://pkg.go.dev/golang.org/x/oauth2/google/internal/impersonate The Token method performs the exchange to get a temporary service account token, allowing access to GCP resources. It uses the configured Ctx, Ts, URL, Scopes, Delegates, and TokenLifetimeSeconds to make the request. ```APIDOC ## func (ImpersonateTokenSource) Token() ### Description Token performs the exchange to get a temporary service account token to allow access to GCP. ### Method Signature func (its ImpersonateTokenSource) Token() (*oauth2.Token, error) ``` -------------------------------- ### Create HTTP Client with Token Source: https://pkg.go.dev/golang.org/x/oauth2 Client returns an HTTP client that automatically refreshes tokens. The underlying transport is obtained from the provided context. Do not modify the returned client or its Transport. ```go func (c *Config) Client(ctx context.Context, t *Token) *http.Client ``` -------------------------------- ### Get AuthStyleCache from LazyAuthStyleCache Source: https://pkg.go.dev/golang.org/x/oauth2/internal Retrieves the AuthStyleCache from a LazyAuthStyleCache. This method is part of the lazy initialization mechanism. ```go func (lc *LazyAuthStyleCache) Get() *AuthStyleCache ``` -------------------------------- ### Create HTTP Client with TokenSource Source: https://pkg.go.dev/golang.org/x/oauth2 Creates an *http.Client from a context.Context and TokenSource. The returned client is not valid beyond the lifetime of the context. If src is nil, a non-OAuth2 client is returned. ```go func NewClient(ctx context.Context, src TokenSource) *http.Client ``` -------------------------------- ### Get Token Type Source: https://pkg.go.dev/golang.org/x/oauth2 Returns the token type, defaulting to "Bearer" if TokenType is empty. ```go func (t *Token) Type() string ``` -------------------------------- ### Create PKCE Verifier Option Source: https://pkg.go.dev/golang.org/x/oauth2 Returns a PKCE code verifier AuthCodeOption. Should only be passed to Config.Exchange or Config.DeviceAccessToken. ```go func VerifierOption(verifier string) AuthCodeOption ``` -------------------------------- ### Create SDKConfig for Google Cloud SDK Account Source: https://pkg.go.dev/golang.org/x/oauth2/google Creates an SDKConfig for a specified Google Cloud SDK account. If the account is empty, it defaults to the currently active account. Requires Google Cloud SDK credentials to be pre-configured using `gcloud auth`. ```go func NewSDKConfig(account string) (*SDKConfig, error) ``` -------------------------------- ### Config.Client Source: https://pkg.go.dev/golang.org/x/oauth2/jira Client returns an HTTP client wrapping the context's HTTP transport and adding Authorization headers with tokens obtained from c. The returned client and its Transport should not be modified. ```APIDOC ## Config.Client ### Description Client returns an HTTP client wrapping the context's HTTP transport and adding Authorization headers with tokens obtained from c. The returned client and its Transport should not be modified. ### Method func (c *Config) Client(ctx context.Context) *http.Client ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response (200) - ***http.Client** (pointer to http.Client) - An HTTP client with Authorization headers. #### Response Example None ``` -------------------------------- ### Config.Client Source: https://pkg.go.dev/golang.org/x/oauth2/jwt Client returns an HTTP client wrapping the context's HTTP transport and adding Authorization headers with tokens obtained from c. The returned client and its Transport should not be modified. ```APIDOC ## func (*Config) Client ### Description Client returns an HTTP client wrapping the context's HTTP transport and adding Authorization headers with tokens obtained from c. The returned client and its Transport should not be modified. ### Signature ```go func (c *Config) Client(ctx context.Context) *http.Client ``` ``` -------------------------------- ### Create JWT Config from JSON Source: https://pkg.go.dev/golang.org/x/oauth2/google Uses a Google Developers service account JSON key file to create a JWT configuration. Download a JSON key file from the Google Cloud Console 'Credentials' page for your project. ```go func JWTConfigFromJSON(jsonKey []byte, scope ...string) (*jwt.Config, error) ``` -------------------------------- ### Get HipChat Server Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/hipchat Returns an OAuth2 endpoint for a HipChat Server instance. Provide the host or domain of your HipChat Server. ```go func ServerEndpoint(host string) oauth2.Endpoint ``` -------------------------------- ### Define Bitbucket OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Bitbucket. ```go var Bitbucket = oauth2.Endpoint{ AuthURL: "https://bitbucket.org/site/oauth2/authorize", TokenURL: "https://bitbucket.org/site/oauth2/access_token", } ``` -------------------------------- ### AWS Cognito Endpoint Configuration Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this function to get an oauth2.Endpoint for AWS Cognito. Provide your Cognito User Pool's domain. ```go func AWSCognito(domain string) oauth2.Endpoint ``` -------------------------------- ### Create OAuth2 Config from JSON Source: https://pkg.go.dev/golang.org/x/oauth2/google Constructs an oauth2.Config from a Google Developers client_credentials.json file. Ensure the JSON key is provided as a byte slice. ```go func ConfigFromJSON(jsonKey []byte, scope ...string) (*oauth2.Config, error) ``` -------------------------------- ### SDKConfig.Client Source: https://pkg.go.dev/golang.org/x/oauth2/google Client returns an http.Client configured with the SDKConfig's credentials and scopes. ```APIDOC ## SDKConfig.Client ### Description Client returns an http.Client configured with the SDKConfig's credentials and scopes. ### Method func (c *SDKConfig) Client(ctx context.Context) *http.Client ``` -------------------------------- ### Define Battlenet OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Battlenet. ```go var Battlenet = oauth2.Endpoint{ AuthURL: "https://battle.net/oauth/authorize", TokenURL: "https://battle.net/oauth/token", } ``` -------------------------------- ### Create a Static Token Source Source: https://pkg.go.dev/golang.org/x/oauth2 Returns a TokenSource that always returns the same token. Useful for tokens that never expire. ```go func StaticTokenSource(t *Token) TokenSource ``` -------------------------------- ### Get Extra Field from Token Source: https://pkg.go.dev/golang.org/x/oauth2 Retrieves an extra field from the token. Extra fields are key-value pairs returned by the server as part of the token retrieval response. ```go func (t *Token) Extra(key string) any ``` -------------------------------- ### NewClient Source: https://pkg.go.dev/golang.org/x/oauth2 Creates an http.Client from a context.Context and TokenSource. The returned client is not valid beyond the lifetime of the context. If src is nil, a non-OAuth2 client is returned. ```APIDOC ## func NewClient ### Signature ```go func NewClient(ctx context.Context, src TokenSource) *http.Client ``` ### Description NewClient creates an *http.Client from a context.Context and TokenSource. The returned client is not valid beyond the lifetime of the context. Note that if a custom *http.Client is provided via the context.Context it is used only for token acquisition and is not used to configure the *http.Client returned from NewClient. As a special case, if src is nil, a non-OAuth2 client is returned using the provided context. This exists to support related OAuth2 packages. ``` -------------------------------- ### Get Universe Domain for Credentials Source: https://pkg.go.dev/golang.org/x/oauth2/google GetUniverseDomain retrieves the default service domain for a Google Cloud universe. It caches the result from UniverseDomainProvider if available. The default is 'googleapis.com'. ```go func (c *Credentials) GetUniverseDomain() (string, error) ``` -------------------------------- ### Asgardeo Endpoint Configuration Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Returns an oauth2.Endpoint for Asgardeo. Specify the tenant name. ```go func AsgardeoEndpoint(tenant string) oauth2.Endpoint ``` -------------------------------- ### Config.Client Source: https://pkg.go.dev/golang.org/x/oauth2 Creates an HTTP client that automatically refreshes tokens as needed. It uses the provided context for the underlying HTTP transport. ```APIDOC ## Config.Client ### Description Returns an HTTP client using the provided token. The token will auto-refresh as necessary. The underlying HTTP transport will be obtained using the provided context. The returned client and its Transport should not be modified. ### Method (*Config) Client ### Parameters - **ctx** (context.Context) - The context for the HTTP transport. - **t** (*Token) - The token to use for authentication. ### Returns - *http.Client - An HTTP client configured with the provided token. ``` -------------------------------- ### Get Token Source for Auto-Refreshing Tokens Source: https://pkg.go.dev/golang.org/x/oauth2/clientcredentials Returns an oauth2.TokenSource that automatically refreshes the token using the client ID and secret. Most users should prefer using Config.Client instead. ```go func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource ``` -------------------------------- ### Define Coinbase OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Coinbase. ```go var Coinbase = oauth2.Endpoint{ AuthURL: "https://login.coinbase.com/oauth2/auth", TokenURL: "https://login.coinbase.com/oauth2/token", } ``` -------------------------------- ### DefaultClient Source: https://pkg.go.dev/golang.org/x/oauth2/google DefaultClient returns an HTTP Client that uses the DefaultTokenSource to obtain authentication credentials. This is a convenient way to get an authenticated HTTP client for making requests to Google APIs. ```APIDOC ## func DefaultClient ### Description DefaultClient returns an HTTP Client that uses the DefaultTokenSource to obtain authentication credentials. ### Signature ```go func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) ``` ``` -------------------------------- ### Create PKCE S256 Challenge Option Source: https://pkg.go.dev/golang.org/x/oauth2 Derives a PKCE code challenge from a verifier with method S256. Should be passed to Config.AuthCodeURL or Config.DeviceAuth. ```go func S256ChallengeOption(verifier string) AuthCodeOption ``` -------------------------------- ### Create External Account TokenSource in Go Source: https://pkg.go.dev/golang.org/x/oauth2/google/externalaccount Returns an external account TokenSource using the provided external account configuration. This is used to authenticate with Google Cloud using external identities. ```go func NewTokenSource(ctx context.Context, conf Config) (oauth2.TokenSource, error) ``` -------------------------------- ### ReuseTokenSource Function Source: https://pkg.go.dev/golang.org/x/oauth2 ReuseTokenSource returns a TokenSource that repeatedly returns the same token as long as it's valid, starting with the provided token. When the cached token is invalid, a new token is obtained from the source. This is useful for caching tokens between program runs. ```APIDOC ## func ReuseTokenSource ```go func ReuseTokenSource(t *Token, src TokenSource) TokenSource ``` ReuseTokenSource returns a TokenSource which repeatedly returns the same token as long as it's valid, starting with t. When its cached token is invalid, a new token is obtained from src. ReuseTokenSource is typically used to reuse tokens from a cache (such as a file on disk) between runs of a program, rather than obtaining new tokens unnecessarily. The initial token t may be nil, in which case the TokenSource is wrapped in a caching version if it isn't one already. This also means it's always safe to wrap ReuseTokenSource around any other TokenSource without adverse effects. ``` -------------------------------- ### Config.Client Source: https://pkg.go.dev/golang.org/x/oauth2/clientcredentials Client returns an HTTP client using the provided token. The token will auto-refresh as necessary. The returned http.Client and its Transport should not be modified. ```APIDOC ## func (c *Config) Client ### Description Client returns an HTTP client using the provided token. The token will auto-refresh as necessary. ### Method Signature func (c *Config) Client(ctx context.Context) *http.Client ``` -------------------------------- ### Obtain Google Credentials from JSON with Type and Params Source: https://pkg.go.dev/golang.org/x/oauth2/google Use CredentialsFromJSONWithTypeAndParams to get Google credentials from JSON data, ensuring they match the specified type. It's crucial to validate external credential configurations before use to prevent security risks. ```go func CredentialsFromJSONWithTypeAndParams(ctx context.Context, jsonData []byte, credType CredentialsType, params CredentialsParams) (*Credentials, error) ``` -------------------------------- ### NewSDKConfig Source: https://pkg.go.dev/golang.org/x/oauth2/google NewSDKConfig creates a new SDKConfig with the specified account. ```APIDOC ## NewSDKConfig ### Description NewSDKConfig creates a new SDKConfig with the specified account. ### Method func NewSDKConfig(account string) (*SDKConfig, error) ``` -------------------------------- ### Get Deprecated Universe Domain for Credentials Source: https://pkg.go.dev/golang.org/x/oauth2/google UniverseDomain returns the default service domain, defaulting to 'googleapis.com'. Use GetUniverseDomain instead, as it supports metadata server authentication and GetUniverseDomain will always return the default value when authenticating via the GCE metadata server. ```go func (c *Credentials) UniverseDomain() string ``` -------------------------------- ### Initiate Device Authorization Flow Source: https://pkg.go.dev/golang.org/x/oauth2 DeviceAuth returns a device authorization response, including a device code and verification URI, for users to authenticate on another device. ```go func (c *Config) DeviceAuth(ctx context.Context, opts ...AuthCodeOption) (*DeviceAuthResponse, error) ``` -------------------------------- ### Define Apple OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this for "Sign in with Apple" integration. ```go var Apple = oauth2.Endpoint{ AuthURL: "https://appleid.apple.com/auth/authorize", TokenURL: "https://appleid.apple.com/auth/token", } ``` -------------------------------- ### Shopify Endpoint Configuration Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Returns an oauth2.Endpoint for a Shopify store. The host should be the shop's domain name, without a scheme. ```go func Shopify(host string) oauth2.Endpoint ``` -------------------------------- ### MediaMath Sandbox OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Defines the authorization and token URLs for the MediaMath Sandbox environment. Use this for testing integrations before going live. ```go var MediaMathSandbox = oauth2.Endpoint{ AuthURL: "https://t1sandbox.mediamath.com/oauth2/v1.0/authorize", TokenURL: "https://t1sandbox.mediamath.com/oauth2/v1.0/token", } ``` -------------------------------- ### AsgardeoEndpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Returns a new oauth2.Endpoint for the given tenant. ```APIDOC ## AsgardeoEndpoint ### Description Asgardeo returns a new oauth2.Endpoint for the given tenant. Documentation: https://wso2.com/asgardeo/docs/guides/authentication/oidc/discover-oidc-configs/ ### Function Signature ```go func AsgardeoEndpoint(tenant string) oauth2.Endpoint ``` ``` -------------------------------- ### NewSDKConfig Source: https://pkg.go.dev/golang.org/x/oauth2/google Creates an SDKConfig for the given Google Cloud SDK account. If the account is empty, the currently active account in Google Cloud SDK properties is used. Ensure Google Cloud SDK credentials are created by running `gcloud auth` before using this function. ```APIDOC ## func NewSDKConfig ¶ ``` func NewSDKConfig(account string) (*SDKConfig, error) ``` ### Description Creates an SDKConfig for the given Google Cloud SDK account. If account is empty, the account currently active in Google Cloud SDK properties is used. Google Cloud SDK credentials must be created by running `gcloud auth` before using this function. The Google Cloud SDK is available at https://cloud.google.com/sdk/. ### Parameters #### Path Parameters - **account** (string) - Required - The Google Cloud SDK account to use. If empty, the active account is used. ``` -------------------------------- ### ContextClient Source: https://pkg.go.dev/golang.org/x/oauth2/internal ContextClient retrieves an http.Client from a context. This is useful for passing HTTP clients through contexts, especially when custom configurations are needed. ```APIDOC ## ContextClient ### Description Retrieves an http.Client from the provided context. ### Function Signature ```go func ContextClient(ctx context.Context) *http.Client ``` ``` -------------------------------- ### Find Default Google Credentials with Parameters Source: https://pkg.go.dev/golang.org/x/oauth2/google FindDefaultCredentialsWithParams searches for Application Default Credentials. It checks environment variables, gcloud configurations, and metadata servers on Google Cloud platforms. ```go func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsParams) (*Credentials, error) ``` -------------------------------- ### Config Struct Definition Source: https://pkg.go.dev/golang.org/x/oauth2/jwt Defines the configuration for JWT-based OAuth 2.0 token fetching. Includes fields for client credentials, private keys, scopes, token URLs, and custom claims. ```go type Config struct { // Email is the OAuth client identifier used when communicating with // the configured OAuth provider. Email string // PrivateKey contains the contents of an RSA private key or the // contents of a PEM file that contains a private key. The provided // private key is used to sign JWT payloads. // PEM containers with a passphrase are not supported. // Use the following command to convert a PKCS 12 file into a PEM. // // $ openssl pkcs12 -in key.p12 -out key.pem -nodes // PrivateKey []byte // PrivateKeyID contains an optional hint indicating which key is being // used. PrivateKeyID string // Subject is the optional user to impersonate. Subject string // Scopes optionally specifies a list of requested permission scopes. Scopes []string // TokenURL is the endpoint required to complete the 2-legged JWT flow. TokenURL string // Expires optionally specifies how long the token is valid for. Expires time.Duration // Audience optionally specifies the intended audience of the // request. If empty, the value of TokenURL is used as the // intended audience. Audience string // PrivateClaims optionally specifies custom private claims in the JWT. // See http://tools.ietf.org/html/draft-jones-json-web-token-10#section-4.3 PrivateClaims map[string]any // UseIDToken optionally specifies whether ID token should be used instead // of access token when the server returns both. UseIDToken bool } ``` -------------------------------- ### Define Dropbox OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Dropbox. ```go var Dropbox = oauth2.Endpoint{ AuthURL: "https://www.dropbox.com/oauth2/authorize", TokenURL: "https://api.dropboxapi.com/oauth2/token", } ``` -------------------------------- ### Define Fitbit OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Fitbit. ```go var Fitbit = oauth2.Endpoint{ AuthURL: "https://www.fitbit.com/oauth2/authorize", TokenURL: "https://api.fitbit.com/oauth2/token", } ``` -------------------------------- ### OAuth2 Configuration Structure Source: https://pkg.go.dev/golang.org/x/oauth2 Describes a typical 3-legged OAuth2 flow, including client application information and server endpoint URLs. For client credentials flow, see the clientcredentials package. ```go type Config struct { ClientID string ClientSecret string Endpoint Endpoint RedirectURL string Scopes []string // contains filtered or unexported fields } ``` -------------------------------- ### Define Asana OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Asana. ```go var Asana = oauth2.Endpoint{ AuthURL: "https://app.asana.com/-/oauth_authorize", TokenURL: "https://app.asana.com/-/oauth_token", } ``` -------------------------------- ### Shopify Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Returns a new oauth2.Endpoint for the supplied shop domain name. ```APIDOC ## Shopify ### Description Shopify returns a new oauth2.Endpoint for the supplied shop domain name. host should be a hostname, without any scheme prefix. Documentation: https://shopify.dev/docs/apps/auth/oauth ### Function Signature ```go func Shopify(host string) oauth2.Endpoint ``` ``` -------------------------------- ### Create a Reusable Token Source Source: https://pkg.go.dev/golang.org/x/oauth2 Returns a TokenSource that repeatedly returns the same token as long as it's valid, obtaining a new one from src when needed. Useful for caching tokens between program runs. ```go func ReuseTokenSource(t *Token, src TokenSource) TokenSource ``` -------------------------------- ### GenerateVerifier Source: https://pkg.go.dev/golang.org/x/oauth2 GenerateVerifier generates a PKCE code verifier with 32 octets of randomness. This follows recommendations in RFC 7636. A fresh verifier should be generated for each authorization. The resulting verifier should be passed to Config.AuthCodeURL or Config.DeviceAuth with S256ChallengeOption, and to Config.Exchange or Config.DeviceAccessToken with VerifierOption. ```APIDOC ## func GenerateVerifier ### Description GenerateVerifier generates a PKCE code verifier with 32 octets of randomness. This follows recommendations in RFC 7636. A fresh verifier should be generated for each authorization. The resulting verifier should be passed to Config.AuthCodeURL or Config.DeviceAuth with S256ChallengeOption, and to Config.Exchange or Config.DeviceAccessToken with VerifierOption. ### Signature ```go func GenerateVerifier() string ``` ``` -------------------------------- ### SDKConfig.Client Source: https://pkg.go.dev/golang.org/x/oauth2/google Returns an HTTP client using Google Cloud SDK credentials to authorize requests. The token will auto-refresh as necessary. The underlying http.RoundTripper will be obtained using the provided context. The returned client and its Transport should not be modified. ```APIDOC ## func (*SDKConfig) Client ¶ ``` func (c *SDKConfig) Client(ctx context.Context) *http.Client ``` ### Description Client returns an HTTP client using Google Cloud SDK credentials to authorize requests. The token will auto-refresh as necessary. The underlying http.RoundTripper will be obtained using the provided context. The returned client and its Transport should not be modified. ### Parameters #### Path Parameters - **ctx** (context.Context) - Required - The context for the request. ``` -------------------------------- ### Define Google OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Google, including device authorization. ```go var Google = oauth2.Endpoint{ AuthURL: "https://accounts.google.com/o/oauth2/auth", TokenURL: "https://oauth2.googleapis.com/token", DeviceAuthURL: "https://oauth2.googleapis.com/device/code", } ``` -------------------------------- ### Generate PKCE S256 Challenge Source: https://pkg.go.dev/golang.org/x/oauth2 Returns a PKCE code challenge derived from a verifier with method S256. Prefer to use S256ChallengeOption where possible. ```go func S256ChallengeFromVerifier(verifier string) string ``` -------------------------------- ### Define GitLab OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for GitLab, including device authorization. ```go var GitLab = oauth2.Endpoint{ AuthURL: "https://gitlab.com/oauth/authorize", TokenURL: "https://gitlab.com/oauth/token", DeviceAuthURL: "https://gitlab.com/oauth/authorize_device", } ``` -------------------------------- ### Create Token Source for Automatic Refresh Source: https://pkg.go.dev/golang.org/x/oauth2 TokenSource returns a TokenSource that provides a token and automatically refreshes it as needed. Most users should prefer using Config.Client instead. ```go func (c *Config) TokenSource(ctx context.Context, t *Token) TokenSource ``` -------------------------------- ### Define Authentication Style Source: https://pkg.go.dev/golang.org/x/oauth2 Represents how requests for tokens are authenticated to the server. Options include AutoDetect, InParams, and