This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

generate Google access token using service account impersonation in proxy

Posted on 01-22-2024 09:27 PM
priyanka212
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

I am creating a proxy where target endpoint will require Google access token for authentication. I want to use service account  impersonation way of generating access token. Need examples/samples or document references to implement the same.

https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#java This one gives 401 error when invoking rest URL

 

2 1 167
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

What version of Apigee are you using? 

If Apigee X or hybrid, then you can simply use the Authentication element in your TargetEndpoint. This recent answer shows how.  

If you are using Apigee Edge SaaS or OPDK, then you need to resort to "manual steps" to do that.  

  • signing a JWT using the service account's private key
  • sending that JWT to the Google OAuth token endpoint
  • receiving an access token in response
  • Extracting that token into a variable
  • then using that token for your upstream request. (AssignMessage, setting the Authorization header)

And you should probably cache the obtained token.  You don't want to request a new token for each request to the upstream. 

THIS FLOW shows how to do that. 

You can see why we wanted to simplify that set of steps, with the new(-ish) Authentication element. 

 

 

0 Likes