View Source GcsSignedUrl.SignBlob.OAuthConfig (gcs_signed_url v0.4.6)
Defines Google Cloud OAuth2 Config. The service account should be an email or unique ID of an existing Google service
account GSA_SIGNER
. The access token should belong to a Google service account GSA_AUTH
.
In this scenario, the GSA_AUTH
acts as GSA_SIGNER
and signs the given string on his behalf. This requires the GSA_AUTH
go have the Google IAM permission iam.serviceAccounts.signBlob on the GSA_SIGNER
, e.g. by giving it the built in
role roles/iam.serviceAccountTokenCreator on GSA_SIGNER
.