Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support idtoken for external_account type (Workload Identity Federation) #1879

Closed
senthilkumarkj opened this issue Feb 27, 2023 · 1 comment
Closed

Support idtoken for external_account type (Workload Identity Federation) #1879

senthilkumarkj opened this issue Feb 27, 2023 · 1 comment
Assignees
@codyoss
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@senthilkumarkj
Copy link
Contributor

external_account type is used for keyless workload identity described here - https://google.aip.dev/auth/4117

go client supports generating access token for this type - https://pkg.go.dev/golang.org/x/oauth2/google#hdr-Workload_Identity_Federation

ID token generation does not work yet - please refer #1393 (comment)
@senthilkumarkj senthilkumarkj added priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels Feb 27, 2023
@senthilkumarkj senthilkumarkj mentioned this issue Feb 27, 2023
Closed
@senthilkumarkj senthilkumarkj mentioned this issue Mar 8, 2023
Merged
senthilkumarkj pushed a commit to senthilkumarkj/google-api-go-client that referenced this issue Mar 8, 2023
feat(idtoken): add support for external_account.
7026b43 
* Also fix a bug for impersonated_service_account
    * When creds are passed with WithCredentialsFile(), it doesn't work.
    * Pass the option when creating the token source.
* Fixes PR googleapis#1879
senthilkumarkj pushed a commit to senthilkumarkj/google-api-go-client that referenced this issue Mar 13, 2023
feat(idtoken): add support for external_account.
cff29b9 
* Also fix a bug for impersonated_service_account
    * When creds are passed with WithCredentialsFile(), it doesn't work.
    * Pass the option when creating the token source.
* Fixes PR googleapis#1879
codyoss pushed a commit that referenced this issue Mar 14, 2023
@senthilkumarkj
feat(idtoken): add support for external_account (#1897)
64b6ee4 
* Also fix a bug for impersonated_service_account
    * When creds are passed with WithCredentialsFile(), it doesn't work.
    * Pass the option when creating the token source.
* Fixes PR #1879
@senthilkumarkj
Copy link
Contributor Author

This is fixed in PR #1897 and available in v0.113.0 (#1901)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@senthilkumarkj @codyoss