InHeader. ```go type AuthStyle int ``` ```go const ( AuthStyleAutoDetect AuthStyle = 0 AuthStyleInParams AuthStyle = 1 AuthStyleInHeader AuthStyle = 2 ) ``` -------------------------------- ### S256ChallengeOption Source: https://pkg.go.dev/golang.org/x/oauth2 S256ChallengeOption derives a PKCE code challenge from the verifier with method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAuth only. ```APIDOC ## func S256ChallengeOption ### Signature ```go func S256ChallengeOption(verifier string) AuthCodeOption ``` ### Description S256ChallengeOption derives a PKCE code challenge from the verifier with method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAuth only. ``` -------------------------------- ### Create Reusable Token Source with Configurable Expiry Buffer Source: https://pkg.go.dev/golang.org/x/oauth2 Returns a TokenSource similar to ReuseTokenSource, but with a configurable expiry buffer. The expiration time is calculated as t.Expiry.Add(-earlyExpiry). ```go func ReuseTokenSourceWithExpiry(t *Token, src TokenSource, earlyExpiry time.Duration) TokenSource ``` -------------------------------- ### TokenSourceWithPKCE - OAuth2 Three-Legged Flow with PKCE Source: https://pkg.go.dev/golang.org/x/oauth2/authhandler An enhanced TokenSource supporting PKCE for the three-legged OAuth 2.0 flow. PKCE adds code challenge and verifier mechanisms to prevent CSRF attacks. The caller must generate these at runtime. ```go func TokenSourceWithPKCE(ctx context.Context, config *oauth2.Config, state string, authHandler AuthorizationHandler, pkce *PKCEParams) oauth2.TokenSource ``` -------------------------------- ### Define LiveConnectEndpoint for Windows Live ID Source: https://pkg.go.dev/golang.org/x/oauth2/microsoft Defines the OAuth 2.0 endpoint for Windows Live ID. Use this for authentication with Windows Live services. ```go var LiveConnectEndpoint = oauth2.Endpoint{ AuthURL: "https://login.live.com/oauth20_authorize.srf", TokenURL: "https://login.live.com/oauth20_token.srf", } ``` -------------------------------- ### Config Struct for Client Credentials Flow Source: https://pkg.go.dev/golang.org/x/oauth2/clientcredentials Defines the configuration parameters for the client credentials OAuth2 flow, including client ID, secret, token URL, and optional scopes or endpoint parameters. ```go type Config struct { // ClientID is the application's ID. ClientID string // ClientSecret is the application's secret. ClientSecret string // TokenURL is the resource server's token endpoint // URL. This is a constant specific to each server. TokenURL string // Scopes specifies optional requested permissions. Scopes []string // EndpointParams specifies additional parameters for requests to the token endpoint. EndpointParams url.Values // AuthStyle optionally specifies how the endpoint wants the // client ID & client secret sent. The zero value means to // auto-detect. AuthStyle oauth2.AuthStyle // contains filtered or unexported fields } ``` -------------------------------- ### Config.Token Source: https://pkg.go.dev/golang.org/x/oauth2/clientcredentials Token uses client credentials to retrieve a token. The provided context optionally controls which HTTP client is used. ```APIDOC ## func (c *Config) Token ### Description Token uses client credentials to retrieve a token. The provided context optionally controls which HTTP client is used. ### Method Signature func (c *Config) Token(ctx context.Context) (*oauth2.Token, error) ``` -------------------------------- ### Define Kakao OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Kakao. ```go var KaKao = oauth2.Endpoint{ ``` -------------------------------- ### Create JWT Access Token Source with Scope Source: https://pkg.go.dev/golang.org/x/oauth2/google Creates a TokenSource from a Google service account JSON key file, generating a JWT for authentication. This is an optimization for specific Google services and not a standard OAuth2 flow. Prefer JWTConfigFromJSON unless this direct JWT method is required. ```go func JWTAccessTokenSourceWithScope(jsonKey []byte, scope ...string) (oauth2.TokenSource, error) ``` -------------------------------- ### TokenSource Method for Config Source: https://pkg.go.dev/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser Returns an OAuth2 TokenSource from the Config. This method is used to obtain a token source that can be used to make authenticated API requests. Ensure the Config is properly initialized. ```go func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) ``` -------------------------------- ### AzureAD Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Returns a new oauth2.Endpoint for the given tenant at Azure Active Directory. ```APIDOC ## AzureAD ### Description AzureAD returns a new oauth2.Endpoint for the given tenant at Azure Active Directory. If tenant is empty, it uses the tenant called `common`. For more information see: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints ### Function Signature ```go func AzureAD(tenant string) oauth2.Endpoint ``` ``` -------------------------------- ### Format Struct for External Account Credentials Source: https://pkg.go.dev/golang.org/x/oauth2/google/externalaccount Defines the structure for specifying how to retrieve subject tokens from files or URLs. Use 'text' for simple token responses and 'json' when the token is within a JSON object, specifying the field name. ```go type Format struct { // Type should be either "text" or "json". This determines whether the file or URL sourced credentials // expect a simple text subject token or if the subject token will be contained in a JSON object. // When not provided "text" type is assumed. Type string `json:"type"` // SubjectTokenFieldName is only required for JSON format. This is the field name that the credentials will check // for the subject token in the file or URL response. This would be "access_token" for azure. SubjectTokenFieldName string `json:"subject_token_field_name"` } ``` -------------------------------- ### DefaultClient Source: https://pkg.go.dev/golang.org/x/oauth2/google DefaultClient returns an http.Client