idtoken: Impersonation support #777
Comments
codyoss
added
the
type: feature request
|
Yes, this is something that I would like to add. The work has just not been prioritized yet. I will update this issue when there are plans to add this support in. |
codyoss
changed the title
|
@codyoss I took a pass at implementing this! |
|
Thank you for your interests in this feature! I am going to hold off on reviewing the PR for now though as we are still figuring out the impersonation story across the various languages we support for our clients today, this is one reason the feature is in an experimental status today. I will post back here when I have a better picture of what we would like to support. In the meantime though you still should be able to do this style of impersonation today, it just takes a little more work. Use the impersonation option to create an iamcredentials.Service. Then you can use the GenerateIdToken to get an idtoken. Hope that helps in the meantime. |
|
Sounds good, thanks! |
|
Thanks for understanding! |
|
Please try out our impersonate preview and feel free to provide any feedback: https://github.com/googleapis/google-api-go-client/releases/tag/v0.44.0-impersonate-preview |
|
@codyoss – works great, thanks! Any idea when the new package will be generally released? |
|
Thank you! |
|
Now in a main release: https://github.com/googleapis/google-api-go-client/releases/tag/v0.46.0 |
Fix issue with project url configuration
Error: googleapi: got HTTP response code 404 with body: <!DOCTYPE html>
<html lang=en>
<meta charset=utf-8>
<meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
<title>Error 404 (Not Found)!!1</title>
<style>
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:googleapis#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:googleapis#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlel
ogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
</style>
<a href=//www.google.com/><span id=logo aria-label=Google></span></a>
<p><b>404.</b> <ins>That’s an error.</ins>
<p>The requested URL <code>/v1/cudium-272f5/remoteConfig</code> was not found on this server. <ins>That’s all we know.</ins>
#625 added support for impersonating service accounts where clients authenticate with an access token. It does not support ID tokens, generated with
projects.serviceAccounts.generateIdToken. Theidtokenpackage accordingly does not support impersonation:google-api-go-client/idtoken/idtoken.go
Lines 81 to 83 in c9160e8
I would like to use my application default credentials to impersonate a service account to authenticate to Cloud Run. Any plans to support impersonation in the
idtokenpackage?The text was updated successfully, but these errors were encountered: