google-auth-library-java icon indicating copy to clipboard operation
google-auth-library-java copied to clipboard
verified publisher icon googleapis

Implement .createDelegated() for ComputeCredential and ImpersonatedCredentials

Open salrashid123 opened this issue 5 years ago • 1 comments

FR to implement [createDelegated()]](https://googleapis.dev/java/google-auth-library/latest/com/google/auth/oauth2/ServiceAccountCredentials.html#createDelegated-java.lang.String-) mechansm for other credential types.

Currently, only ServiceAccount credentials implements that api that allows domain-wide delegation.

This FR is to allow the other credentials to also implement it via its ServiceAccoutnSigner interface

  • ComputeEngineCredential.createDelegated()
  • ImpersonatedCredentials.createDelegated()

As an exmaple implementation, In the following article, i've used the signer interface of these credential types to provide the equivalent createDelegated() feature

salrashid123 avatar Feb 25 '20 19:02 salrashid123

Following... Our org will disallow using SA Key soon. It would be great if our APP's SA can just impersonate domain-wide delegation SA. It might be a more common case now as using SA key is discouraged as it does introduce security risks?

yonghaoy avatar May 30 '24 20:05 yonghaoy