configured with default credentials and specified scopes. It automatically determines the best way to authenticate based on the environment. ```APIDOC ## DefaultClient ### Description DefaultClient returns an http.Client configured with default credentials and specified scopes. It automatically determines the best way to authenticate based on the environment. ### Method func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) ``` -------------------------------- ### Set Authorization URL Parameter Source: https://pkg.go.dev/golang.org/x/oauth2 Builds an AuthCodeOption which passes key/value parameters to a provider's authorization endpoint. ```go func SetAuthURLParam(key, value string) AuthCodeOption ``` -------------------------------- ### Config Struct Source: https://pkg.go.dev/golang.org/x/oauth2/google/externalaccount The Config struct holds all the necessary configuration parameters for fetching tokens using external credentials. ```APIDOC ## Config Struct ### Description Config stores the configuration for fetching tokens with external credentials. ### Fields - **Audience** (string) - Required - The Secure Token Service (STS) audience which contains the resource name for the workload identity pool or the workforce pool and the provider identifier in that pool. - **SubjectTokenType** (string) - Required - The STS token type based on the Oauth2.0 token exchange spec. Expected values include: "urn:ietf:params:oauth:token-type:jwt", "urn:ietf:params:oauth:token-type:id-token", "urn:ietf:params:oauth:token-type:saml2", "urn:ietf:params:aws:token-type:aws4_request". - **TokenURL** (string) - Optional - The STS token exchange endpoint. If not provided, will default to https://sts.UNIVERSE_DOMAIN/v1/token, with UNIVERSE_DOMAIN set to the default service domain googleapis.com unless UniverseDomain is set. - **TokenInfoURL** (string) - Optional - The token_info endpoint used to retrieve the account related information (user attributes like account identifier, eg. email, username, uid, etc). This is needed for gCloud session account identification. - **ServiceAccountImpersonationURL** (string) - Optional - The URL for the service account impersonation request. This is only required for workload identity pools when APIs to be accessed have not integrated with UberMint. - **ServiceAccountImpersonationLifetimeSeconds** (int) - Optional - The number of seconds the service account impersonation token will be valid for. If not provided, it will default to 3600. - **ClientSecret** (string) - Optional - Currently only required if token_info endpoint also needs to be called with the generated GCP access token. When provided, STS will be called with additional basic authentication using ClientId as username and ClientSecret as password. - **ClientID** (string) - Optional - Only required in conjunction with ClientSecret, as described above. - **CredentialSource** (*CredentialSource) - Optional - Contains the necessary information to retrieve the token itself, as well as some environmental information. One of SubjectTokenSupplier, AWSSecurityCredentialSupplier or CredentialSource must be provided. - **QuotaProjectID** (string) - Optional - Injected by gCloud. If the value is non-empty, the Auth libraries will set the x-goog-user-project header which overrides the project associated with the credentials. - **Scopes** ([]string) - Optional - Contains the desired scopes for the returned access token. - **WorkforcePoolUserProject** (string) - Optional - The workforce pool user project number when the credential corresponds to a workforce pool and not a workload identity pool. The underlying principal must still have serviceusage.services.use IAM permission to use the project for billing/quota. - **SubjectTokenSupplier** (SubjectTokenSupplier) - Optional - An optional token supplier for OIDC/SAML credentials. One of SubjectTokenSupplier, AWSSecurityCredentialSupplier or CredentialSource must be provided. - **AwsSecurityCredentialsSupplier** (AwsSecurityCredentialsSupplier) - Optional - An AWS Security Credential supplier for AWS credentials. One of SubjectTokenSupplier, AWSSecurityCredentialSupplier or CredentialSource must be provided. - **UniverseDomain** (string) - Optional - The default service domain for a given Cloud universe. This value will be used in the default STS token URL. The default value is "googleapis.com". It will not be used if TokenURL is set. ``` -------------------------------- ### Define Ebay OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Ebay. ```go var Endpoint = oauth2.Endpoint{ AuthURL: "https://auth.ebay.com/oauth2/authorize", TokenURL: "https://api.ebay.com/identity/v1/oauth2/token", } ``` -------------------------------- ### PayPal Live OAuth2 Endpoint Configuration Source: https://pkg.go.dev/golang.org/x/oauth2/paypal Use this endpoint configuration for live PayPal transactions. It specifies the authorization and token URLs for the production environment. ```go var Endpoint = oauth2.Endpoint{ AuthURL: "https://www.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize", TokenURL: "https://api.paypal.com/v1/identity/openidconnect/tokenservice", } ``` -------------------------------- ### Define Discord OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Discord. ```go var Discord = oauth2.Endpoint{ AuthURL: "https://discord.com/oauth2/authorize", TokenURL: "https://discord.com/api/oauth2/token", } ``` -------------------------------- ### ClientAuthentication Structure Source: https://pkg.go.dev/golang.org/x/oauth2/google/internal/stsexchange Represents OAuth client credentials and the method for passing them. ```go type ClientAuthentication struct { // AuthStyle can be either basic or request-body AuthStyle oauth2.AuthStyle ClientID string ClientSecret string } ``` -------------------------------- ### Config.DeviceAuth Source: https://pkg.go.dev/golang.org/x/oauth2 Initiates the device authorization flow by returning a device code and authorization information for the user to enter on another device. ```APIDOC ## Config.DeviceAuth ### Description Returns a device auth struct which contains a device code and authorization information provided for users to enter on another device. ### Method (*Config) DeviceAuth ### Parameters - **ctx** (context.Context) - The context for the request. - **opts** (...AuthCodeOption) - Optional parameters for the device authorization request. ### Returns - (*DeviceAuthResponse, error) - A device authorization response and an error if any. ``` -------------------------------- ### Generate PKCE Code Verifier - oauth2 Source: https://pkg.go.dev/golang.org/x/oauth2 Generates a PKCE code verifier with 32 octets of randomness, following RFC 7636 recommendations. A fresh verifier should be generated for each authorization and passed to Config.AuthCodeURL or Config.DeviceAuth with S256ChallengeOption, and to Config.Exchange or Config.DeviceAccessToken with VerifierOption. ```go func GenerateVerifier() string ``` -------------------------------- ### Implement RoundTrip for Transport Source: https://pkg.go.dev/golang.org/x/oauth2 Authorizes and authenticates an HTTP request using an access token from the Transport's Source. ```go func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) ``` -------------------------------- ### Define GitHub OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for GitHub, including device authorization. ```go var GitHub = oauth2.Endpoint{ AuthURL: "https://github.com/login/oauth/authorize", TokenURL: "https://github.com/login/oauth/access_token", DeviceAuthURL: "https://github.com/login/device/code", } ``` -------------------------------- ### Config.TokenSource Source: https://pkg.go.dev/golang.org/x/oauth2/jwt TokenSource returns a JWT TokenSource using the configuration in c and the HTTP client from the provided context. ```APIDOC ## func (*Config) TokenSource ### Description TokenSource returns a JWT TokenSource using the configuration in c and the HTTP client from the provided context. ### Signature ```go func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource ``` ``` -------------------------------- ### Config.TokenSource Source: https://pkg.go.dev/golang.org/x/oauth2/jira TokenSource returns a JWT TokenSource using the configuration in c and the HTTP client from the provided context. ```APIDOC ## Config.TokenSource ### Description TokenSource returns a JWT TokenSource using the configuration in c and the HTTP client from the provided context. ### Method func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response (200) - **oauth2.TokenSource** - A TokenSource for JWT authentication. #### Response Example None ``` -------------------------------- ### Configure JWT Two-Legged OAuth Source: https://pkg.go.dev/golang.org/x/oauth2/jira Config is used for JWT-based token fetching, commonly known as 'two-legged OAuth 2.0'. Set the BaseURL for your app and the Atlassian userkey for Subject. ```go type Config struct { // BaseURL for your app BaseURL string // Subject is the userkey as defined by Atlassian // Different than username (ex: /rest/api/2/user?username=alex) Subject string oauth2.Config } ``` -------------------------------- ### Config Struct for External Account Credentials Source: https://pkg.go.dev/golang.org/x/oauth2/google/internal/externalaccountauthorizeduser Defines the configuration for external account credentials, including audience, tokens, and URLs for STS operations. Use this struct to set up credentials for authorized user access. ```go type Config struct { // Audience is the Secure Token Service (STS) audience which contains the resource name for the workforce pool and // the provider identifier in that pool. Audience string // RefreshToken is the optional OAuth 2.0 refresh token. If specified, credentials can be refreshed. RefreshToken string // TokenURL is the optional STS token exchange endpoint for refresh. Must be specified for refresh, can be left as // None if the token can not be refreshed. TokenURL string // TokenInfoURL is the optional STS endpoint URL for token introspection. TokenInfoURL string // ClientID is only required in conjunction with ClientSecret, as described above. ClientID string // ClientSecret is currently only required if token_info endpoint also needs to be called with the generated GCP // access token. When provided, STS will be called with additional basic authentication using client_id as username // and client_secret as password. ClientSecret string // Token is the OAuth2.0 access token. Can be nil if refresh information is provided. Token string // Expiry is the optional expiration datetime of the OAuth 2.0 access token. Expiry time.Time // RevokeURL is the optional STS endpoint URL for revoking tokens. RevokeURL string // QuotaProjectID is the optional project ID used for quota and billing. This project may be different from the // project used to create the credentials. QuotaProjectID string Scopes []string } ``` -------------------------------- ### Create Token with Extra Fields Source: https://pkg.go.dev/golang.org/x/oauth2 Returns a new Token that is a clone of the original, but with the provided raw extra map. This is intended for use by packages implementing derivative OAuth2 flows. ```go func (t *Token) WithExtra(extra any) *Token ``` -------------------------------- ### PKCEParams Source: https://pkg.go.dev/golang.org/x/oauth2/authhandler PKCEParams holds parameters required to support the Proof Key for Code Exchange (PKCE) flow in OAuth 2.0. ```APIDOC ## PKCEParams ### Description PKCEParams holds parameters to support PKCE. ### Type Definition ```go type PKCEParams struct { Challenge string // The unpadded, base64-url-encoded string of the encrypted code verifier. ChallengeMethod string // The encryption method (ex. S256). Verifier string // The original, non-encrypted secret. } ``` ### Fields - **Challenge** (string) - The unpadded, base64-url-encoded string of the encrypted code verifier. - **ChallengeMethod** (string) - The encryption method (e.g., S256). - **Verifier** (string) - The original, non-encrypted secret. ``` -------------------------------- ### Define Facebook OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for Facebook. ```go var Facebook = oauth2.Endpoint{ AuthURL: "https://www.facebook.com/v22.0/dialog/oauth", TokenURL: "https://graph.facebook.com/v22.0/oauth/access_token", } ``` -------------------------------- ### PayPal Sandbox OAuth2 Endpoint Configuration Source: https://pkg.go.dev/golang.org/x/oauth2/paypal Use this endpoint configuration for testing PayPal integrations in the sandbox environment. It specifies the authorization and token URLs for testing. ```go var SandboxEndpoint = oauth2.Endpoint{ AuthURL: "https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/authorize", TokenURL: "https://api.sandbox.paypal.com/v1/identity/openidconnect/tokenservice", } ``` -------------------------------- ### TokenSource - OAuth2 Three-Legged Flow Source: https://pkg.go.dev/golang.org/x/oauth2/authhandler Returns a TokenSource for the three-legged OAuth 2.0 flow. Requires a complete oauth2.Config, a unique state string for CSRF protection, and a custom AuthorizationHandler for user consent. ```go func TokenSource(ctx context.Context, config *oauth2.Config, state string, authHandler AuthorizationHandler) oauth2.TokenSource ``` -------------------------------- ### Shopify Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Returns the OAuth2 endpoint for Shopify. ```APIDOC ## Shopify ### Description Returns the OAuth2 endpoint configuration for Shopify. ### Function Signature func Shopify(host string) oauth2.Endpoint ### Parameters #### Path Parameters - **host** (string) - Required - The myshopify.com domain for your store (e.g., "your-store-name.myshopify.com"). ``` -------------------------------- ### SDKConfig.TokenSource Source: https://pkg.go.dev/golang.org/x/oauth2/google TokenSource returns a token source configured with the SDKConfig's credentials and scopes. ```APIDOC ## SDKConfig.TokenSource ### Description TokenSource returns a token source configured with the SDKConfig's credentials and scopes. ### Method func (c *SDKConfig) TokenSource(ctx context.Context) oauth2.TokenSource ``` -------------------------------- ### Define CERN OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/endpoints Use this to configure authentication for CERN. ```go var Cern = oauth2.Endpoint{ AuthURL: "https://oauth.web.cern.ch/OAuth/Authorize", TokenURL: "https://oauth.web.cern.ch/OAuth/Token", } ``` -------------------------------- ### PKCEParams Type Definition Source: https://pkg.go.dev/golang.org/x/oauth2/authhandler Defines the structure for holding PKCE parameters, including the code challenge, challenge method, and the original code verifier. ```go type PKCEParams struct { Challenge string // The unpadded, base64-url-encoded string of the encrypted code verifier. ChallengeMethod string // The encryption method (ex. S256). Verifier string // The original, non-encrypted secret. } ``` -------------------------------- ### MediaMath Sandbox OAuth2 Endpoint Source: https://pkg.go.dev/golang.org/x/oauth2/mediamath Use this endpoint for sandbox API access. It defines the authorization and token URLs for MediaMath's OAuth 2.0 flow in a testing environment. ```go var SandboxEndpoint = oauth2.Endpoint{ AuthURL: "https://t1sandbox.mediamath.com/oauth2/v1.0/authorize", TokenURL: "https://t1sandbox.mediamath.com/oauth2/v1.0/token", } ``` -------------------------------- ### TokenSourceWithPKCE Source: https://pkg.go.dev/golang.org/x/oauth2/authhandler An enhanced version of oauth2.TokenSource with PKCE support. It uses the provided context, OAuth2 configuration, state string, AuthorizationHandler, and PKCE parameters to securely obtain access tokens, preventing CSRF attacks through code challenge and verifier mechanisms. ```APIDOC ## TokenSourceWithPKCE ### Description TokenSourceWithPKCE is an enhanced version of oauth2.TokenSource with PKCE support. The pkce parameter supports PKCE flow, which uses code challenge and code verifier to prevent CSRF attacks. A unique code challenge and code verifier should be generated by the caller at runtime. See https://www.oauth.com/oauth2-servers/pkce/ for more info. ### Signature ```go func TokenSourceWithPKCE(ctx context.Context, config *oauth2.Config, state string, authHandler AuthorizationHandler, pkce *PKCEParams) oauth2.TokenSource ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Request Example None ### Response #### Success Response - **oauth2.TokenSource** (oauth2.TokenSource) - A TokenSource that fetches access tokens with PKCE support. #### Response Example None ``` -------------------------------- ### NoContext Default Context - oauth2 Source: https://pkg.go.dev/golang.org/x/oauth2 NoContext is the default context you should supply if not using your own context.Context. Deprecated: Use context.Background or context.TODO instead. ```go var NoContext = context.TODO() ``` -------------------------------- ### FindDefaultCredentialsWithParams Source: https://pkg.go.dev/golang.org/x/oauth2/google Searches for 'Application Default Credentials' by checking various locations including environment variables, gcloud configuration, and metadata servers on Google Cloud platforms. ```APIDOC ## func FindDefaultCredentialsWithParams ### Description FindDefaultCredentialsWithParams searches for "Application Default Credentials". It looks for credentials in the following places, preferring the first location found: 1. A JSON file whose path is specified by the GOOGLE_APPLICATION_CREDENTIALS environment variable. For workload identity federation, refer to https://cloud.google.com/iam/docs/how-to#using-workload-identity-federation on how to generate the JSON configuration file for on-prem/non-Google cloud platforms. 2. A JSON file in a location known to the gcloud command-line tool. On Windows, this is %APPDATA%/gcloud/application_default_credentials.json. On other systems, $HOME/.config/gcloud/application_default_credentials.json. 3. On Google Compute Engine, Google App Engine standard second generation runtimes (>= Go 1.11), and Google App Engine flexible environment, it fetches credentials from the metadata server. ### Signature ```go func FindDefaultCredentialsWithParams(ctx context.Context, params CredentialsParams) (*Credentials, error) ``` ```