Skip to content

feat: Add ADC support for impersonated credentials#547

Merged
sai-sunder-s merged 8 commits intomainfrom
adcimpersonated
Nov 20, 2025
Merged

feat: Add ADC support for impersonated credentials#547
sai-sunder-s merged 8 commits intomainfrom
adcimpersonated

Conversation

@sai-sunder-s
Copy link
Contributor

@sai-sunder-s sai-sunder-s commented Oct 28, 2025
edited
Loading

  1. Add support for loading an impersonated service account credential from a JSON (typically produced by running gcloud auth application-default login --impersoante-service-account <service account email>)
  2. Support the JSON as part of ADC flow

Sample JSON:

{
  "delegates": [],
  "scopes": [
    "https://www.googleapis.com/auth/drive"
  ],
  "service_account_impersonation_url": "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/service-account-email@project-name.iam.gserviceaccount.com:generateAccessToken",
  "source_credentials": {
    "client_id": "oauth_client_id",
    "client_secret": "oauth_client_secret",
    "refresh_token": "user_refresh_token",
    "type": "authorized_user",
    "universe_domain": "googleapis.com"
  },
  "type": "impersonated_service_account"
}

@sai-sunder-s sai-sunder-s marked this pull request as ready for review October 29, 2025 05:53
@sai-sunder-s sai-sunder-s requested a review from a team October 29, 2025 05:53
viacheslav-rostovtsev
viacheslav-rostovtsev requested changes Nov 17, 2025
View reviewed changes
Copy link
Member

@viacheslav-rostovtsev viacheslav-rostovtsev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change the description. Main change is adding JSON file support to Impersonated Credentials, secondary change is enabling them in ADC flow. Scope override should not be in description .

viacheslav-rostovtsev
viacheslav-rostovtsev requested changes Nov 19, 2025
View reviewed changes
@sai-sunder-s sai-sunder-s merged commit 4c31b17 into main Nov 20, 2025
14 checks passed
@sai-sunder-s sai-sunder-s deleted the adcimpersonated branch November 20, 2025 17:53
@release-please release-please bot mentioned this pull request Nov 20, 2025
Merged
sampart added a commit to sampart/google-auth-library-ruby that referenced this pull request Dec 3, 2025
@sampart
Fix contributing link in README
adca785 
This appears to have been removed in error in googleapis#547
@sampart sampart mentioned this pull request Dec 3, 2025
Open
@claude claude bot mentioned this pull request Dec 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@viacheslav-rostovtsev viacheslav-rostovtsev viacheslav-rostovtsev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sai-sunder-s @viacheslav-rostovtsev