Google Cloud Golang SDK authentication

118 views
Skip to first unread message

SALMAN AHMED

unread,
Nov 18, 2017, 1:27:05 AM11/18/17
to golang-nuts
I am trying to automate the VM and Network resource creation using GCD Client API. I do not want to use Google OAuth as the user has to generate token every time. I used AWS SDK and it can be invoked by simply using AccessKey and Secret Key. Is there any authentication method that does not need user's interaction? I saw the Service Account authentication method but could not find any detailed example. Will it work for GCD compute API? and I saw that Service Account is based on environment variable and my app could have multiple users with different accounts.

Sameer Ajmani

unread,
Nov 18, 2017, 8:57:18 AM11/18/17
to SALMAN AHMED, Jonathan Amsterdam, Ross Light, golang-nuts
+Ross and Jonathan

On Sat, Nov 18, 2017 at 1:26 AM SALMAN AHMED <salmanbu...@gmail.com> wrote:
I am trying to automate the VM and Network resource creation using GCD Client API. I do not want to use Google OAuth as the user has to generate token every time. I used AWS SDK and it can be invoked by simply using AccessKey and Secret Key. Is there any authentication method that does not need user's interaction? I saw the Service Account authentication method but could not find any detailed example. Will it work for GCD compute API? and I saw that Service Account is based on environment variable and my app could have multiple users with different accounts.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ross Light

unread,
Nov 27, 2017, 12:27:35 PM11/27/17
to Sameer Ajmani, SALMAN AHMED, Jonathan Amsterdam, golang-nuts
Hi Salman,

There are broadly two types of authorization on GCP: user accounts and service accounts.  User account tokens will act on behalf of a particular end-user, and service account tokens will act on behalf of that service account.   I'm not exactly sure which one is right for your application, based on the information you presented.  User account tokens only need one user interaction, and then subsequent authorization tokens can be retrieved using the refresh token produced during 3-legged auth.

If you are looking for a service account, then you can either pass the service account credentials using the Application Default Credentials mechanism, or you can use JWTConfigFromJSON to read service account JSON in a manner of your choosing.

Hope that helps!
-Ross
Reply all
Reply to author
Forward
0 new messages