diff --git a/package.json b/package.json
index b58755f0..a16eebff 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
     "@lifeomic/attempt": "^3.0.0",
     "commander": "^9.4.1",
     "gaxios": "^4.2.1",
-    "google-auth-library": "^7.1.0",
+    "google-auth-library": "^8.8.0",
     "googleapis": "^118.0.0",
     "lodash.get": "^4.4.2",
     "p-map": "^4.0.0"
diff --git a/src/google-cloud/client.ts b/src/google-cloud/client.ts
index 790b337a..5fcc953a 100644
--- a/src/google-cloud/client.ts
+++ b/src/google-cloud/client.ts
@@ -5,8 +5,8 @@ import {
 } from '@jupiterone/integration-sdk-core';
 import { retry } from '@lifeomic/attempt';
 import { GaxiosError, GaxiosResponse } from 'gaxios';
-import { CredentialBody } from 'google-auth-library';
-import { accesscontextmanager_v1, google } from 'googleapis';
+import { BaseExternalAccountClient, CredentialBody } from 'google-auth-library';
+import { google } from 'googleapis';
 import pMap from 'p-map';
 import { IntegrationConfig } from '../types';
 import { createErrorProps } from './utils/createErrorProps';
@@ -46,7 +46,7 @@ export class Client {
   readonly folderId?: string;
 
   private credentials: CredentialBody;
-  private auth: accesscontextmanager_v1.Options['auth'];
+  private auth: BaseExternalAccountClient;
   private readonly onRetry?: (err: any) => void;
 
   constructor({ config, projectId, organizationId, onRetry }: ClientOptions) {
@@ -63,20 +63,18 @@ export class Client {
     this.onRetry = onRetry;
   }
 
-  private async getClient(): Promise<accesscontextmanager_v1.Options['auth']> {
+  private async getClient(): Promise<BaseExternalAccountClient> {
     const auth = new google.auth.GoogleAuth({
       credentials: this.credentials,
       scopes: ['https://www.googleapis.com/auth/cloud-platform'],
     });
 
-    const client = await auth.getClient();
+    const client = (await auth.getClient()) as BaseExternalAccountClient;
     await client.getAccessToken();
-    return client as accesscontextmanager_v1.Options['auth'];
+    return client;
   }
 
-  async getAuthenticatedServiceClient(): Promise<
-    accesscontextmanager_v1.Options['auth']
-  > {
+  async getAuthenticatedServiceClient(): Promise<BaseExternalAccountClient> {
     if (!this.auth) {
       try {
         this.auth = await this.getClient();
diff --git a/src/steps/compute/client.ts b/src/steps/compute/client.ts
index a354f985..96fdc251 100644
--- a/src/steps/compute/client.ts
+++ b/src/steps/compute/client.ts
@@ -1,13 +1,14 @@
-import { accesscontextmanager_v1, compute_v1, google } from 'googleapis';
+import { compute_v1, google } from 'googleapis';
 import { Client, PageableGaxiosResponse } from '../../google-cloud/client';
 import { iterateRegions, iterateRegionZones } from '../../google-cloud/regions';
+import { BaseExternalAccountClient } from 'google-auth-library';
 
 export class ComputeClient extends Client {
   private client = google.compute({ version: 'v1', retry: false });
 
   private async iterateComputeApi<T>(
     fn: (params: {
-      auth: accesscontextmanager_v1.Options['auth'];
+      auth: BaseExternalAccountClient;
       zone: string;
       nextPageToken?: string;
     }) => Promise<PageableGaxiosResponse<T>>,
diff --git a/test/mocks.ts b/test/mocks.ts
index 4f4bc5f1..45437e5b 100644
--- a/test/mocks.ts
+++ b/test/mocks.ts
@@ -1835,77 +1835,6 @@ export function getMockSpannerInstanceConfiguration(
   };
 }
 
