I am using IAP to protect a Web API Application. I have enabled a service
account to get access to the APIs through an id_token. I am able to obtain
an id_token (JWT) by signing a JWT (using the keys of my service account)
with the following assertions
{
"iss": "xx.iam.gserviceaccount.com",
"sub": "xx.iam.gserviceaccount.com",
"aud": "https://oauth2.googleapis.com/token";,
"target_audience": "my_application_client_id",
"iat": 1598702078,
"exp": 1598705593
}
and then Posting to the token service as follows
curl --location --request POST 'https://oauth2.googleapis.com/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'assertion=<JWT obtained at the previous step>’
--data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer'
\
--data-urlencode 'scope=openid’
Now I would like to also obtain a refresh_token and has been impossible. I
have tried with *scope=openid offline_access* but no luck. Is
*offline_access* implemented in the Google Auth Server? Any other mechanism
to obtain a refresh_token?
Thank you very much
--
*IOTA Foundation*
c/o Nextland
Strassburgerstraße 55
10405 Berlin, Germany
Board of Directors: Dominik Schiener, David Sønstebø, Serguei Popov, Navin
Ramachandran
ID/Foundation No.: 3416/1234/2 (Foundation Register of Berlin)
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/b7f0e7ce-3d3d-4970-af9f-095ec54379d4n%40googlegroups.com.
