google-cloud-platformaccess-tokenvault

Exchange GCP access token for id token


I am using vault and the gcp engine to get access tokens for a service account (token based RoleSet). I am trying to use the received token to call a cloud function (with authentication). However after failing, I realise now that I need an id_token in the Authorization header of the request, however the token given to me from vault is an 'access' token.

Is there a way to use an access token for GCP to generate an id_token for use with cloud functions?


Solution

  • Yes, there is a solution and it's named Service Account Credential API. You can generate an ID token thanks to it. And because it's a Google Cloud API, you must use an access token to invoke it.

    I also write an article on this API