Solved

DEX OAuth2 Google Service Account

  • 7 August 2023
  • 1 reply
  • 38 views

Userlevel 1
Badge +3

Hello all,

 

I am working to use the OAuth2 flow for the DEX library with a Google service account. Rather than allowing the user to make calls, we would like an OnPrem server to make the call to the Google API. However, Google does not provide a client secret for the Client Credentials flow. Rather, the provide a private key id, private key secret, and client ID (but only for certain scopes). How do I use this in the DEX library to communicate in this way? I don’t see anything that allows this behavior.

 

-Matt

icon

Best answer by RoxannaBindenga 24 August 2023, 14:20

View original

1 reply

Userlevel 3
Badge +3

Hi Matt,

 

We've taken this up via our ticketing service, but I still wanted to write a response to your question here in case other people have the same question.

 

My understanding from https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth is that you can use the DEX method https://documentation.aimms.com/dataexchange/api.html#managing-jwt-tokens.

The first argument for the dex::jwt::Encode() would be the payload (which is a JSON with the claims as required by the API you're trying to use).
The second argument is the private RSA key used to sign the JWT token. This should be a private key (in JSON-format), found in your Google service account.
The third argument is an output string argument that you will use in the follow-up request in which the signed JWT token is being stored.

If that Encode procedure was handled successfully, you can use the output string argument in your 'real' request to the API. An example can be found here: https://developers.google.com/identity/protocols/oauth2/service-account#httprest (look for 'Making the access token request').

I hope this gives an idea of the steps to follow. 

Reply


Didn't find what you were looking for? Try searching on our documentation pages:

AIMMS Developer & PRO | AIMMS How-To | AIMMS SC Navigator