Is it possible to get an authorization bearer token for a Google Cloud service account without the use of gcloud
?
That is, I would like to make an HTTP request (presumably signed in some way by my JSON key file) that would provide me the equivalent of
gcloud auth application-default print-access-token
This request would be made on my own server, where I may not wish to install gcloud
and where I do not have access to any internal server metadata that might provide this (e.g., as is the case with Compute Engine).
Is there some oauth endpoint that provides something like this?
Alternately, is there some way to generate long-lived tokens with gcloud
?
I'm new to the Google Cloud ecosystem, so excuse my ignorance and terminology...
To begin, obtain OAuth 2.0 client credentials from the Google API Console. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access.
If you want to authorize the gcloud CLI on a machine that doesn't have a browser and you can install the gcloud CLI on another machine with a browser, use the --no-browser flag. Copy the long command that begins with gcloud auth login --remote-bootstrap=" .
I think that this is exactly what you are looking for:
https://developers.google.com/identity/protocols/OAuth2#serviceaccount
Honestly I don't think that what you were trying to achieve was correct, running
gcloud auth application-default print-access-token
you get a token that is not intended to do what you were looking for:
"This command is useful when you are developing code that would normally use a service account but need to run the code in a local development environment where it's easier to provide user credentials."
This should guide you a bit more in the implementation of this solution: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Here's what it looks like in golang:
import( "google.golang.org/api/compute/v1" "google.golang.org/api/container/v1" "google.golang.org/api/iterator" "google.golang.org/api/option" "google.golang.org/api/transport" ) ctx := context.Background() creds, err := transport.Creds(ctx, option.WithScopes(compute.CloudPlatformScope)) token, err := creds.TokenSource.Token()
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With