FR: Support custom JWT token creation with ApplicationDefault credentials

[yuri-sergiichuk]

Right now it's not possible to create custom JWT token with firebase-admin SDK on Java and this leads to the problems of credentials confidentiality.

The most efficient way to obtain credentials while you're on AppEngine or GCE - obtain them via GoogleCredential.getApplicationDefault(), or in case of Firebase - FirebaseCredentials.applicationDefault(), but FirebaseAuth.createToken lacks support for this type of credentials.

Implementing application default credentials support for custom JWT tokens will help people not to save their credentials in the VCS or gamble with cumbersome environment variables.

[hiranya911]

This is actually a popular feature request. The problem is application default credentials often don't expose a private key, which is required for token signing. We have communicated this requirement to the core Google cloud team on multiple occasions, and there is some work underway to provide a working solution. We will follow up and try to provide an update soon.

[yuri-sergiichuk]

@hiranya911 thanks for update. We are really waiting for this feature. I hope it could be implemented soon.

[yuri-sergiichuk]

Hello guys,

Are there any updates the the feature?

[hiranya911]

Finally making some progress on this one. Feature under development in the hkj-jwt-sign branch.

[hiranya911]

This has been released.