CODEWITHSUNDEEP
pythongoogle-cloud-platformoauth-2.0google-authentication
sam
sam

Reputation: 873

Google Cloud - How to authenticate USER instead of a service account in app code?

I am able to authorize service accounts by creating and downloading the credentials.json in the GC console. But this option is not available for actual human user accounts. My user account has certain roles that I'd like to use within by app and need to auth as that user account. How can I go about that? Is there a way to download a similar creds.json file for user accounts?

Upvotes: 0

Views: 354

Answers (1)

sam
sam

Reputation: 873

After some digging and in part thanks to @JohnHanley, I managed to use the google-cloud oauth library to auth my application on behalf of a human user that had the right permissions:

from google.cloud import secretmanager_v1beta1 as secretmanager
from google_auth_oauthlib import flow

SecretManagerAdminCreds = 'credentials.json'
LAUNCH_BROWSER = True


class SecretManagerAdmin:
    def __init__(self, project_id: str = "gcp_project_id",
                 scopes: list = ['https://www.googleapis.com/auth/cloud-platform']):
        self._scopes = scopes
        self._project_id = project_id

        appflow = flow.InstalledAppFlow.from_client_secrets_file(SecretManagerAdminCreds, scopes=self._scopes)

        if LAUNCH_BROWSER:
            appflow.run_local_server()
        else:
            appflow.run_console()

        authed_creds = appflow.credentials

        self.client = secretmanager.SecretManagerServiceClient(credentials=authed_creds)

When I create an instance of my SecretManagerAdmin class, a browser fires up and asks a user to login to google and confirm permissions for the app, and returns a second set of credentials that are then used to instantiate a Secretmanager client, which the application uses.

Upvotes: 2

Related Questions