Open macMikey opened 2 weeks ago
if you're cool with it, i propose changing the OAuth2Provicer class behavior as follows: if name is "Google" and permission is "service", use a property called something like googleServiceAccountKey, or serviceAccountKey, which is the json that google gives you when you create a service account, and use that to populate the various properties of the object, including adding the jit header.
when using oauth2 with a google service account, it would be simpler, if the dev could supply their google service account json file. said file includes the following properties:
this does not include every field that is required to request a jwt. for example, what you are calling the tenant (google calls it the sub), the scopes, and key would also be required to support a google service account.