gcloud auth print-identity-token

NAME
gcloud auth print-identity-token - print an identity token for the specified account
SYNOPSIS
gcloud auth print-identity-token [ACCOUNT] [--audiences=AUDIENCES] [--include-email] [--include-license --token-format=TOKEN_FORMAT; default="standard"] [GCLOUD_WIDE_FLAG]
DESCRIPTION
Print an identity token for the specified account.
EXAMPLES
To print identity tokens:
gcloud auth print-identity-token

To print identity token for account '[email protected]' whose audience is 'https://service-hash-uc.a.run.app', run:

gcloud auth print-identity-token [email protected] --audiences="https://service-hash-uc.a.run.app"

To print identity token for an impersonated service account '[email protected]' whose audience is 'https://service-hash-uc.a.run.app', run:

gcloud auth print-identity-token --impersonate-service-account="[email protected]" --audiences="https://service-hash-uc.a.run.app"

To print identity token of a Compute Engine instance, which includes project and instance details as well as license codes for images associated with the instance, run:

gcloud auth print-identity-token --token-format=full --include-license

To print identity token for an impersonated service account '[email protected]', which includes the email address of the service account, run:

gcloud auth print-identity-token --impersonate-service-account="[email protected]" --include-email
POSITIONAL ARGUMENTS
[ACCOUNT]
Account to print the identity token for. If not specified, the current active account will be used.
FLAGS
--audiences=AUDIENCES
Intended recipient of the token. Currently, only one audience can be specified.
--include-email
Specify whether or not service account email is included in the identity token. If specified, the token will contain 'email' and 'email_verified' claims. This flag should only be used for impersonate service account.
Parameters for Google Compute Engine instance identity tokens.
--include-license
Specify whether or not license codes for images associated with this instance are included in the identity token payload. Default is False. This flag does not have effect unless --token-format=full.
--token-format=TOKEN_FORMAT; default="standard"
Specify whether or not the project and instance details are included in the identity token payload. This flag only applies to Google Compute Engine instance identity tokens. See https://cloud.google.com/compute/docs/instances/verifying-instance-identity#token_format for more details on token format. TOKEN_FORMAT must be one of: standard, full.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
These variants are also available:
gcloud alpha auth print-identity-token
gcloud beta auth print-identity-token