I am using vault and the gcp engine to get access tokens for a service account (token based RoleSet). I am trying to use the received token to call a cloud function (with authentication). However after failing, I realise now that I need an id_token in the Authorization header of the request, however the token given to me from vault is an 'access' token.
Is there a way to use an access token for GCP to generate an id_token for use with cloud functions?
Yes, there is a solution and it's named Service Account Credential API. You can generate an ID token thanks to it. And because it's a Google Cloud API, you must use an access token to invoke it.
I also write an article on this API