You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Application Default Credential system allows for cred config json files which specify a few types of credential sources. This file, URL, and executable sources for external workload and workforce identity credentials. The go implementation of oauth2 does not currently support executable sources, so cred configs which are valid for gcloud auth application-default print-access-token will produce an error with go applications requesting tokens from the same source.
For example, using the docker helper docker-credential-gcr
docker-credential-gcr/helper: could not retrieve GCR's access token: oauth2/google: unable to generate access token: Post "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/xxxx@xxxx.iam.gserviceaccount.com:generateAccessToken": oauth2/google: unable to parse credential source
The Application Default Credential system allows for cred config json files which specify a few types of credential sources. This file, URL, and executable sources for external workload and workforce identity credentials. The go implementation of oauth2 does not currently support executable sources, so cred configs which are valid for
gcloud auth application-default print-access-token
will produce an error with go applications requesting tokens from the same source.For example, using the docker helper
docker-credential-gcr
https://cloud.google.com/sdk/gcloud/reference/iam/workload-identity-pools/create-cred-config#--executable-command
https://cloud.google.com/iam/docs/workforce-obtaining-short-lived-credentials#oidc-non-int-exec
The text was updated successfully, but these errors were encountered: