I’m using n8n Cloud, so I cannot install custom libraries or modules.
I have a service running on Google Cloud Run that requires authentication. To access it, I need to generate a Google-signed ID token and include it in the Authorization: Bearer <token> header of my HTTP request.
Since n8n Cloud doesn’t support adding external libraries like google-auth-library, I’m struggling to find the best way to generate this ID token from within an n8n workflow.
So far, I’ve considered:
- Creating a separate Google Cloud Function or Cloud Run service that returns an ID token when given a
target_audience.
- Trying to manually build a JWT and call the OAuth2 endpoint (but that’s not really feasible without crypto libraries).
Does anyone have a working setup for retrieving a Google-signed ID token in n8n Cloud or a good workaround you’d recommend?
Thanks in advance!
Hello @mknbusiness!
Honestly it is an interesting question and I have done some research to help you, you will have to tell me if it will really be like this 
- Create a lightweight Google Cloud Function (or Cloud Run service). Uses Application Default Credentials (ADC)
google.auth.default().fetchIdToken(targetAudience)
and returns the ID token as JSON
-
From n8n, use an HTTP Request node to call this function with your target_audience.
-
Use the returned ID token in another HTTP request to your private Cloud Run service:
Authorization: Bearer {{$json["id_token"]}}
I figured out how to do a very similar “JWT Client Adapter” thing (that doesn’t require extra libraries, so it should work on n8n cloud). Assuming you already have an HTTP based endpoint to “generate a Google-signed ID token” (JWT?), you might get some ideas about how to solve this interaction, and keep the credentials safe/hidden, from this post.