我正在尝试从 vercel 前端(不是客户端)连接到我的 Cloud run 后端。
我已经设置了工作负载联合身份,并且如果我运行以下命令,连接似乎可以正常工作:
authClient = ExternalAccountClient.fromJSON({
type: "external_account",
audience: `//iam.googleapis.com/projects/${GCP_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GCP_WORKLOAD_IDENTITY_POOL_ID}/providers/${GCP_WORKLOAD_IDENTITY_POOL_PROVIDER_ID}`,
subject_token_type: "urn:ietf:params:oauth:token-type:jwt",
token_url: "https://sts.googleapis.com/v1/token",
service_account_impersonation_url: `https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${GCP_SERVICE_ACCOUNT_EMAIL}:generateAccessToken`,
subject_token_supplier: {
// Use the Vercel OIDC token as the subject token.
getSubjectToken: getVercelOidcToken,
},
});
这很好,但是我真正需要的是
GoogleAuth const auth = new GoogleAuth({
scopes: "https://www.googleapis.com/auth/cloud-platform",
projectId: GCP_PROJECT_ID,
});
const idTokenclient = await auth.getIdTokenClient(backend_url);
const response = await idTokenclient.request({ url: backend_url });
我不明白的是如何从
ExternalAccountClientGoogleAuthGoogleAuth编辑:温和的平:)真的很想在这里得到答案(或一些指示!)
要获取令牌,您需要从 authClient 调用 getAccessToken
const idToken = await authClient?.getAccessToken();
console.log("OIDC Token:", idToken.token);