How to generate ID token from default service account ? (`metadata`) - Githubissues

peburrows / goth

Elixir package for Oauth authentication via Google Cloud APIs

http://hexdocs.pm/goth

MIT License

284 stars 108 forks source link

How to generate ID token from default service account ? (`metadata`) #120

Closed Zat42 closed 2 years ago

Zat42 commented 2 years ago

To generate an ID token from a service account key file, I setup Goth like this :

credentials = "GOOGLE_APPLICATION_CREDENTIALS_JSON" |> System.fetch_env!() |> Jason.decode!()
source = {:service_account, credentials, ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"]}

This is working fine and I can get an ID token that can be decoded and used for authentication. But if I deploy this instance to Cloud Run and use the default service account :

source = {:metadata, scopes: ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"]}

I can't get the ID token anymore and it always return an access token instead of an ID token

Also, :metadata is working fine for PubSub but not for ID token / audience. Any idea?

Zat42 commented 2 years ago

Edit: After checking deeper into code, this is actually not possible. I'll try to make a pull request to handle this if not out of scope.

Zat42 commented 2 years ago

Pull request : #121