GitHub Action / Python / GCP - Changes on my own YouTube playlists with the API

Following a first issue I had with GitHub action and Google Cloud Workflow Identity Federation, I'm now looking for a way to update my own YouTube playlists using what I deployed previously.

My current authentication method allows me to access data on YouTube in read mode, but not to make changes on my own account. More specifically, I'm looking to make playlistItems().insert and playlistItems().delete requests on my own YouTube playlists.

My current GitHub Action file is looking like this (with main.py calling an external Python script containing the functions which are doing playlistItems().insert/delete requests):

name: Playlists updateson:    push:        branches: [main]jobs:    build-linux:        name: youtube_automation        runs-on: ubuntu-latest        permissions:            contents: write            id-token: write        steps:            -   id: checkout                name: Checkout repository                uses: actions/checkout@v3            -   id: google-auth                name: Authentication to Google Cloud services with Workload Identity Federation                uses: google-github-actions/auth@v0                with:                    token_format: 'access_token'                    workload_identity_provider: '${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}'                    service_account: '${{ secrets.SERVICE_ACCOUNT }}'            -   id: python-setup                name: Set up Python 3.9                uses: actions/setup-python@v3                with:                    python-version: 3.9            -   id: dependencies                name: Install dependencies                run: |                    python -m pip install --upgrade pip                    pip install -r requirements.txt            -   id: flake8                name: Lint with flake8                run: |                    pip install flake8                    flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics                    flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics            -   id: main                name: main.py execution                run: |                    cd src                    python main.py 'action'                    cd ../

And the function to generate a YouTube service from the environnement variables created previously by google-github-actions/auth is looking like this:

def create_service_workflow():"""Create a YouTube service."""    try:        scopes = ["https://www.googleapis.com/auth/youtube.force-ssl"]        credentials, _ = google.auth.default(scopes=scopes)        service = googleapiclient.discovery.build('youtube', 'v3', credentials=credentials)        return service    except Exception:        sys.exit()

While there is no update to make on my playlists, everything is working fine. But whenever there is insert/delete requests to perform, the API return this kind of error messages:

<HttpError 403 when requesting https://youtube.googleapis.com/youtube/v3/playlistItems?part=snippet&alt=json returned "Forbidden". Details: "[{'message': 'Forbidden', 'domain': 'youtube.playlistItem', 'reason': 'playlistItemsNotAccessible'}]">

<HttpError 403 when requesting https://youtube.googleapis.com/youtube/v3/playlistItems?id=UExPTVVkUUZkUy1YTUo0TkZISmxTQUxZQXQ0bC1MUGdTMS43MzBFRTZDMUM3OTY2RjQ4 returned "Forbidden". Details: "[{'message': 'Forbidden', 'domain': 'youtube.playlistItem', 'reason': 'playlistItemsNotAccessible', 'location': 'id', 'locationType': 'parameter'}]">

I'm certainly missing something regarding the Workflow Identity Federation or in the way I'm using google.auth but I just can't figure it out at the moment.