BigQuery authentication with JWT token

[pichain001]

Hi all,

I can see several ways to authenticate to BQ with key files and keys in your crate. Those do not work for us as we do not want to manage keys.

I would like to authenticate via JWT token against the BQ scope (https://bigquery.googleapis.com). Did I miss it or is there a way to use JWT tokens of SA to authenticate? Or any workaround?
Big thanks!

[debrutal]

I am not aware of any JWT token, that enables you to access bigquery. The only way i know is to impersonate a service account with the needed permissions.

Being in the gcp you can always use the APPLICATION_DEFAULT_CREDENTIALS from the running node. This then is the service account running the instance (Cloud Run, Kubernetes Node, etc.). The appropriate methode would be gcp_bigquery_client::Client::from_application_default_credentials.

This way you don't handle keys or anything, but you are bound to invoke the BQ with a node inside the gcp and the service account running your instance.