This is a CLI tool that generates a JWT for Service Account authorization on GCP.
GCP Service Account JWT Generator is an experimental project used for a very specific use case -- it is generally insecure to output Authorization Bearer tokens on the command-line so please use at your own risk!
The CLI is an NPM package:
$ npm install -g @tomchinery/gcp-service-account-jwt-generatorUpon running the CLI it will output an Authorization Bearer token to STDOUT that is signed with your GCP Service Account.
$ gcp-service-account-jwt-generator --service-account <path_to_your_service_account> --target-audience <your_oauth_client_id>There is some required arguments of the tool:
--service-accountThe path to the service account credentials file you want to use to sign your JWT.
--target-audienceThe OAuth Client ID for the resource you want to access.
The specific usecase this tool was created was for authenticating against service API's that sit behind IAP (Identity Aware Proxy) on GCP. Specifically I'm using the outputted JWT to request an OIDC token for an IAP-secured client ID. It's the OIDC token that I use to actually authenticate against my services behind IAP.
I imagine this tool could be useful for a number of other usecases. Please if you do contribute feel free to add to the Usecases section in the README.md.
All PR's or feedback is welcome - I normally have a lagg time of about 72 hours on reviews or issues so don't panic if you don't get a response straight away.