File: //snap/google-cloud-cli/current/help/man/man1/gcloud_beta_auth_print-identity-token.1
.TH "GCLOUD_BETA_AUTH_PRINT\-IDENTITY\-TOKEN" 1
.SH "NAME"
.HP
gcloud beta auth print\-identity\-token \- print an identity token for the specified account
.SH "SYNOPSIS"
.HP
\f5gcloud beta auth print\-identity\-token\fR [\fIACCOUNT\fR] [\fB\-\-audiences\fR=\fIAUDIENCES\fR] [\fB\-\-include\-email\fR] [\fB\-\-include\-license\fR\ \fB\-\-token\-format\fR=\fITOKEN_FORMAT\fR;\ default="standard"] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
\fB(BETA)\fR Print an identity token for the specified account.
.SH "EXAMPLES"
To print identity tokens:
.RS 2m
$ gcloud beta auth print\-identity\-token
.RE
To print identity token for account 'foo@example.com' whose audience is
\'https://service\-hash\-uc.a.run.app', run:
.RS 2m
$ gcloud beta auth print\-identity\-token foo@example.com \e
\-\-audiences="https://service\-hash\-uc.a.run.app"
.RE
To print identity token for an impersonated service account
\'my\-account@example.iam.gserviceaccount.com' whose audience is
\'https://service\-hash\-uc.a.run.app', run:
.RS 2m
$ gcloud beta auth print\-identity\-token \e
\-\-impersonate\-service\-account="my\-account@example.iam.gserviceac\e
count.com" \-\-audiences="https://service\-hash\-uc.a.run.app"
.RE
To print identity token of a Compute Engine instance, which includes project and
instance details as well as license codes for images associated with the
instance, run:
.RS 2m
$ gcloud beta auth print\-identity\-token \-\-token\-format=full \e
\-\-include\-license
.RE
To print identity token for an impersonated service account
\'my\-account@example.iam.gserviceaccount.com', which includes the email address
of the service account, run:
.RS 2m
$ gcloud beta auth print\-identity\-token \e
\-\-impersonate\-service\-account="my\-account@example.iam.gserviceac\e
count.com" \-\-include\-email
.RE
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
[\fIACCOUNT\fR]
Account to print the identity token for. If not specified, the current active
account will be used.
.RE
.sp
.SH "FLAGS"
.RS 2m
.TP 2m
\fB\-\-audiences\fR=\fIAUDIENCES\fR
Intended recipient of the token. Currently, only one audience can be specified.
.TP 2m
\fB\-\-include\-email\fR
Specify whether or not service account email is included in the identity token.
If specified, the token will contain 'email' and 'email_verified' claims. This
flag should only be used for impersonate service account.
.TP 2m
Parameters for Google Compute Engine instance identity tokens.
.RS 2m
.TP 2m
\fB\-\-include\-license\fR
Specify whether or not license codes for images associated with this instance
are included in the identity token payload. Default is False. This flag does not
have effect unless \f5\-\-token\-format=full\fR.
.TP 2m
\fB\-\-token\-format\fR=\fITOKEN_FORMAT\fR; default="standard"
Specify whether or not the project and instance details are included in the
identity token payload. This flag only applies to Google Compute Engine instance
identity tokens. See
https://cloud.google.com/compute/docs/instances/verifying\-instance\-identity#token_format
for more details on token format. \fITOKEN_FORMAT\fR must be one of:
\fBstandard\fR, \fBfull\fR.
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "NOTES"
This command is currently in beta and might change without notice. These
variants are also available:
.RS 2m
$ gcloud auth print\-identity\-token
.RE
.RS 2m
$ gcloud alpha auth print\-identity\-token
.RE