this is an example of gcp service account. Clearly, service account has a private key and a certificate.
So GCP uses public-key cryptography (+ certificate to validate wheather public key is falsificated) to authenticate the service account.
{ | |
"type": "service_account", | |
"project_id": "xxxxxxxxxxxxx", | |
"private_key_id": "xxxxxxxxxxxxx", | |
"private_key": "-----BEGIN PRIVATE KEY-----\nxxxxxxxxxxxxx\n-----END PRIVATE KEY-----\n", | |
"client_email": "[email protected]", | |
"client_id": "xxxxxxxxxxxxx", | |
"auth_uri": "https://accounts.google.com/o/oauth2/auth", | |
"token_uri": "https://oauth2.googleapis.com/token", | |
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", | |
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xxxxxxxxxxxxx%40xxxxxxxxxxxxx.iam.gserviceaccount.com" | |
} |