Reference documentation and code samples for the googleauth class Google::Auth::OAuth2::STSClient.
OAuth 2.0 Token Exchange Spec.
This module defines a token exchange utility based on theOAuth 2.0 Token Exchangespec. This will be mainly
used to exchange external credentials for GCP access tokens in workload identity pools to
access Google APIs.
The implementation will support various types of client authentication as allowed in the spec.
A deviation on the spec will be for additional Google specific options that cannot be easily
mapped to parameters defined in the RFC.
The returned dictionary response will be based on therfc8693 section 2.2.1spec JSON response.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# googleauth - Class Google::Auth::OAuth2::STSClient (v1.15.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.15.0 (latest)](/ruby/docs/reference/googleauth/latest/Google-Auth-OAuth2-STSClient)\n- [1.14.0](/ruby/docs/reference/googleauth/1.14.0/Google-Auth-OAuth2-STSClient)\n- [1.13.1](/ruby/docs/reference/googleauth/1.13.1/Google-Auth-OAuth2-STSClient)\n- [1.12.2](/ruby/docs/reference/googleauth/1.12.2/Google-Auth-OAuth2-STSClient) \nReference documentation and code samples for the googleauth class Google::Auth::OAuth2::STSClient.\n\nOAuth 2.0 Token Exchange Spec.\nThis module defines a token exchange utility based on the\n[OAuth 2.0 Token Exchange](https://tools.ietf.org/html/rfc8693) spec. This will be mainly\nused to exchange external credentials for GCP access tokens in workload identity pools to\naccess Google APIs.\nThe implementation will support various types of client authentication as allowed in the spec.\n\n\n\u003cbr /\u003e\n\nA deviation on the spec will be for additional Google specific options that cannot be easily\nmapped to parameters defined in the RFC.\nThe returned dictionary response will be based on the [rfc8693 section 2.2.1](https://tools.ietf.org/html/rfc8693#section-2.2.1) spec JSON response. \n\nInherits\n--------\n\n- Object \n\nIncludes\n--------\n\n- [Google::Auth::Helpers::Connection](./Google-Auth-Helpers-Connection)\n\nMethods\n-------\n\n### #exchange_token\n\n def exchange_token(options = {}) -\u003e Hash\n\nExchanges the provided token for another type of token based on the\nrfc8693 spec\n\n\n\u003cbr /\u003e\n\nA callable faraday instance used to make HTTP requests. \n**Parameters**\n\n- **connection** (Faraday instance)\n- **grant_type** (String) --- The OAuth 2.0 token exchange grant type.\n- **subject_token** (String) --- The OAuth 2.0 token exchange subject token.\n- **subject_token_type** (String) --- The OAuth 2.0 token exchange subject token type.\n- **resource** (String) --- The optional OAuth 2.0 token exchange resource field.\n- **audience** (String) --- The optional OAuth 2.0 token exchange audience field.\n- **scopes** (Array\\\u003cString\\\u003e) --- The optional list of scopes to use.\n- **requested_token_type** (String) --- The optional OAuth 2.0 token exchange requested token type.\n- **additional_headers** (Hash\\\u003cString,String\\\u003e) --- : The optional additional headers to pass to the token exchange endpoint. \n**Returns**\n\n- (Hash) --- A hash containing the token exchange response. \n**Raises**\n\n- (ArgumentError) --- If required options are missing\n- ([Google::Auth::AuthorizationError](./Google-Auth-AuthorizationError)) --- If the token exchange request fails\n\n### #initialize\n\n def initialize(options = {}) -\u003e STSClient\n\nCreate a new instance of the STSClient. \n**Parameter**\n\n- **options** (Hash) --- Configuration options \n**Returns**\n\n- ([STSClient](./Google-Auth-OAuth2-STSClient)) --- a new instance of STSClient \n**Raises**\n\n- ([Google::Auth::InitializationError](./Google-Auth-InitializationError)) --- If token_exchange_endpoint is nil\n\nConstants\n---------\n\n### URLENCODED_HEADERS\n\n**value:**{ \"Content-Type\": \"application/x-www-form-urlencoded\" }.freeze"]]
