1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-10 11:21:48 +00:00
gcloud-help/gcloud/beta/auth/application-default/print-access-token
2022-03-01 04:29:52 +00:00

69 lines
3 KiB
Text

NAME
gcloud beta auth application-default print-access-token - print an access
token for your current Application Default Credentials
SYNOPSIS
gcloud beta auth application-default print-access-token
[--scopes=SCOPE,[SCOPE,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) gcloud beta auth application-default print-access-token generates
and prints an access token for the current Application Default Credential
(ADC). The ADC (https://google.aip.dev/auth/4110) can be specified either
by using gcloud auth application-default login, gcloud auth login
--cred-file=/path/to/cred/file --update-adc, or by setting the
GOOGLE_APPLICATION_CREDENTIALS environment variable.
The access token generated by gcloud beta auth application-default
print-access-token is useful for manually testing APIs via curl or similar
tools.
In order to print details of the access token, such as the associated
account and the token's expiration time in seconds, run:
$ curl -H "Content-Type: application/x-www-form-urlencoded" \
-d "access_token=$(gcloud auth application-default print-access-token)" \
https://www.googleapis.com/oauth2/v1/tokeninfo
Note that token itself may not be enough to access some services. If you
use the token with curl or similar tools, you may see permission errors
similar to "Your application has authenticated using end user credentials
from the Google Cloud SDK or Google Cloud Shell". If it happens, you may
need to provide a quota project in the "X-Goog-User-Project" header. For
example,
$ curl -H "X-Goog-User-Project: your-project" \
-H \
"Authorization: Bearer $(gcloud auth application-default \
print-access-token)" foo.googleapis.com
The identity that granted the token must have the serviceusage.services.use
permission on the provided project. See
https://cloud.google.com/apis/docs/system-parameters for more information.
FLAGS
--scopes=SCOPE,[SCOPE,...]
The scopes to authorize for. By default
[https://www.googleapis.com/auth/cloud-platform] scopes are used. The
list of possible scopes can be found at:
https://developers.google.com/identity/protocols/googlescopes.
This flag is not for end-user accounts. The scopes of end-user
credentials cannot change after authorization. To request a different
set of scopes for end-user accounts, rerun gcloud auth
application-default login --scopes.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
This command is currently in beta and might change without notice. This
variant is also available:
$ gcloud auth application-default print-access-token