I have created a GCP Service account followed by generating a key for it. I have a GCP cloud function I also have an API Gateway configured to talk to my backend service. The service account has the permission access to the API Gateway. I have defined the securityDefinition for that service account in my API gateway OpenSpec config file Now I just have to generate a signed JWT for that service account (for testing from my localhost using postman), pass it to the API gateway api or to the cloud function call as a bearer token and it should work.
I created JWT Using jsonwebtoken and it worked for API Gateway but not for Cloud function. For cloud function it gives 401 unauthorized, even though it has all the required permission.
But when i generate JWT for the same service accoount using gcloud auth print-identity-token, it works for cloud function but not for API Gateway. For API Gateway it gives 401 unauthorized : Jwt issuer is not configured, error.
On comparing both the JWTs payload I noticed that
The JWT using jsonwebtoken, has proper iss configured since I mentioned it programatically in NodeJS using npm library. But it's npt getting signed properly i.e. it's missing email and email_verified attribute.
The jwt using gcloud library , has email and email_verified attribute, which means its properly signed but the iss doesn't match with the one configured in openspec serviceDefinitions section for API Gateway.
I need help in generating a proper signed token with my own iss configured in it.
Thanks in Advance