Authenticating a service account without a downloaded key in the Google engine
I am working on a product that needs to be installed on Google App Engine.
In this I am using a service account to authenticate the Gmail API, Drive API, Calendar API, etc.
Works fine with uploaded P12 file as authentication. But as my product, I don't want the client to download and upload the app on every install.
Could there be a way to authenticate without the private key file or using this API without a service account.
The next page indicates that system-managed key pairs are automatically managed by Google. Could this be helpful? I haven't found any example.
https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys
The link below shows that for the Google Cloud Platform I have to use the Google managed key https://cloud.google.com/iam/docs/understanding-service-accounts
Can this key be used without an uploaded file?
thank
source to share
I could achieve this using the IAM API https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys
Below is the Java code
AppIdentityCredential credential = new AppIdentityCredential(
Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
Iam iam = new Iam(httpTRANSPORT, jsonFACTORY, credential);
try {
Iam.Projects.ServiceAccounts.Keys.Create keyCreate = iam.projects().serviceAccounts().keys()
.create("projects/myProject/serviceAccounts/myProject@appspot.gserviceaccount.com", new CreateServiceAccountKeyRequest());
ServiceAccountKey key = keyCreate.execute();
} catch (IOException e) {
System.out.println(e.getMessage());
}
Any key can be used to create GoogleCredential below
InputStream stream = new ByteArrayInputStream(key.decodePrivateKeyData());
GoogleCredential credential = GoogleCredential.fromStream(stream);
source to share