feat: Get id token for impersonated service account #579
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
gjvanahee
changed the title
…d with an IdToken feat: Allow Impersonated SA Credentials to make requests authenticated with an IdToken chore: Removed uncommented code
gjvanahee
force-pushed
the
get-id-token-for-impersonated-service-account
branch
from
4b0089f to
48554e6
Compare
|
Hi @gjvanahee ! This looks great, thank you for contributing this. Coincidentally, I was just working on this in #580! We will get this merged soon, and then merge your additions as well. |
|
Hey @bshaffer, That is great to hear! Let me know if I can help out. |
|
@gjvanahee If you'd like to help, you could use test #580 in your own use-case. I would love to have you review it! I'll use the tests you've written in this PR as well to make sure it works the same. Thanks again |
|
Closing this PR as it should be completely implemented by #580 |
Hello, thanks for a maintaining a great sdk. In order to autenticate impersonated service accounts with e.g. a Cloud Run service, the ISAC IdToken has to be fetched for a given target audience.
I have made this PR to allow this using the
ImpersonatedServiceAccountCredentialsclass, so theAuthTokenMiddlewarecan use it to add the ISAC IdToken to a request. The change also allowsApplicationDefaultCredentials::getIdTokenMiddleware()andgetIdTokenCredentials()to findImpersonatedServiceAccountCredentials.