Hello

Thanks for reading and for your comment. However, the scope limitation with ADC on Google Cloud service (GCE, GCF, Cloud Run,…) is really present only for App Engine.

Cloud Run and Cloud Functions haven’t this scope limitation and you can scope as you want the ADC service account.

For GCE, you need to do it in command line (I can guide you if you want).

And for local ADC, I explained the scope param to add when you get the authentication.

And yes, security on Google Cloud can seem strange, magic, or crazy at the beginning.
And I’m trying to demystify that!