Context
I have some services in Google AppEngine Flexible environment communicating through APIs, and while I am using IAP for managing user access. I have to programmatically authenticate each service with the Bearer JWT token.
Problem
In my Java Application, I am using the code google is providing to authenticate IAP services, that you can find here: https://cloud.google.com/iap/docs/authentication-howto#iap_make_request-java
The problem is in this block of code:
GoogleCredentials credentials =
GoogleCredentials.getApplicationDefault().createScoped(Collections.singleton(IAM_SCOPE));
// service account credentials are required to sign the jwt token
if (credentials == null || !(credentials instanceof ServiceAccountCredentials)) {
throw new Exception("Google credentials : service accounts credentials expected");
}
return (ServiceAccountCredentials) credentials;
The createScoped method is returning a ComputeEngineCredentials while the code is expecting a ServiceAccountCredentials response object.
All the suggestions are welcome. Thanks in advance for the greatest community ever.
You do not actually mention the nature of the difficulty you are faced with. The App Engine flexible environment service account is automatically created in a GCP project. Do you try to create the App Engine flexible environment service account is a separate service account from the App Engine default service account. The "return (ServiceAccountCredentials) credentials;" statement uses a cast to return ServiceAccountCredentials; it should be fine.
Line: GoogleCredentials.getApplicationDefault().createScoped(Collections.singleton(IAM_SCOPE) creates a GoogleCredentials object, it does not need a JSON service account file to succeed.