mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 18:45:13 +00:00
71 lines
3.1 KiB
Text
71 lines
3.1 KiB
Text
NAME
|
|
gcloud auth application-default print-access-token - print an access token
|
|
for your current Application Default Credentials
|
|
|
|
SYNOPSIS
|
|
gcloud auth application-default print-access-token
|
|
[--scopes=SCOPE,[SCOPE,...]] [GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
gcloud auth application-default print-access-token generates and prints an
|
|
access token for the current Application Default Credential (ADC). The ADC
|
|
(https://google.aip.dev/auth/4110) can be specified either by using gcloud
|
|
auth application-default login, gcloud auth login
|
|
--cred-file=/path/to/cred/file --update-adc, or by setting the
|
|
GOOGLE_APPLICATION_CREDENTIALS environment variable.
|
|
|
|
The access token generated by gcloud auth application-default
|
|
print-access-token is useful for manually testing APIs via curl or similar
|
|
tools.
|
|
|
|
In order to print details of the access token, such as the associated
|
|
account and the token's expiration time in seconds, run:
|
|
|
|
$ curl -H "Content-Type: application/x-www-form-urlencoded" \
|
|
-d "access_token=$(gcloud auth application-default print-access-token)" \
|
|
https://www.googleapis.com/oauth2/v1/tokeninfo
|
|
|
|
Note that token itself may not be enough to access some services. If you
|
|
use the token with curl or similar tools, you may see permission errors
|
|
similar to "Your application has authenticated using end user credentials
|
|
from the Google Cloud SDK or Google Cloud Shell". If it happens, you may
|
|
need to provide a quota project in the "X-Goog-User-Project" header. For
|
|
example,
|
|
|
|
$ curl -H "X-Goog-User-Project: your-project" \
|
|
-H \
|
|
"Authorization: Bearer $(gcloud auth application-default \
|
|
print-access-token)" foo.googleapis.com
|
|
|
|
The identity that granted the token must have the serviceusage.services.use
|
|
permission on the provided project. See
|
|
https://cloud.google.com/apis/docs/system-parameters for more information.
|
|
|
|
FLAGS
|
|
--scopes=SCOPE,[SCOPE,...]
|
|
The scopes to authorize for. This flag is supported for user accounts
|
|
and service accounts only. The list of possible scopes can be found at:
|
|
https://developers.google.com/identity/protocols/googlescopes.
|
|
|
|
For end-user accounts, the provided scopes must be from [openid,
|
|
https://www.googleapis.com/auth/userinfo.email,
|
|
https://www.googleapis.com/auth/cloud-platform,
|
|
https://www.googleapis.com/auth/sqlservice.login], or the scopes
|
|
previously specified through gcloud auth application-default login
|
|
--scopes.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
These variants are also available:
|
|
|
|
$ gcloud alpha auth application-default print-access-token
|
|
|
|
$ gcloud beta auth application-default print-access-token
|
|
|