programmatic authentication / non-interactive flow

[alexnimo]

Hi,
I'm trying to configure dex so it will be able to authenticate non interactive workloads.
My use case: internal keyless signing with cosign and fulcio.
My lab: GKE with workload identity, the signing container is annotated with an SA and has an access token. Dex has the following config:

config:
  issuer: https://accounts.google.com
  connectors:
  -  type: oidc
    id: google
    name: Google
    config:
      issuer: https://accounts.google.com
      clientID: some_client_id
      clientSecret: some_secret
      redirectURI: http://lab.example.com/auth/google
      promptType: none

I tried sending various requests with curl to see if dex can verify the workload access token but non of them works. When sending it's to the token endpoint it throws an error message: {"error":"unsupported_grant_type"}
When sending the request to http://lab.example.com/auth , dex tries to redirect the request for an interactive authentication.
I'll be glad if anyone has an idea how to make it work and even if it's possible to make it work