fix: Add delegates support

Get the delegates from the input JSON and use them in the refreshToken requests.

Updates #515

google/google.go

@@ -122,6 +122,7 @@ type credentialsFile struct {
 	TokenURLExternal               string                           `json:"token_url"`
 	TokenInfoURL                   string                           `json:"token_info_url"`
 	ServiceAccountImpersonationURL string                           `json:"service_account_impersonation_url"`
+	Delegates                      []string                         `json:"delegates"`
 	CredentialSource               externalaccount.CredentialSource `json:"credential_source"`
 	QuotaProjectID                 string                           `json:"quota_project_id"`
 	WorkforcePoolUserProject       string                           `json:"workforce_pool_user_project"`
@@ -198,7 +199,7 @@ func (f *credentialsFile) tokenSource(ctx context.Context, params CredentialsPar
 			Url:       f.ServiceAccountImpersonationURL,
 			Scopes:    params.Scopes,
 			Ts:        oauth2.ReuseTokenSource(nil, sourceToken),
-			// Delegates?? -> I don't know how to manage and how to use them here
+			Delegates: f.Delegates,
 		}
 		return oauth2.ReuseTokenSource(nil, imp), nil
 	case "":

google/internal/externalaccount/impersonate.go

@@ -41,6 +41,8 @@ type ImpersonateTokenSource struct {
 	Url string
 	// scopes to include in the access token request
 	Scopes []string
+	// Delegates for impersonation to include in the access token request
+	Delegates []string
 }
 
 // Token performs the exchange to get a temporary service account token to allow access to GCP.
@@ -48,6 +50,7 @@ func (its ImpersonateTokenSource) Token() (*oauth2.Token, error) {
 	reqBody := generateAccessTokenReq{
 		Lifetime:  "3600s",
 		Scope:     its.Scopes,
+		Delegates: its.Delegates,
 	}
 	b, err := json.Marshal(reqBody)
 	if err != nil {