Google Cloud Services, like Cloud Storage, Vertex AI, BigQuery, etc., are powerful cloud-based tools that could enhance your operations when integrated with Sitecore. However, authentication to Google Cloud follows a two-legged OAuth flow and can be challenging. This blog covers the steps involved in creating Service Account credentials and includes the SPE script that generates the JWT to retrieve a Google Access token, allowing you to easily streamline the authentication process for all background jobs that interact with Google Cloud services.
Steps to create the Service Account:
Create a Service Account in the Credentials section of Google Cloud Console. Assign the necessary roles (e.g., Storage Admin, BigQuery Admin, or any other roles needed for your use case). Generate a Key for the Service Account in P12 format, as SPE doesn’t support JSON format. The downloaded P12 certificate will be used to authenticate your requests to Google Cloud services.
SPE Script to retrieve the Access token:
Here is the SPE Script that generates the JWT token(that includes a header, a claim set, and a signature) and retrieves the access token as per the Google Documentation,
Once the token is generated, it can be passed in the Authorization header as a Bearer token when making API requests to Google Cloud from your Sitecore background jobs.