feat: workload identity federation support (#698)
Using workload identity federation, applications can access Google Cloud resources from Amazon Web Services (AWS), Microsoft Azure or any identity provider that supports OpenID Connect (OIDC). Workload identity federation is recommended for non-Google Cloud environments as it avoids the need to download, manage and store service account private keys locally.
This includes a rollforward of the [previous reverted PR](https://github.com/googleapis/google-auth-library-python/pull/686) and the [fix](https://github.com/googleapis/google-auth-library-python/pull/686) to not pass scopes to user credentials from `google.auth.default()`.
diff --git a/docs/reference/google.auth.aws.rst b/docs/reference/google.auth.aws.rst
new file mode 100644
index 0000000..9c3966b
--- /dev/null
+++ b/docs/reference/google.auth.aws.rst
@@ -0,0 +1,7 @@
+google.auth.aws module
+======================
+
+.. automodule:: google.auth.aws
+ :members:
+ :inherited-members:
+ :show-inheritance:
diff --git a/docs/reference/google.auth.external_account.rst b/docs/reference/google.auth.external_account.rst
new file mode 100644
index 0000000..0681eaa
--- /dev/null
+++ b/docs/reference/google.auth.external_account.rst
@@ -0,0 +1,7 @@
+google.auth.external\_account module
+====================================
+
+.. automodule:: google.auth.external_account
+ :members:
+ :inherited-members:
+ :show-inheritance:
diff --git a/docs/reference/google.auth.identity_pool.rst b/docs/reference/google.auth.identity_pool.rst
new file mode 100644
index 0000000..48d9902
--- /dev/null
+++ b/docs/reference/google.auth.identity_pool.rst
@@ -0,0 +1,7 @@
+google.auth.identity\_pool module
+=================================
+
+.. automodule:: google.auth.identity_pool
+ :members:
+ :inherited-members:
+ :show-inheritance:
diff --git a/docs/reference/google.auth.rst b/docs/reference/google.auth.rst
index 3acf7df..e21eaf9 100644
--- a/docs/reference/google.auth.rst
+++ b/docs/reference/google.auth.rst
@@ -23,11 +23,14 @@
:maxdepth: 4
google.auth.app_engine
+ google.auth.aws
google.auth.credentials
google.auth._credentials_async
google.auth.environment_vars
google.auth.exceptions
+ google.auth.external_account
google.auth.iam
+ google.auth.identity_pool
google.auth.impersonated_credentials
google.auth.jwt
google.auth.jwt_async
diff --git a/docs/reference/google.oauth2.rst b/docs/reference/google.oauth2.rst
index 6f3ba50..2a8a7a5 100644
--- a/docs/reference/google.oauth2.rst
+++ b/docs/reference/google.oauth2.rst
@@ -17,3 +17,5 @@
google.oauth2.id_token
google.oauth2.service_account
google.oauth2._service_account_async
+ google.oauth2.sts
+ google.oauth2.utils
diff --git a/docs/reference/google.oauth2.sts.rst b/docs/reference/google.oauth2.sts.rst
new file mode 100644
index 0000000..49d99df
--- /dev/null
+++ b/docs/reference/google.oauth2.sts.rst
@@ -0,0 +1,7 @@
+google.oauth2.sts module
+========================
+
+.. automodule:: google.oauth2.sts
+ :members:
+ :inherited-members:
+ :show-inheritance:
diff --git a/docs/reference/google.oauth2.utils.rst b/docs/reference/google.oauth2.utils.rst
new file mode 100644
index 0000000..5b039ea
--- /dev/null
+++ b/docs/reference/google.oauth2.utils.rst
@@ -0,0 +1,7 @@
+google.oauth2.utils module
+==========================
+
+.. automodule:: google.oauth2.utils
+ :members:
+ :inherited-members:
+ :show-inheritance: