idtoken: computeEngine should support format and license options

[salrashid123]

id tokens set the format to full always which may include a lot of extra information in the token

eg. the gce instanceid, zone, etc, see https://github.com/googleapis/google-auth-library-nodejs/issues/792#issuecomment-575188336

and described here

compute metadata based token uses by default &format=standard and does not include this extra info.

FR to have an option to allow setting the format and if it should include any license info (which is another parameter). If possible, maybe make it default to standard but that may break existing users of the library.

Just note, there will be another GET parameter available soon which will allow including just the email value into the idtoken.

the settings here hardcodes it to full

https://github.com/googleapis/google-api-go-client/blob/master/idtoken/compute.go#L41

[codyoss]

Thanks for opening the feature request. As you said switching the default might be hard to do at this point. Overall though this seems like something that we could make configurable. cc @broady

[eisandbar]

Would it be possible to add another field into DialSettings

https://github.com/googleapis/google-api-go-client/blob/d6ee425a65668ee28ff97c6fb70f3497865d6572/internal/settings.go#L21-L25

Those are already being passed to computeTokenSource and adding a bit of logic should be trivial.

https://github.com/googleapis/google-api-go-client/blob/62364a2da91e0116ee4520268eb660c2574629da/idtoken/compute.go#L20

[eisandbar]

https://github.com/googleapis/google-api-go-client/pull/1665#discussion_r948626643

Is this a viable solution? I feel like this is the only way without things breaking for existing users.

[codyoss]

This is being addressed in our new auth library we will be shifting to soon. Closing as done in the new library: https://pkg.go.dev/cloud.google.com/go/auth/idtoken#ComputeTokenFormat