in wwauth/Google.Solutions.WWAuth/Adapters/ServiceAccountAdapter.cs [102:147]
public async Task<bool> ExistsAsync(
CancellationToken cancellationToken)
{
//
// If the service account email address is valid, then
// there must be a public JWKS.
//
// N.B. We don't have any Google credentials, so using
// the IAM API isn't an option.
//
try
{
this.logger.Info(
"Fetching JWKS for service account '{0}'",
this.ServiceAccountEmail);
using (var client = CreateHttpClient())
using (var response = await client.GetAsync(
new Uri("https://www.googleapis.com/service_accounts/v1/" +
$"metadata/jwk/{this.ServiceAccountEmail}"),
cancellationToken)
.ConfigureAwait(false))
{
response.EnsureSuccessStatusCode();
this.logger.Info(
"JWKS for service account '{0}' found",
this.ServiceAccountEmail);
//
// JWKS found, service account must exist.
//
return true;
}
}
catch (HttpRequestException e)
{
this.logger.Error(e,
"Failed to fetch JWKS for service account '{0}'",
this.ServiceAccountEmail);
return false;
}
}