Say you want to call a Http Cloud Function from Golang. You start looking at the Google documentation about authenticating Developers, Functions, and End-users and end up reading about self-signing a service account JWT.
This looks rather complicated, where as the curl example is so easy:
There are other examples around that do stuff with JWT tokens, but actually the idtoken example provided by Google just needs little adjustment to get it to work for your Cloud Function and service-account.
The idtoken example as-is, works only if you have to access to the compute metadata service.
But if you adjust it a bit, it will also work your with default credentials.
Configure credentials by setting GOOGLE_APPLICATION_CREDENTIALS environment variable to point to your service-account-key.json file
This function needs a targetURL, that can have query params:
On line 25 we remove the query params from the URL for the targetAudience. This needs to be correct, otherwise it will just return 401 response codes.
Now it should work like a charm.
Hope this saves you some time :)