Getting OIDC token with service account email as sunject instead of numeric unique id #2018
Assignees
Labels
priority: p3
Desirable enhancement or fix. May not be included in next release.
type: question
Request for information or clarification. Not an issue.
Comments
amitronen1
added
priority: p3
|
Assigned to Amanda who knows more about this than I do, but we're both on vacation until the new year at this point, so please be patient. |
|
I think you might find what you are looking for in #2011, you can use the IAM API to sign the JWT token with the impersonated service account. |
|
Thanks Amanda this was highly helpful |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
i'm trying to get an OIDC token for a service account on .NET using this method GetOidcTokenAsync and i'm successful. Unfortunately i require that the "subject" property will be populated with the service account email, and not the unique numeric id.
i came across this example which allows that by signing the JWT manually, but unfortunately i do not have access to the SA private key as i authenticate to it using impersonation.
what can i do?
thanks!
The text was updated successfully, but these errors were encountered: