Skip to content
This repository was archived by the owner on Mar 6, 2026. It is now read-only.

feat: experimental service account iam endpoint flow for id token#1258

Merged
arithmetic1728 merged 6 commits intomainfrom
id_token_jwt
Mar 28, 2023
Merged

feat: experimental service account iam endpoint flow for id token#1258
arithmetic1728 merged 6 commits intomainfrom
id_token_jwt

Conversation

@arithmetic1728
Copy link
Copy Markdown
Contributor

@arithmetic1728 arithmetic1728 commented Mar 24, 2023
edited
Loading

For service account credentials, implement a new ID token flow which uses iam.generateIdToken endpoint. This feature is currently experimental since iam endpoint doesn't support setAzpToEmail option yet. The ID token generated by this new flow will have a different azp claim (it uses id instead of email)

Design doc: go/googleapis-auth-id-token-iam-for-tpc

Example usage:

from google.oauth2 import service_account
import google.auth.transport.requests

cred = service_account.IDTokenCredentials.from_service_account_file(
    '/usr/local/google/home/sijunliu/wks/creds/nondca/srv.json',
    target_audience = "https://pubsub.googleapis.com",
)

# Trigger IAM endpoint flow.
# Note this feature is still experimental since setAzpToEmail is
# not supported yet
cred = cred._with_use_iam_endpoint(True)
req = google.auth.transport.requests.Request()

cred.refresh(req)
print(cred.token)

@arithmetic1728 arithmetic1728 marked this pull request as ready for review March 27, 2023 21:59
@arithmetic1728 arithmetic1728 requested review from a team, clundin25 and wangyutongg March 27, 2023 21:59
clundin25
clundin25 reviewed Mar 28, 2023
View reviewed changes
Comment thread google/oauth2/service_account.py
clundin25
clundin25 reviewed Mar 28, 2023
View reviewed changes
Comment thread google/oauth2/service_account.py
@arithmetic1728 arithmetic1728 merged commit 8ff0de5 into main Mar 28, 2023
@arithmetic1728 arithmetic1728 deleted the id_token_jwt branch March 28, 2023 18:59
@release-please release-please Bot mentioned this pull request Mar 28, 2023
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@wangyutongg wangyutongg Awaiting requested review from wangyutongg

1 more reviewer

@clundin25 clundin25 clundin25 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arithmetic1728 @clundin25