Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

feat: experimental service account iam endpoint flow for id token #1258

Merged
merged 6 commits into from
Mar 28, 2023
Merged

feat: experimental service account iam endpoint flow for id token #1258

merged 6 commits into from
Mar 28, 2023

Conversation

arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Mar 24, 2023
edited
Loading

For service account credentials, implement a new ID token flow which uses iam.generateIdToken endpoint. This feature is currently experimental since iam endpoint doesn't support setAzpToEmail option yet. The ID token generated by this new flow will have a different azp claim (it uses id instead of email)

Design doc: go/googleapis-auth-id-token-iam-for-tpc

Example usage:

from google.oauth2 import service_account
import google.auth.transport.requests

cred = service_account.IDTokenCredentials.from_service_account_file(
    '/usr/local/google/home/sijunliu/wks/creds/nondca/srv.json',
    target_audience = "https://pubsub.googleapis.com",
)

# Trigger IAM endpoint flow.
# Note this feature is still experimental since setAzpToEmail is
# not supported yet
cred = cred._with_use_iam_endpoint(True)
req = google.auth.transport.requests.Request()

cred.refresh(req)
print(cred.token)

@arithmetic1728 arithmetic1728 marked this pull request as ready for review March 27, 2023 21:59
@arithmetic1728 arithmetic1728 requested review from a team as code owners March 27, 2023 21:59
@arithmetic1728 arithmetic1728 merged commit 8ff0de5 into main Mar 28, 2023
@arithmetic1728 arithmetic1728 deleted the id_token_jwt branch March 28, 2023 18:59
@release-please release-please bot mentioned this pull request Mar 28, 2023
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@clundin25 clundin25 clundin25 approved these changes

@wangyutongg wangyutongg Awaiting requested review from wangyutongg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arithmetic1728 @clundin25