Add Impersonated Service Account as a trusted type in application_default_credentials.json
See original GitHub issueDescription
Currently, the #C
implementation of Google Application Credentials only supports (from application_default_credentials.json file) the following types:
- authorized_user
- service_acccount
- external_account
In order to be aligned with other language implementation (eg. python, golang, etc.) it would be nice to add support to impersonated_service_account type.
Why?
Currently, if a developper want to act as a service account locally (without updating the code base), he needs to use a service account key which is a critical resource (see more below).
.
If the DefaultCredentialsProvider.cs supported this feature, it would be a perfect balance between usability & security.
Issue Analytics
- State:
- Created 6 months ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
How to impersonate a GCP service account from ...
For impersonating a service Account you need the role of Service account token creator. here is an article that explaines this impersonation ......
Read more >How Application Default Credentials works | Authentication
... Authenticate for using REST · Authenticate by using service account impersonation · Authenticate by using API keys. Application Default Credentials.
Read more >Set up Application Default Credentials | Authentication
... Authenticate for using REST · Authenticate by using service account impersonation · Authenticate by using API keys. Application Default Credentials.
Read more >impersonated_service_account do not take into account
When you set up you user Application Default Credential with the gcloud SDK and you add a impersonated service account (command line gcloud ......
Read more >Google Cloud Application Default Credentials - PHP
This file is a Google Cloud Service Account credentials file in JSON format. The previous P12 (PFX) certificates are deprecated.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@eyadmba I’m not sure how that question relates to this issue. I’ll reply here for simplicity, but if you have related follow up questions, please create a new issue.
You can use Google.Apis.Auth.OAuth2.GoogleCredential to create service account credentials from the service account key.
None of these require environment variables to be set. Again, if you have follow up questions do create a new issue.
Yes, thanks for the request. We know this is a missing feature on the .NET Auth library and have been looking at prioritizing for a while now. I’ll leave this issue open and I’ll post progress here.