goth
goth copied to clipboard
peburrows
Impersonation docs need updating
v1.3
Hi, I tried impersonating (service_account) with the two examples I could find
Tried
source = {:service_account, credentials, scopes: scopes, sub: sub} as suggested here
Also tried setting the sub in the claims as suggested in the docs here
claims = %{sub: sub}
Goth.Token.fetch(source: {:service_account, credentials, [claims: claims]})
but the scope and the claims can't coexist with the way the library is setup
Invalid OAuth scope or ID token audience provided.
So after looking through the codebase, I realized that the claims could contain the scope. From what I can tell, this is not indicated anywhere in the docs:
claims = %{sub: sub, scope: scope}
This was the only why I was able to successfully impersonate. Unless there are any objections, I'd like to add this to both the inline docs and the README with a PR.
v1.3
Hi, I tried impersonating (service_account) with the two examples I could find
Tried
source = {:service_account, credentials, scopes: scopes, sub: sub}as suggested hereAlso tried setting the sub in the claims as suggested in the docs here
claims = %{sub: sub} Goth.Token.fetch(source: {:service_account, credentials, [claims: claims]})but the scope and the claims can't coexist with the way the library is setup
Invalid OAuth scope or ID token audience provided.So after looking through the codebase, I realized that the claims could contain the scope. From what I can tell, this is not indicated anywhere in the docs:
claims = %{sub: sub, scope: scope}This was the only why I was able to successfully impersonate. Unless there are any objections, I'd like to add this to both the inline docs and the README with a PR.
ps. it expect claims to be a map with string keys, so use claims = %{"sub" => sub, "scope" => scope}