AgileData.io Docs
Table Of Contents
AgileData.io Docs
Table Of Contents

2026-07-03 - Service Account Authentication Token Fixes

Release

AgileData.io - Solid Foundations: Service Account Authentication Now Consistent and Correct

Two related authentication bugs affecting service accounts and IAP tenancies have been resolved. Both issues were causing the wrong type of authentication token to be used when AgileData’s backend services called each other, leading to authentication failures in certain tenancy configurations.

The first fix ensures that service accounts always use OIDC tokens targeting the IAP client ID when calling protected endpoints — the correct token type for this authentication path. The second fix addresses IAP tenancies that also have a GCIP configuration: these tenancies were refreshing the wrong token type for calls to the API layer, which has been corrected.

Together these fixes stabilise the authentication chain across all tenancy configurations, particularly those that mix IAP and GCIP identity providers.

What was happening:

  • Service accounts were not consistently using OIDC tokens when calling IAP-protected endpoints

  • IAP tenancies with GCIP configuration were refreshing the wrong token type for API layer calls

What this means for you:

  • Service account authentication works reliably across all tenancy types

  • No more authentication failures for tenancies that combine IAP and GCIP identity configurations

Last Refreshed

Doc Refreshed: 2026-07-03