You can use the samples to chain impersonated credentials with WIF as well. However, if you need to use the WIF identity to get an id_token, you still need to manually acquire that using one of the samples below Also see: Authenticating using Google OpenID Connect Tokens gRPC Authentication with Cloud Run
