File: //snap/google-cloud-cli/394/help/man/man1/gcloud_alpha_auth_print-identity-token.1
.TH "GCLOUD_ALPHA_AUTH_PRINT\-IDENTITY\-TOKEN" 1
.SH "NAME"
.HP
gcloud alpha auth print\-identity\-token \- print an identity token for the specified account
.SH "SYNOPSIS"
.HP
\f5gcloud alpha auth print\-identity\-token\fR [\fIACCOUNT\fR] [\fB\-\-audiences\fR=\fIAUDIENCES\fR] [\fB\-\-include\-email\fR] [\fB\-\-include\-license\fR\ \fB\-\-token\-format\fR=\fITOKEN_FORMAT\fR;\ default="standard"] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(ALPHA)\fR Print an identity token for the specified account.
.SH "EXAMPLES"
To print identity tokens:
.RS 2m
$ gcloud alpha auth print\-identity\-token
.RE
To print identity token for account 'foo@example.com' whose audience is
\'https://service\-hash\-uc.a.run.app', run:
.RS 2m
$ gcloud alpha auth print\-identity\-token foo@example.com \e
\-\-audiences="https://service\-hash\-uc.a.run.app"
.RE
To print identity token for an impersonated service account
\'my\-account@example.iam.gserviceaccount.com' whose audience is
\'https://service\-hash\-uc.a.run.app', run:
.RS 2m
$ gcloud alpha auth print\-identity\-token \e
\-\-impersonate\-service\-account="my\-account@example.iam.gserviceac\e
count.com" \-\-audiences="https://service\-hash\-uc.a.run.app"
.RE
To print identity token of a Compute Engine instance, which includes project and
instance details as well as license codes for images associated with the
instance, run:
.RS 2m
$ gcloud alpha auth print\-identity\-token \-\-token\-format=full \e
\-\-include\-license
.RE
To print identity token for an impersonated service account
\'my\-account@example.iam.gserviceaccount.com', which includes the email address
of the service account, run:
.RS 2m
$ gcloud alpha auth print\-identity\-token \e
\-\-impersonate\-service\-account="my\-account@example.iam.gserviceac\e
count.com" \-\-include\-email
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
[\fIACCOUNT\fR]
Account to print the identity token for. If not specified, the current active
account will be used.
.RE
.sp
.SH "FLAGS"
.RS 2m
.TP 2m
\fB\-\-audiences\fR=\fIAUDIENCES\fR
Intended recipient of the token. Currently, only one audience can be specified.
.TP 2m
\fB\-\-include\-email\fR
Specify whether or not service account email is included in the identity token.
If specified, the token will contain 'email' and 'email_verified' claims. This
flag should only be used for impersonate service account.
.TP 2m
Parameters for Google Compute Engine instance identity tokens.
.RS 2m
.TP 2m
\fB\-\-include\-license\fR
Specify whether or not license codes for images associated with this instance
are included in the identity token payload. Default is False. This flag does not
have effect unless \f5\-\-token\-format=full\fR.
.TP 2m
\fB\-\-token\-format\fR=\fITOKEN_FORMAT\fR; default="standard"
Specify whether or not the project and instance details are included in the
identity token payload. This flag only applies to Google Compute Engine instance
identity tokens. See
https://cloud.google.com/compute/docs/instances/verifying\-instance\-identity#token_format
for more details on token format. \fITOKEN_FORMAT\fR must be one of:
\fBstandard\fR, \fBfull\fR.
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:
.RS 2m
$ gcloud auth print\-identity\-token
.RE
.RS 2m
$ gcloud beta auth print\-identity\-token
.RE