Home > Software design >  Impersonate Google Cloud Patform user through OAuth2.0 flow
Impersonate Google Cloud Patform user through OAuth2.0 flow

Time:07-02

I want to set up an OAuth2.0 flow for users that have access to GCP.

The user will login to a web app.

Then, the OAuth2.0 flow will need to ask for the consent that will allow the app to perform things on their behalf, based on their permissions.

Therefore, the scopes that need to be requested should be those that cover their actual permissions on GCP.

Is something like that possible when it comes to OAuth2.0 and GCP?

CodePudding user response:

Had you seen? https://developers.google.com/identity/protocols/oauth2

Looks like that might address your question.

Separately from that link --> Yes that is something that could be done. You login via OAuth, and once authenticated that service can use GCP Service Accounts https://cloud.google.com/iam/docs/service-accounts to work with GCP Services.

CodePudding user response:

A user can be granted permission to impersonate a service account.

A service account can be granted permission to impersonate a user account via Domain Wide Delegation (Google Workspace).

A user cannot impersonate another user. There is no mechanism to grant the required permissions.

Page link:https//www.codepudding.com/Softwaredesign/461796.html

Prev:How to add AndroidDebugKey to the Google Cloud API Key Restriction
Next:How to obtain iterator type from template parameter, if template parameter is a reference type
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding