问题 Is it possible to use an Authorization: Bearer … header to make a request through Identity Aware Proxy to my protected application? (Using a service account, of course. From outside GCP.) I would like to not perform the OIDC token exchange, is this supported? If so, does anyone have any examples? So far, I have the following but it doesn't work: iat = time.time() exp = iat + 3600 payload = {'iss': account['client_email'], 'sub': account['client_email'], 'aud': '/projects/NNNNN/apps/XXXXXXX',