DEX OAuth2 Google Service Account

Question

Hello all,

I am working to use the OAuth2 flow for the DEX library with a Google service account. Rather than allowing the user to make calls, we would like an OnPrem server to make the call to the Google API. However, Google does not provide a client secret for the Client Credentials flow. Rather, the provide a private key id, private key secret, and client ID (but only for certain scopes). How do I use this in the DEX library to communicate in this way? I don’t see anything that allows this behavior.

-Matt

icon

Best answer by RoxannaBindenga 24 August 2023, 14:20

View original

RoxannaBindenga · Accepted Answer

Hi Matt,We've taken this up via our ticketing service, but I still wanted to write a response to your question here in case other people have the same question.My understanding fromhttps://developers.google.com/identity/protocols/oauth2/service-account#jwt-authis that you can use the DEX methodhttps://documentation.aimms.com/dataexchange/api.html#managing-jwt-tokens.The first argument for the dex::jwt::Encode() would be the payload (which is a JSON with the claims as required by the API you're trying to use).The second argument is the private RSA key used to sign the JWT token. This should be a private key (in JSON-format), found in your Google service account.The third argument is an output string argument that you will use in the follow-up request in which the signed JWT token is being stored.If that Encode procedure was handled successfully, you can use the output string argument in your 'real' request to the API. An example can be found here:https://developers.google.com/identity/protocols/oauth2/service-account#httprest(look for 'Making the access token request').I hope this givesan idea of the steps to follow.

DEX OAuth2 Google Service Account

1 reply

Reply

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded