Customize authentication workflow for GCP Service Graph Connector

Hello,

We are currently working on implementing the GCP Service Graph Connector (SGC), which by default uses OAuth2 JWT token-based authentication out-of-box. However, our client has requested a customized approach, and we would like to modify the OOB configuration to implement OIDC authentication using Microsoft Entra. The idea is for ServiceNow to utilize the rotating credentials provided by Entra for authentication with GCP, without relying on static credentials such as certificates.

Here’s a quick overview of the high-level authentication steps we are planning to follow:
1. ServiceNow initiates an API call to Entra to retrieve an OIDC Token.
2. The OIDC Token is then passed to the GCP IAM API in order to obtain a Federated Token.
3. The Federated Token will be exchanged with the GCP IAM API to fetch an IAM Token.
4. Finally, the IAM Token is used to access GCP CAI and CRM APIs to bring cloud resources into ServiceNow.

We're keen to hear any insights or suggestions you might have on how this workflow can be achieved within ServiceNow. If you have experience or recommendations for implementing OIDC authentication or integrating rotating credentials, your guidance would be greatly appreciated.