Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I get the current gcloud configuration user/service account's id token in python

Tags:

python

google-cloud-platform

google-cloud-functions

I'm using gcloud configurations to handle my CLI access. (switching between them with gcloud config configurations activate <env_name>). I'm NOT using GOOGLE_APPLICATION_CREDENTIALS env var at all as I want to be able to switch between configurations/projects/accounts.

It works well with resources like google.cloud.firestore.Client() which takes the current configuration .

I'm trying to have authenticated calls between my (python) cloud functions. When I try to get the token using -

auth_req = google.auth.transport.requests.Request()
id_token = google.oauth2.id_token.fetch_id_token(auth_req, audience)

I'm getting google.auth.exceptions.DefaultCredentialsError: Neither metadata server or valid service account credentials are found. I'll note that in a real cloud function fetch_id_token works.

I am able to get the token using cli command gcloud auth print-identity-token, but I want to get it using the python google auth library so it will work on both my local machine (using functions-framework) and in a real cloud function.

Is it possible? am I approaching all of this in a wrong way?

btw I'm using a Linux machine.

like image 645
David Avikasis Avatar asked Oct 29 '25 22:10

David Avikasis

1 Answers

I have been struggling with the same issue. For some reason, there is almost no documentation on how to do this, but i managed to find a working way based on the following question How to get a GCP Bearer token programmatically with python that asks for access token. I found that id tokens can be fetched in the same way.

Using the following snippet:

import google.auth
from google.auth.transport.requests import Request as GoogleAuthRequest
auth_req = GoogleAuthRequest()

creds, _ = google.auth.default()
creds.refresh(auth_req)

id_token = creds.id_token

You will be able to fetch the id_token from local default credentials, following the order established in the documentation https://google-auth.readthedocs.io/en/master/reference/google.auth.html

This also works with the metadata server if running on a cloud environment

like image 76
diegobatt Avatar answered Oct 31 '25 12:10

diegobatt

Sign in to Comment

Related questions

When I read in a Pandas Series from CSV it is turning it into a DataFrame?
data manipulation example from wide to long in python
why using PyQt5 on mac can not add a icon?
How do I setup Signals and Slots in PyQt with QThreads in both directions?
How to do debugging prints in Python?
pyodbc connection string sql server authentication
How can I create a websocket JSObject in brython?
finding the index of the first row matching a condition in pandas
If dataframe.tail(1) is X, do something
python: list element in CSV file
using str.replace() to remove nth character from a string in a pandas dataframe
Unexpected value passed to LangChain Tool argument
How to get all Styling parameter configurable by `ttk.Style().configure()` for a widget from Themed Tkinter?
Is it possible in polars to give the full schema of a LazyFrame/DataFrame in a function argument, and get type errors?
Why does Python recognise this UTF-8 character as two characters rather than one
Can I pass unpacking object as parameter in Javascript or JSX?
open url from pythonanywhere
How can I preserve DataFrame index names when using to_json in pandas?
Parsing a nuke script with simpleparse EBNF
NLP - negative sampling - how to draw negative samples from noise distribution?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!