yup-oauth2 icon indicating copy to clipboard operation
yup-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon dermesser

Implement service account impersonation.

Open jneem opened this issue 3 years ago • 3 comments

This implements support for using user credentials to impersonate a service account.

I had a bit of trouble figuring out what to put as the "inner" authenticator, because in principle I think you can do service account impersonation starting from other kinds of authentication. This suggests possibly having

pub struct ServiceAccountImpersonationFlow {
  inner: Authenticator<S>,
  service_account_email: String,
}

but then it isn't clear what to put for S. I thought about using AuthFlow instead, but it's private to authenticator and I didn't want to start on reorganization without asking first. And since I've only ever tested the user credentials route, I decided to just start there.

jneem avatar Oct 10 '22 22:10 jneem

To me this looks fine, although I haven't used the flow you're implementing. If you think this is ready to merge, let me know. Thank you for this contribution!

dermesser avatar Oct 14 '22 20:10 dermesser

Maybe @blogle can be persuaded to take a quick peek. Otherwise, I think it's ready to merge.

jneem avatar Oct 17 '22 15:10 jneem

looks good to me. As mentioned inline, you will want to update the initialization of TokenInfo before merging.

blogle avatar Oct 17 '22 18:10 blogle