Impersonate user (domain-wide delegation)

[rttll]

Can this library be used to impersonate a Google Workspace user?

The python version of this library has a method to initiate service-account credentials, and assign a specific user using the with_subject method. Docs. with_subject

I have a service account and have set up domain-wide delegation for it. Here's my code so far:

# service account key
key_file = Rails.application.credentials.oauth[:domain].deep_transform_keys! { |k| k.to_s }
io = StringIO.new(JSON.generate(key_file))
@auth = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: io,
  scope: [Drive::AUTH_DRIVE, Drive::AUTH_DRIVE_FILE]
)

drive = Google::Apis::DriveV3.new
drive.authorization = @auth

# this will fail because not authorized for a user
files = drive.list_files(q: "title contains 'hello' ")

I've looked throughout all the classes here and can't find a way to do this.

My next step will be to do it manually as outlined here if there's no better option.

[haffla]

It's outlined in the README on how to do this. https://github.com/googleapis/google-auth-library-ruby#3-legged-oauth-with-a-service-account