Using Cloud Identity API with a Service Account?

matthew_hynes · January 6, 2023, 4:12pm

I am having a problem trying to access the Cloud Identity API with an auth token generated for a Service Account

curl -X GET -H “X-Goog-User-Project: $PROJECT_ID” -H “Content-Type: application/json” -H “Authorization: Bearer $TOKEN” ‘https://cloudidentity.googleapis.com/v1/groups?parent=customers/$CUSTOMER_ID’

The previous command works just fine if I generate a token as the project owner, but trying to access the same with an auth token generated for a service account doesn’t

Does anyone know what permissions I need to grant to the Service Account in order for this to work?

dionv · January 9, 2023, 9:03pm

Hello matthew_hynes

You can try to use Cloud Identity API with a service account is with a service account “impersonated admin user” not a service account “Authenticated with domain-wide delegation”.

Topic		Replies	Views
Cloud Identity - OAuth 2.0 Client credentials Flow Compute Infrastructure	1	4	September 9, 2022
Facing issue with auth for cloud identity api Q&A	0	6	January 7, 2025
How to accurately determine which Services/API need to be enabled given a list of permissions? Compute Infrastructure	3	16	December 10, 2021

Using Cloud Identity API with a Service Account?

AI Suggested topics