Authenticate service account without downloaded key on google app engine

2
votes

I am working on a product that is supposed to be installed in Google App Engine.

In this I am using Service account for authenticating Gmail API, Drive API, Calendar API etc.

Its working fine with downloaded P12 file as authentication. But as its product I don't want client to download and upload on app on every install.

Can there be a way to authenticate it without privatekey file or using that API without service account.

In below page its mentioned that there is System-managed key-pairs are managed automatically by Google. Can it be helpful? I did't find any example of it.

https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys

In below link it suggest that for Google Cloud Platform I should use Google Managed Key https://cloud.google.com/iam/docs/understanding-service-accounts

Can this key used without downloaded file ?

Thanks

1
google-app-enginegoogle-apigoogle-api-java-clientgoogle-authentication
You dont have to use the p12 file you can also use the json keyfile.DaImTo
@DaImTo Thanks for comment. It known that either file can be used but it will not solve the problem. I just dont want user to create key and upload file in app. At least if there is way to create key and download file direct on server using API. It will be helpful.compyutech

1 Answers

1
votes

I could achieve it by IAM API https://cloud.google.com/iam/reference/rest/v1/projects.serviceAccounts.keys

Below is Java code for it

AppIdentityCredential credential = new AppIdentityCredential(
                Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
Iam iam = new Iam(httpTRANSPORT, jsonFACTORY, credential);
try {
    Iam.Projects.ServiceAccounts.Keys.Create keyCreate = iam.projects().serviceAccounts().keys()
                    .create("projects/myProject/serviceAccounts/[email protected]", new CreateServiceAccountKeyRequest());

    ServiceAccountKey key = keyCreate.execute();

} catch (IOException e) {
    System.out.println(e.getMessage());
}

Any key can be used to generate GoogleCredential as below 

InputStream stream = new ByteArrayInputStream(key.decodePrivateKeyData());
GoogleCredential credential = GoogleCredential.fromStream(stream);