[fpc-devel] Google APIs - Authenticate using a service account?

Wayne Sherman wsherman at gmail.com
Mon Mar 14 21:42:20 CET 2022

On Mon, May 10, 2021 at 7:08 PM Wayne Sherman wrote:
> The Google API supports the following signing algorithms:
> https://cloud.google.com/iot/docs/how-tos/credentials/jwts
>    JWT RS256 (RSASSA-PKCS1-v1_5 using SHA-256 RFC 7518 sec 3.3). This
> is expressed as RS256 in the alg field in the JWT header.
>    JWT ES256 (ECDSA using P-256 and SHA-256 RFC 7518 sec 3.4), defined
> in OpenSSL as the prime256v1 curve. This is expressed as ES256 in the
> alg field in the JWT header.

My statement above about ES256 does not appear to be correct.  After
looking over Google's API docs again, I discovered that JWTs signed
using ES256 are only supported on a few of their services (?).  (e.g.
Cloud IoT Core, Identity-Aware Proxy, and Cloud Security Token)

ES256 support was added to the google API python auth library here:

     See also:

But according to this page:

     *Computing the signature*

     "The signing algorithm in the JWT header must be used when computing the
     signature. The *only signing algorithm supported* by the Google OAuth 2.0
     Authorization Server *is RSA using SHA-256 hashing* algorithm. This is
     expressed as RS256 in the alg field in the JWT header."

More information about the fpc-devel mailing list