diff --git a/google/internal/externalaccount/basecredentials.go b/google/internal/externalaccount/basecredentials.go
index 2bf5391..9fc3553 100644
--- a/google/internal/externalaccount/basecredentials.go
+++ b/google/internal/externalaccount/basecredentials.go
@@ -74,12 +74,14 @@ var (
 		regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
 		regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
 		regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
+		regexp.MustCompile(`(?i)^sts-[^\.\s\/\\]+\.p\.googleapis\.com$`),
 	}
 	validImpersonateURLPatterns = []*regexp.Regexp{
 		regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
 		regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
 		regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
 		regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
+		regexp.MustCompile(`^iamcredentials-[^\.\s\/\\]+\.p\.googleapis\.com$`),
 	}
 	validWorkforceAudiencePattern *regexp.Regexp = regexp.MustCompile(`//iam\.googleapis\.com/locations/[^/]+/workforcePools/`)
 )
diff --git a/google/internal/externalaccount/basecredentials_test.go b/google/internal/externalaccount/basecredentials_test.go
index 5aa0d46..05e0127 100644
--- a/google/internal/externalaccount/basecredentials_test.go
+++ b/google/internal/externalaccount/basecredentials_test.go
@@ -231,6 +231,16 @@ func TestValidateURLTokenURL(t *testing.T) {
 		{"https://", false},
 		{"http://us-east-1.sts.googleapis.com", false},
 		{"https://us-east-1.sts.googleapis.comevil.com", false},
+		{"https://sts-xyz.p.googleapis.com", true},
+		{"https://sts.pgoogleapis.com", false},
+		{"https://p.googleapis.com", false},
+		{"https://sts.p.com", false},
+		{"http://sts.p.googleapis.com", false},
+		{"https://xyz-sts.p.googleapis.com", false},
+		{"https://sts-xyz.123.p.googleapis.com", false},
+		{"https://sts-xyz.p1.googleapis.com", false},
+		{"https://sts-xyz.p.foo.com", false},
+		{"https://sts-xyz.p.foo.googleapis.com", false},
 	}
 	ctx := context.Background()
 	for _, tt := range urlValidityTests {
@@ -287,6 +297,16 @@ func TestValidateURLImpersonateURL(t *testing.T) {
 		{"https://", false},
 		{"http://us-east-1.iamcredentials.googleapis.com", false},
 		{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
+		{"https://iamcredentials-xyz.p.googleapis.com", true},
+		{"https://iamcredentials.pgoogleapis.com", false},
+		{"https://p.googleapis.com", false},
+		{"https://iamcredentials.p.com", false},
+		{"http://iamcredentials.p.googleapis.com", false},
+		{"https://xyz-iamcredentials.p.googleapis.com", false},
+		{"https://iamcredentials-xyz.123.p.googleapis.com", false},
+		{"https://iamcredentials-xyz.p1.googleapis.com", false},
+		{"https://iamcredentials-xyz.p.foo.com", false},
+		{"https://iamcredentials-xyz.p.foo.googleapis.com", false},
 	}
 	ctx := context.Background()
 	for _, tt := range urlValidityTests {