You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These credentials can be used in Github Actions to authenticate more securely. Instead of storing long-lived Google credentials in Github, external_account credentials make it possible to authorized a particular github repository's actions to act as a service worker via workload identity federation.
I looked into writing a pull request for this feature, but found it very difficult to test. I'm also not super familiar with the details of Google's authentication flow. The relevant code in google.auth is pretty simple, but some of the metadata has to be routed around and I am not sure that it will automatically be available in Token.service_data:
I am happy to help work on this but probably need some guidance on how to test. There are also extra features that I don't think I need, but may be required to support this generically enough (impersonation for example.)
The text was updated successfully, but these errors were encountered:
Google has added support for so-called "external_account" credentials:
https://googleapis.dev/python/google-auth/latest/reference/google.auth.external_account.html
These credentials can be used in Github Actions to authenticate more securely. Instead of storing long-lived Google credentials in Github, external_account credentials make it possible to authorized a particular github repository's actions to act as a service worker via workload identity federation.
I looked into writing a pull request for this feature, but found it very difficult to test. I'm also not super familiar with the details of Google's authentication flow. The relevant code in
google.authis pretty simple, but some of the metadata has to be routed around and I am not sure that it will automatically be available inToken.service_data:https://github.com/googleapis/google-auth-library-python/blob/main/google/auth/external_account.py#L376
I am happy to help work on this but probably need some guidance on how to test. There are also extra features that I don't think I need, but may be required to support this generically enough (impersonation for example.)
The text was updated successfully, but these errors were encountered: