I do not know if this feature is out of scope since Goth first purpose is to generate and retrieve OAuth2 tokens but I'll give it a shot.
This pull request aims to integrate a feature that will provide users a way to fetch a service account identity token from metadata as it is actually possible for access tokens.
Following Google documentation about VM instance metadata, we can retrieve a JSON Web Token from metadata using the identity entry with an audience parameter. (eg. identity?audience=http://www.example.com)
The idea would be to add an other option called :audience when using metadata as source.
wojtekmach
commented
2 years ago
I do not know if this feature is out of scope since Goth first purpose is to generate and retrieve OAuth2 tokens but I'll give it a shot.
This pull request aims to integrate a feature that will provide users a way to fetch a service account identity token from metadata as it is actually possible for access tokens.
Following Google documentation about VM instance metadata, we can retrieve a JSON Web Token from metadata using the
identityentry with an audience parameter. (eg.identity?audience=http://www.example.com)The idea would be to add an other option called
:audiencewhen using metadata as source.If this option is present, we know that we shouldn't query for an access token but for an identity token.