Google Cloud: Get authorization token from Json for Postman

Question

I am trying to trigger an authenticated GCP Cloud Function using Postman.

For this purpose, I created a dedicated service account with the "Cloud Functions Invoker" role and downloaded a .json key structured as:

{
  "type": "service_account",
  "project_id": "xxx",
  "private_key_id": "xxx",
  "private_key": "-----BEGIN PRIVATE KEY-----\n1234=\n-----END PRIVATE KEY-----\n",
  "client_email": "xxx.iam.gserviceaccount.com",
  "client_id": "xxxx",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "xxx.iam.gserviceaccount.com"
}

I tried pasting the whole "private_key" (-----BEGIN PRIVATE KEY-----\n1234=\n-----END PRIVATE KEY-----\n) as Bearer Token, but I get the following error:

<title>401 Unauthorized</title>  

Now, how can I use the .json file from GCP to authenticate through Postman? Which parameters should I use?

Answer 1

Google Cloud Functions require an OAuth Identity Token for authorization.

Postman cannot process a Google Cloud service account JSON key to generate a token for you.

You can generate a token using the CLI:

gcloud auth print-identity-token

The token will be valid for one hour (3600 seconds).

Include this token in the HTTP header Authorization: bearer TOKEN.

gcloud auth print-identity-token