1

I need to get id token for multiple specific services from the google oauth2 service.

{"typ":"JWT","alg":"RS256"}.{"aud":"https://www.googleapis.com/oauth2/v4/token","exp":"1566830430","iat":"1566827130","iss":"my_project.iam.gserviceaccount.com","target_audience", "www.myservice.com/location"}

It returns me and id token to post any data to the location service but I would like post data to my time service (www.myservice.com/time) too.

How can I set these 2 URLs as the target audience?

SayMyName
  • 461
  • 5
  • 17

1 Answers1

1

The field does not currently support setting multiple values.

Consider sending a self-signed JWT [1] to https://iamcredentials.googleapis.com/v1/{name=projects//serviceAccounts/}:generateIdToken [2] instead. Even though it doesn't support multiple audiences in one call either, it is still the correct API to use to obtain ID tokens for your service account.

[1] https://developers.google.com/identity/protocols/OAuth2ServiceAccount#jwt-auth

[2] https://cloud.google.com/iam/credentials/reference/rest/v1/projects.serviceAccounts/generateIdToken

user2705223
  • 1,219
  • 6
  • 10
  • I have read the documentation specified as [2] and in this documentation, there is no way to connect to multiple services that I have seen. Also, you mean I need to use the [2] method to get id token instead of my way but I need to generate just an id token for my different specific services. The problem is that. – SayMyName Aug 30 '19 at 08:52
  • I don't think there is a way to support multiple audiences in the same ID token or support generating multiple ID tokens from a single API call with the current Google service account APIs. – user2705223 Aug 31 '19 at 16:49
  • So I am going to have an id token one by one for all the services. Thank you man. – SayMyName Aug 31 '19 at 17:10