I am building a Ruby service that connects to a Google Cloud Endpoint using a Service Account. When passing the JWT generated so far, I'm getting an invalid token error, so I've been troubleshooting where I'm going wrong and am currently concluding it's due to the mismatched iss value of my token.
To build the JWT for access, I am passing a JSON keyfile to Google::Auth::ServiceAccountCredentials.make_creds, following the instructions set forth in the README.
I verify the value of @issuer of my authorizer is the service account email address. However, when the JWT is encoded and returned to me via fetch_access_token!, I test the contents of my token using jwt.io, but the iss value is showing up as https://accounts.google.com instead of my expected service account email address.
My question is: why isn't iss set to the value of @issuer and how do I get this set to my service account email address?
I am building a Ruby service that connects to a Google Cloud Endpoint using a Service Account. When passing the JWT generated so far, I'm getting an invalid token error, so I've been troubleshooting where I'm going wrong and am currently concluding it's due to the mismatched
issvalue of my token.To build the JWT for access, I am passing a JSON keyfile to
Google::Auth::ServiceAccountCredentials.make_creds, following the instructions set forth in the README.Example:
where keyfile is defined as
and scope is defined as
I verify the value of
@issuerof my authorizer is the service account email address. However, when the JWT is encoded and returned to me viafetch_access_token!, I test the contents of my token using jwt.io, but theissvalue is showing up ashttps://accounts.google.cominstead of my expected service account email address.My question is: why isn't
issset to the value of@issuerand how do I get this set to my service account email address?