Generate a GCP Bearer token using Ruby

Question

I want to generate a authbearer token using a service account ruby library just like we do it using gcloud: gcloud auth application-default print-access-token

I have written a simple piece of code:

require 'googleauth'
authorizer = Google::Auth::ServiceAccountCredentials.make_creds(json_key_io: File.open('sa.json'))
token=authorizer.fetch_access_token!

I can get a token, but this needs scope. I wanted to check if it is possible to generate a token without the scope as well like we do with gcloud auth command below.

I see that there was a similar question for python as well. I am looking for something similar with ruby.

The gcloud command creates tokens with an OAuth scope. IIRC `cloud-platform`. The actual permissions are managed by the service account IAM roles. The scope can limit those permissions, specifying no scope means no permissions. An OAuth token with no permissions is not useful. — John Hanley, Sep 16 '22 at 19:12
thanks. It did work with `scope = 'https://www.googleapis.com/auth/cloud-platform'` — v-so14, Sep 29 '22 at 10:55

score 1 · Answer 1 · answered Jul 27 '23 at 14:21

So for everyone else:


require 'googleauth'

authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
  json_key_io: File.open(path_to_json_file), 
  scope: 'https://www.googleapis.com/auth/cloud-platform') 

token = authorizer.fetch_access_token!

Generate a GCP Bearer token using Ruby

1 Answers1