Use your service account's key JSON file to get an access token to call Google APIs.
Good for seeing how things work, including the creation of JWT token.
To create a JWT token, you can replace create-jwt-token.sh
script with tools like step.
If you just want to get an access token for a service account,
you can do the same thing with just gcloud
command. cf Authorization and authentication.
- Have a GCP project and a service account.
- The service account has a permission for the request.
- e.g. For listing buckets,
"https://www.googleapis.com/auth/devstorage.read_only"
- e.g. For listing buckets,
- The service account's key JSON file is downloaded (here,
key.json
). - Commands available:
jq
,openssl
Get an access token.
$ ./get-access-token.sh /path/to/key.json "https://www.googleapis.com/auth/devstorage.read_only"
ya29...
You can call a Google API with the token. Here since we've requested storage readonly, we list buckets.
$ curl "https://www.googleapis.com/storage/v1/b?project=<your_project_id>" \
-H "Authorization: Bearer ya29..."
Good Lord, you have no idea how much time this script would've saved me if I pick my search parameters wiser ehehe
Huge thanks for sharing this!