I am trying to Authorize a Google Service Account from my REST API resource to an IAP-protected API.
I already provided the Service Account Key from GCP and provided OAuth Scopes of https://www.googleapis.com/auth/cloud-platform
based on the documentation here OAuth 2.0 Scopes for Google APIs | Authorization | Google for Developers
I'm currently getting this error when using the REST API. Could it probably that the token generated by retool is not a OIDC token which is expected by IAP.
Do I also need to provide headers when using Google Service Account? Like is there a specific magic string for it? For OAuth 2.0 flow I'm using Bearer OAUTH2_ID_TOKEN
Note: OAuth 2.0 workflow works fine but I want to use the Service account so that users don't have to authorize retool every time they access the application.
Thanks!