Google Cloud Bearer Token Expiry

Question

For uploading files to google cloud buckets, i'm using JSON API. for that i crated a Bearer Token by using following commands

$> gcloud auth activate-service-account myaccount@gserviceaccounts.co --key-file=creds.json 
$> gcloud auth print-access-token

Now I get a token. I want to know that, it's a lifetime token or it has some expiry date.

Answer 1

You can use the --lifetime option on the gcloud auth print-access-token to set the expiration lifetime explicitly. It may be useful for example to make this shorter lived, if you're only making one call.

Access token lifetime. The default access token lifetime is 3600 seconds, but you can use this flag to reduce the lifetime or extend it up to 43200 seconds (12 hours).

Answer 2

As you were answered by other users, that token has 60 minutes until it expires.

Anyway, if what you want is a way to authorize access and give it some specific lifetime Bearer, please, check this documentation:

Using OAuth 2.0 for Server to Server Applications.

As you may see, there is a field called "iat"and "exp", iat field specifies the current Unix time, and exp field specifies the time exactly when the JWT will expire.

You might want to check this documentation too:

Authentication Overview

Setting up OAuth 2.0

Answer 3

There is an undocumented gcloud command (output format might change)

gcloud auth describe myaccount@gserviceaccounts.com

Which will output expiration time, something like

... token_expiry: '2018-05-18T12:48:44Z' ...

For user accounts there is also refresh_token which has very long lifetime. It is used to get temporary access_tokens. (After doing gcloud auth login) You can get value of it via

gcloud auth print-refresh-token

To access this things programmatically see Google Auth Library.

Answer 4

It is a short lived token that is valid for 60 minutes.