-export function getMockCertificateAuthority(partial) {
-  return {
-    name: 'projects/j1-gc-integration-dev-v2/locations/us-central1/certificateAuthorities/acmeName',
-    type: 'SELF_SIGNED',
-    tier: 'ENTERPRISE',
-    config: {
-      subjectConfig: {
-        subject: {
-          organization: 'Acme',
-        },
-        commonName: 'acmeName',
-      },
-      reusableConfig: {},
-    },
-    lifetime: '314496000s',
-    keySpec: {
-      algorithm: 'RSA_PKCS1_2048_SHA256',
-    },
-    issuingOptions: {
-      includeCaCertUrl: true,
-      includeCrlAccessUrl: true,
-    },
-    state: 'ENABLED',
-    caCertificateDescriptions: [
-      {
-        subjectDescription: {
-          subject: {
-            organization: 'Acme',
-          },
-          commonName: 'acmeName',
-          subjectAltName: {},
-          hexSerialNumber: '008a51de1d92de213728c7733b74700f4a684513',
-          lifetime: '314496000s',
-          notBeforeTime: '2021-04-08T14:44:07.900172684Z',
-          notAfterTime: '2031-03-27T14:44:07.900172684Z',
-        },
-        configValues: {
-          keyUsage: {
-            baseKeyUsage: {
-              certSign: true,
-              crlSign: true,
-            },
-          },
-          caOptions: {
-            isCa: true,
-          },
-        },
-        subjectKeyId: {
-          keyId: 'ec21738d89c6020cfab46e73b1a001d7fb24d34c',
-        },
-        authorityKeyId: {
-          keyId: 'ec21738d89c6020cfab46e73b1a001d7fb24d34c',
-        },
-        certFingerprint: {
-          sha256Hash:
-            'd7de957b8c0903c662332fc8ec4966c5dc01b7426ed778dc389aaa545a37064a',
-        },
-      },
-    ],
-    accessUrls: {
-      caCertificateAccessUrl:
-        'http://test-bucket-with-labels.storage.googleapis.com/f1cc34b5b7e8fa026582/ca.crt',
-      crlAccessUrl:
-        'http://test-bucket-with-labels.storage.googleapis.com/f1cc34b5b7e8fa026582/crl.crl',
-    },
-    createTime: '2021-04-08T14:44:07.215539285Z',
-    updateTime: '2021-04-08T14:44:09.263990183Z',
-    ...partial,
-  };
-}
-
 export function getMockApiGatewayApi(
   partial?: apigateway_v1.Schema$ApigatewayApi,
 ): apigateway_v1.Schema$ApigatewayApi {
diff --git a/yarn.lock b/yarn.lock
index 7d2d3e06..b41ef792 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2920,7 +2920,7 @@ gar@^1.0.4:
   resolved "https://registry.yarnpkg.com/gar/-/gar-1.0.4.tgz#f777bc7db425c0572fdeb52676172ca1ae9888b8"
   integrity sha512-w4n9cPWyP7aHxKxYHFQMegj7WIAsL/YX/C4Bs5Rr8s1H9M1rNtRWRsw+ovYMkXDQ5S4ZbYHsHAPmevPjPgw44w==
 
-gaxios@^4.0.0, gaxios@^4.2.1:
+gaxios@^4.2.1:
   version "4.3.3"
   resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-4.3.3.tgz#d44bdefe52d34b6435cc41214fdb160b64abfc22"
   integrity sha512-gSaYYIO1Y3wUtdfHmjDUZ8LWaxJQpiavzbF5Kq53akSzvmVg0RfyOcFDbO1KJ/KCGRFz2qG+lS81F0nkr7cRJA==
@@ -2941,14 +2941,6 @@ gaxios@^5.0.0, gaxios@^5.0.1:
     is-stream "^2.0.0"
     node-fetch "^2.6.7"
 
-gcp-metadata@^4.2.0:
-  version "4.3.1"
-  resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-4.3.1.tgz#fb205fe6a90fef2fd9c85e6ba06e5559ee1eefa9"
-  integrity sha512-x850LS5N7V1F3UcV7PoupzGsyD6iVwTVvsh3tbXfkctZnBnjW5yu5z1/3k3SehF7TyoTIe78rJs02GMMy+LF+A==
-  dependencies:
-    gaxios "^4.0.0"
-    json-bigint "^1.0.0"
-
 gcp-metadata@^5.2.0:
   version "5.2.0"
   resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-5.2.0.tgz#b4772e9c5976241f5d3e69c4f446c906d25506ec"
@@ -3096,22 +3088,7 @@ globby@^7.1.1:
     pify "^3.0.0"
     slash "^1.0.0"
 
-google-auth-library@^7.1.0:
-  version "7.14.1"
-  resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-7.14.1.tgz#e3483034162f24cc71b95c8a55a210008826213c"
-  integrity sha512-5Rk7iLNDFhFeBYc3s8l1CqzbEBcdhwR193RlD4vSNFajIcINKI8W8P0JLmBpwymHqqWbX34pJDQu39cSy/6RsA==
-  dependencies:
-    arrify "^2.0.0"
-    base64-js "^1.3.0"
-    ecdsa-sig-formatter "^1.0.11"
-    fast-text-encoding "^1.0.0"
-    gaxios "^4.0.0"
-    gcp-metadata "^4.2.0"
-    gtoken "^5.0.4"
-    jws "^4.0.0"
-    lru-cache "^6.0.0"
-
-google-auth-library@^8.0.2:
+google-auth-library@^8.0.2, google-auth-library@^8.8.0:
   version "8.8.0"
   resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-8.8.0.tgz#2e17494431cef56b571420d483a4debff6c481cd"
   integrity sha512-0iJn7IDqObDG5Tu9Tn2WemmJ31ksEa96IyK0J0OZCpTh6CrC6FrattwKX87h3qKVuprCJpdOGKc1Xi8V0kMh8Q==
@@ -3126,13 +3103,6 @@ google-auth-library@^8.0.2:
     jws "^4.0.0"
     lru-cache "^6.0.0"
 
-google-p12-pem@^3.1.3:
-  version "3.1.4"
-  resolved "https://registry.yarnpkg.com/google-p12-pem/-/google-p12-pem-3.1.4.tgz#123f7b40da204de4ed1fbf2fd5be12c047fc8b3b"
-  integrity sha512-HHuHmkLgwjdmVRngf5+gSmpkyaRI6QmOg77J8tkNBHhNEI62sGHyw4/+UkgyZEI7h84NbWprXDJ+sa3xOYFvTg==
-  dependencies:
-    node-forge "^1.3.1"
-
 google-p12-pem@^4.0.0:
   version "4.0.1"
   resolved "https://registry.yarnpkg.com/google-p12-pem/-/google-p12-pem-4.0.1.tgz#82841798253c65b7dc2a4e5fe9df141db670172a"
@@ -3172,15 +3142,6 @@ graceful-fs@^4.1.2, graceful-fs@^4.1.6, graceful-fs@^4.2.0, graceful-fs@^4.2.9:
   resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3"
   integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==
 
-gtoken@^5.0.4:
-  version "5.3.2"
-  resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-5.3.2.tgz#deb7dc876abe002178e0515e383382ea9446d58f"
-  integrity sha512-gkvEKREW7dXWF8NV8pVrKfW7WqReAmjjkMBh6lNCCGOM4ucS0r0YyXXl0r/9Yj8wcW/32ISkfc8h5mPTDbtifQ==
-  dependencies:
-    gaxios "^4.0.0"
-    google-p12-pem "^3.1.3"
-    jws "^4.0.0"
-
 gtoken@^6.1.0:
   version "6.1.2"
   resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-6.1.2.tgz#aeb7bdb019ff4c3ba3ac100bbe7b6e74dce0e8bc"