Closed gjvanahee closed 1 month ago
google-cla[bot]
commented
2 months ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
bshaffer
commented
1 month ago Hi @gjvanahee ! This looks great, thank you for contributing this.
Coincidentally, I was just working on this in https://github.com/googleapis/google-auth-library-php/pull/580! We will get this merged soon, and then merge your additions as well.
gjvanahee
commented
1 month ago Hey @bshaffer, That is great to hear! Let me know if I can help out.
bshaffer
commented
1 month ago @gjvanahee If you'd like to help, you could use test https://github.com/googleapis/google-auth-library-php/pull/580 in your own use-case. I would love to have you review it!
composer require google/auth:dev-add-impersonated-service-account-credentialsI'll use the tests you've written in this PR as well to make sure it works the same.
Thanks again
bshaffer
commented
1 month ago Closing this PR as it should be completely implemented by https://github.com/googleapis/google-auth-library-php/pull/580
Hello, thanks for a maintaining a great sdk. In order to autenticate impersonated service accounts with e.g. a Cloud Run service, the ISAC IdToken has to be fetched for a given target audience.
I have made this PR to allow this using the
ImpersonatedServiceAccountCredentialsclass, so theAuthTokenMiddlewarecan use it to add the ISAC IdToken to a request. The change also allowsApplicationDefaultCredentials::getIdTokenMiddleware()andgetIdTokenCredentials()to findImpersonatedServiceAccountCredentials.