Reputation: 3909
GCP - unable to print identity token
I'm trying to get a JWT for my personal account but this command errors out:
$ gcloud auth print-identity-token
ERROR: (gcloud.auth.print-identity-token) `--audiences` can only be specified for service account.
It's complaining that I can't supply the --audiences option, but I didn't provide that. According to their docs, I'm supposed to be able to use this command while signed in to my individual developer account.
Edit: I'm using Google Cloud SDK version 254.0.0
Update: JUST NOW Google released gcloud version 255.0.0 and the command works exactly as advertised with an individual account.
Upvotes: 3
Views: 4122
Answers (1)
Reputation: 81386
The error you are receiving is correct. Trying to modify Google OAuth User Credentials for a "gmail" type of account with claims is not supported. Audience aud is a claim specified when a JWT is created.
If you are using Identity Platform, you can to a limited degree.
You cannot modify User Credentials with claims, but you can specify certain claims when requesting a service account Identity Token.
Execute the following command gcloud auth list. If the active account is an email address and not a service account email address, you will get this error.
Upvotes: 2
Related Questions
- GCP Managed Service Account is not created (for Cloud Asset API)
- GCP REST API authentication missing
- Getting "API Key not found. Please pass a valid API key" from GCP Identity Platform but the Key is absolutely correct
- Cannot autheticate gcloud
- GCP IAM REST API Service account key issue
- GCP service Account Authentication
- Cannot impersonate GCP ServiceAccount even after granting "Service Account Token Creator" role
- Error: (gcloud.auth.print-identity-token) No identity token can be obtained from the current credentials
- GCP - Unable to authenticate myself to invoke Google Cloud function
- Unable to create key file for iam account GCP using gcloud