Open cameron-bowery opened 1 year ago
@cameron-bowery thanks!
v1.3
Hi, I tried impersonating (service_account) with the two examples I could find
Tried
source = {:service_account, credentials, scopes: scopes, sub: sub}
as suggested hereAlso tried setting the sub in the claims as suggested in the docs here
claims = %{sub: sub} Goth.Token.fetch(source: {:service_account, credentials, [claims: claims]})
but the scope and the claims can't coexist with the way the library is setup
Invalid OAuth scope or ID token audience provided.
So after looking through the codebase, I realized that the claims could contain the scope. From what I can tell, this is not indicated anywhere in the docs:
claims = %{sub: sub, scope: scope}
This was the only why I was able to successfully impersonate. Unless there are any objections, I'd like to add this to both the inline docs and the README with a PR.
ps. it expect claims to be a map with string keys, so use claims = %{"sub" => sub, "scope" => scope}
v1.3
Hi, I tried impersonating (service_account) with the two examples I could find
Tried
source = {:service_account, credentials, scopes: scopes, sub: sub}
as suggested hereAlso tried setting the sub in the claims as suggested in the docs here
but the scope and the claims can't coexist with the way the library is setup
Invalid OAuth scope or ID token audience provided.
So after looking through the codebase, I realized that the claims could contain the scope. From what I can tell, this is not indicated anywhere in the docs:
claims = %{sub: sub, scope: scope}
This was the only why I was able to successfully impersonate. Unless there are any objections, I'd like to add this to both the inline docs and the README with a PR.