Support service_account in ApplicationDefaultCredentials and Use SelfSignedJwt #4926
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Which issue does this PR close?
Closes #.
Rationale for this change
https://google.aip.dev/auth/4111 defines a process for using self-signed JWTs directly with Google Cloud services, without first exchanging them with the Google OAuth server. Additionally it states that they should be used by default for service accounts
This PR therefore adds support for service_account in ApplicationDefaultCredentials, and uses the self-signed JWT flow for service accounts
What changes are included in this PR?
Are there any user-facing changes?