This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Using Cloud Identity API with a Service Account?

Posted on 01-06-2023 08:12 AM
matthew_hynes
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I am having a problem trying to access the Cloud Identity API with an auth token generated for a Service Account

curl -X GET -H "X-Goog-User-Project: $PROJECT_ID" -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" 'https://cloudidentity.googleapis.com/v1/groups?parent=customers/$CUSTOMER_ID'

The previous command works just fine if I generate a token as the project owner, but trying to access the same with an auth token generated for a service account doesn't

Does anyone know what permissions I need to grant to the Service Account in order for this to work?

Solved Solved
0 1 445
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dionv
Staff
Reply posted on --/--/---- --:-- AM

Hello matthew_hynes

You can try to use Cloud Identity API with a service account is with a service account "impersonated admin user" not a service account "Authenticated with domain-wide delegation".

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dionv
Staff
Reply posted on --/--/---- --:-- AM

Hello matthew_hynes

You can try to use Cloud Identity API with a service account is with a service account "impersonated admin user" not a service account "Authenticated with domain-wide delegation".

Jump to Solution
0 Likes
Top Solution Authors
View all