Question: is it possible to request an ID token from outside of GCP for a SA?

Question

Question: is it possible to request an ID token from outside of GCP for a SA?

Li-ReDBox opened this issue 5 years ago · 1 comments

I am not sure if you could possibly help me. I have seen you have published lots of token related articles so I am hoping you could give me some hints.

The case is that my code runs on my machine outside of GCP. I read from somewhere that using SA's private key sign a JWT and send it to a Google's token endpoint, it should return an ID token. I then can use it to call apis or cloud functions.

My questions are:

What claims should be included in the JWT?
Where should the request be sent to?

Thanks.

Answer 1 · 2020-06-10T07:15:05.000Z

After adding claim target_audience, I can get ID token.