New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generating an id_token from a UserCredential #1803
Comments
You can authenticate individual users but it's rather a manual step, and you would need different code for dev than for prod. I will flag this issue internally to the Auth team so that we can explore the possibilities of supporting this use case better. But, even if the decision is made to add this support, it will probably be across libraries for all languages, so it will take some time to plan and actually execute. I'm sorry I cannot give you a better answer. |
Thank you for the super fast answer @amanda-tarafa! That's a bit unfortunate to hear and it would be awesome if it would just work™, but I guess the simple workaround is to use a separate service account per developer for now. I'l close this issue as my question has been answered 🙌 |
We have received an internal request to support this use case as well. (FYI @matejr) I did flagged this issue to the Auth team a couple of weeks ago, but I forgot to add it to our own backlog. I'll be doing so shortly. Still no guarantees that this will get done sooner or later. |
@flagbug , @matejr, We are working on #1838 which addresses #1312 by adding support for impersonated credentials. It's not exactly the use case requested by this issue, but it might help you. Given a UserCredential, you will be able to impersonate a ServiceAccountCredential, the resulting impersonated credential will support OIDC tokens. |
cloud run,gcf allows for usercredential's id_tokens as auth but thats bit of a misuse of those tokens in the first place (eg,, the token from the correct approach here woudl be to use the directed |
I'd like to generate an
id_token
that I can use to call an authenticated Google Cloud Run service with this library. I'd like to use the Application Default Credentials for this, so developers can run the exact same code locally on their machine, as well as on Compute engine.The code I came up with is the following:
Unfortunately this breaks down with
System.InvalidOperationException: UnderlyingCredential is not an OIDC token provider. Only ServiceAccountCredential, ComputeCredential are supported OIDC token providers.
atGetOidcTokenAsync
Optimally I'd like to strongly avoid having every developer download a service account key file locally on their machine and rather just have them run
gcloud auth application-default login
to save their own credentials.Is this something that's supposed to work with this library? If not, is there a better way to achieve this, rather than generating and downloading a service account key?
The text was updated successfully, but these errors were encountered: