diff --git a/google/auth/external_account.py b/google/auth/external_account.py
index a87f92ea4..eb216fb72 100644
--- a/google/auth/external_account.py
+++ b/google/auth/external_account.py
@@ -443,6 +443,7 @@ def validate_token_url(token_url):
             "^sts\\.googleapis\\.com$",
             "^sts\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$",
             "^[^\\.\\s\\/\\\\]+\\-sts\\.googleapis\\.com$",
+            "^sts\\-[^\\.\\s\\/\\\\]+\\.p\\.googleapis\\.com$",
         ]
 
         if not Credentials.is_valid_url(_TOKEN_URL_PATTERNS, token_url):
@@ -455,6 +456,7 @@ def validate_service_account_impersonation_url(url):
             "^iamcredentials\\.googleapis\\.com$",
             "^iamcredentials\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$",
             "^[^\\.\\s\\/\\\\]+\\-iamcredentials\\.googleapis\\.com$",
+            "^iamcredentials\\-[^\\.\\s\\/\\\\]+\\.p\\.googleapis\\.com$",
         ]
 
         if not Credentials.is_valid_url(
diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
index 2bef7d971..78f7254cb 100644
Binary files a/system_tests/secrets.tar.enc and b/system_tests/secrets.tar.enc differ
diff --git a/tests/test_external_account.py b/tests/test_external_account.py
index a289b5df9..920aa34ea 100644
--- a/tests/test_external_account.py
+++ b/tests/test_external_account.py
@@ -289,6 +289,7 @@ def test_valid_token_url_shall_pass_validation(self):
             "https://us-east-1-sts.googleapis.com",
             "https://US-WEST-1-sts.googleapis.com",
             "https://us-west-1-sts.googleapis.com/path?query",
+            "https://sts-us-east-1.p.googleapis.com",
         ]
 
         for url in valid_urls:
@@ -316,6 +317,15 @@ def test_invalid_token_url_shall_throw_exceptions(self):
             "https://us- -1.sts.googleapis.com",
             "https://-sts.googleapis.com",
             "https://us-east-1.sts.googleapis.com.evil.com",
+            "https://sts.pgoogleapis.com",
+            "https://p.googleapis.com",
+            "https://sts.p.com",
+            "http://sts.p.googleapis.com",
+            "https://xyz-sts.p.googleapis.com",
+            "https://sts-xyz.123.p.googleapis.com",
+            "https://sts-xyz.p1.googleapis.com",
+            "https://sts-xyz.p.foo.com",
+            "https://sts-xyz.p.foo.googleapis.com",
         ]
 
         for url in invalid_urls:
@@ -335,6 +345,7 @@ def test_valid_service_account_impersonation_url_shall_pass_validation(self):
             "https://us-east-1-iamcredentials.googleapis.com",
             "https://US-WEST-1-iamcredentials.googleapis.com",
             "https://us-west-1-iamcredentials.googleapis.com/path?query",
+            "https://iamcredentials-us-east-1.p.googleapis.com",
         ]
 
         for url in valid_urls:
@@ -362,6 +373,15 @@ def test_invalid_service_account_impersonate_url_shall_throw_exceptions(self):
             "https://us- -1.iamcredentials.googleapis.com",
             "https://-iamcredentials.googleapis.com",
             "https://us-east-1.iamcredentials.googleapis.com.evil.com",
+            "https://iamcredentials.pgoogleapis.com",
+            "https://p.googleapis.com",
+            "https://iamcredentials.p.com",
+            "http://iamcredentials.p.googleapis.com",
+            "https://xyz-iamcredentials.p.googleapis.com",
+            "https://iamcredentials-xyz.123.p.googleapis.com",
+            "https://iamcredentials-xyz.p1.googleapis.com",
+            "https://iamcredentials-xyz.p.foo.com",
+            "https://iamcredentials-xyz.p.foo.googleapis.com",
         ]
 
         for url in invalid_urls: