Copyright 2019 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.
Package auth authorizes programs to make HTTP requests to the discovery site.
package auth

import (
	
	
	

	
	
)
OAuth 2.0 Client IDs for the go-discovery (main) and the go-discovery-exp (exp) projects. See https://cloud.google.com/iap/docs/authentication-howto for more details.
const (
	mainClientID = "117187402928-nl3u0qo5l2c2hhsuf2qj8irsfb3l6hfc.apps.googleusercontent.com"
	expClientID  = "55665122702-tk2rogkaalgru7pqibvbltqs7geev8j5.apps.googleusercontent.com"
)
NewClient creates an http.Client for accessing go-discovery services. Its first argument is the JSON contents of a service account credentials file. If nil, default credentials are used. Its second argument determines which client ID to use.
func ( context.Context,  []byte,  bool) ( *http.Client,  error) {
	defer derrors.Wrap(&, "auth.NewClient(jsonCreds, %t)", )
	,  := idtokenArgs(, )
	return idtoken.NewClient(, , ...)
}
Header returns a header value (typically a Bearer token) to be used in the HTTP 'Authorization' header.
func ( context.Context,  []byte,  bool) ( string,  error) {
	defer derrors.Wrap(&, "auth.Header(jsonCreds, %t)", )

	,  := idtokenArgs(, )
	,  := idtoken.NewTokenSource(, , ...)
	if  != nil {
		return "", 
	}
	,  := .Token()
	if  != nil {
		return "", fmt.Errorf("TokenSource.Token(): %v", )
This is a dummy request to get the authorization header.
	,  := http.NewRequest("GET", "http://localhost", nil)
	if  != nil {
		return "", fmt.Errorf("http.NewRequest(): %v", )
	}
	.SetAuthHeader()
	return .Header.Get("Authorization"), nil
}

func ( []byte,  bool) (string, []idtoken.ClientOption) {
	var  []idtoken.ClientOption
	if len() > 0 {
		 = append(, idtoken.WithCredentialsJSON())
	}
	 := mainClientID
	if  {
		 = expClientID
	}
	return ,