public async Task OidcTokenProvider_ComputeCredential() { // This test only executes on GCE so we are certain to have a ComputeCredential. GoogleCredential credential = GoogleCredential.FromComputeCredential(); OidcToken token = await credential.GetOidcTokenAsync( OidcTokenOptions.FromTargetAudience("https://this.is.a.test")); // Check an access token (really id_token) is available. Assert.NotNull(await token.GetAccessTokenAsync()); // If IdToken is set and AccessToken is not, AccessToken is set to // IdToken, so we can always check here that AccessToken is not null. Assert.NotNull(token.TokenResponse.AccessToken); // The enpoint does not send an expiry, bu we set it to the id_token // expiry. Assert.NotNull(token.TokenResponse.ExpiresInSeconds); var verificationOptions = new SignedTokenVerificationOptions(); verificationOptions.TrustedAudiences.Add("https://this.is.a.test"); var payload = await JsonWebSignature.VerifySignedTokenAsync(await token.GetAccessTokenAsync(), verificationOptions); Assert.NotNull(payload); Assert.Contains("https://this.is.a.test", payload.AudienceAsList); }
/// <summary> /// Obtains an OIDC token for authentication an IAP request. /// </summary> /// <param name="iapClientId">The client ID observed on /// https://console.cloud.google.com/apis/credentials. </param> /// <param name="cancellationToken">The token to propagate operation cancel notifications.</param> /// <returns>The HTTP response message.</returns> public async Task <OidcToken> GetOidcTokenAsync(string iapClientId, CancellationToken cancellationToken) { // Obtain the application default credentials. GoogleCredential credential = await GoogleCredential.GetApplicationDefaultAsync(cancellationToken); // Request an OIDC token for the Cloud IAP-secured client ID. return(await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience(iapClientId), cancellationToken)); }
/// <summary> /// Obtains an OIDC token for authentication an IAP request. /// </summary> /// <param name="iapClientId">The client ID observed on /// https://console.cloud.google.com/apis/credentials. </param> /// <param name="credentialsFilePath">Path to the credentials .json file /// downloaded from https://console.cloud.google.com/apis/credentials. /// </param> /// <param name="cancellationToken">The token to propagate operation cancel notifications.</param> /// <returns>The HTTP response message.</returns> public async Task <OidcToken> GetOidcTokenAsync(string iapClientId, string credentialsFilePath, CancellationToken cancellationToken) { // Read credentials from the credentials .json file. GoogleCredential credential = await GoogleCredential .FromFileAsync(credentialsFilePath, cancellationToken).ConfigureAwait(false); // Request an OIDC token for the Cloud IAP-secured client ID. return(await credential .GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience(iapClientId), cancellationToken).ConfigureAwait(false)); }