How to generate Google Cloud identity token

Blog Edit

This post goes over how to generate a Google Cloud ID token (OIDC):

CLI

Assuming you’re logged in to Google Cloud:

gcloud auth login

Print identity token:

gcloud auth print-identity-token

The output should look like:

eyJhbGciOiJSUzI1NiIsImtpZCI6ImQyNzU0MDdjMzllODAzNmFhNzM1ZWIyYzE3YzU0ODc2MWNlZDZhN...

Node.js

Install google-auth-library:

npm install google-auth-library

Create the script:

// token.mjs
import { GoogleAuth } from 'google-auth-library';

const auth = new GoogleAuth();
const client = await auth.getIdTokenClient();
const headers = await client.getRequestHeaders();
console.log(headers);

Run the script:

node token.mjs

The output should look like:

{
  "Authorization": "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImQyNzU0MDdjMzllODAzNmFhN..."
}

To get just ID token from the headers:

console.log(headers.Authorization.split(' ')[1]);

Or simply fetch the token:

const token = await client.idTokenProvider.fetchIdToken(targetAudience);
console.log(token);

Please support this site and join our Discord!