HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_alpha_auth_print-access-token.1
.TH "GCLOUD_ALPHA_AUTH_PRINT\-ACCESS\-TOKEN" 1



.SH "NAME"
.HP
gcloud alpha auth print\-access\-token \- print an access token for the specified account



.SH "SYNOPSIS"
.HP
\f5gcloud alpha auth print\-access\-token\fR [\fIACCOUNT\fR] [\fB\-\-lifetime\fR=\fILIFETIME\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

\fB(ALPHA)\fR Print an access token for the specified account. See RFC6749
(https://tools.ietf.org/html/rfc6749) for more information about access tokens.

Note that token itself may not be enough to access some services. If you use the
token with curl or similar tools, you may see permission errors similar to "API
has not been used in project 32555940559 before or it is disabled.". If it
happens, you may need to provide a quota project in the "X\-Goog\-User\-Project"
header. For example,

.RS 2m
$ curl \-H "X\-Goog\-User\-Project: your\-project" \e
    \-H "Authorization: Bearer $(gcloud auth print\-access\-token)" \e
    foo.googleapis.com
.RE

The identity that granted the token must have the serviceusage.services.use
permission on the provided project. See
https://cloud.google.com/apis/docs/system\-parameters for more information.



.SH "EXAMPLES"

To print access tokens:

.RS 2m
$ gcloud alpha auth print\-access\-token
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
[\fIACCOUNT\fR]

Account to get the access token for. If not specified, the current active
account will be used.


.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-lifetime\fR=\fILIFETIME\fR

Access token lifetime. The default access token lifetime is 3600 seconds, but
you can use this flag to reduce the lifetime or extend it up to 43200 seconds
(12 hours). The org policy constraint
\f5constraints/iam.allowServiceAccountCredentialLifetimeExtension\fR must be set
if you want to extend the lifetime beyond 3600 seconds. Note that this flag is
for service account impersonation only, so it must be used together with the
\f5\-\-impersonate\-service\-account\fR flag.


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation\-only early access
allowlist. These variants are also available:

.RS 2m
$ gcloud auth print\-access\-token
.RE

.RS 2m
$ gcloud beta auth print\-access\-token
.RE
@ Telegram