fSrSSKJr SSKJr SSKJr SSKJr SSKJr SSK Jr SSK J r SSK Jr SS K Jr SSK Jr SS KJr SS KJr SS KJr SS KJr SSKJr SSKJr \"\R:5\ R</-r"SS\ 5r!\RD"SS\RF55r$g)z$A command that prints access tokens.)absolute_import)division)unicode_literals) credentials) exceptions)util) arg_parsers)base)config)log) properties)creds)store)clientc\rSrSrSrSrSrg)FakeCredentials)aAn access token container. oauth2client and google-auth are both supported by gcloud as the auth library. credentials in oauth2client store the access token in the "access_token" filed. google-auth stores it in the "token" filed. We use this fake credentials class to unify them. cXlg)Ntoken)selfrs &lib/surface/auth/print_access_token.py__init__FakeCredentials.__init__2sJrN)__name__ __module__ __qualname____firstlineno____doc__r__static_attributes__rrrr)s rrc\rSrSrSrSSS.r\S5r\R"\ R\ R\R5S5rSrg ) AccessToken6z0Print an access token for the specified account.at {description} See [RFC6749](https://tools.ietf.org/html/rfc6749) for more information about access tokens. Note that token itself may not be enough to access some services. If you use the token with curl or similar tools, you may see permission errors similar to "API has not been used in project 32555940559 before or it is disabled.". If it happens, you may need to provide a quota project in the "X-Goog-User-Project" header. For example, $ curl -H "X-Goog-User-Project: your-project" -H "Authorization: Bearer $(gcloud auth print-access-token)" foo.googleapis.com The identity that granted the token must have the serviceusage.services.use permission on the provided project. See https://cloud.google.com/apis/docs/system-parameters for more information. z? To print access tokens: $ {command} ) DESCRIPTIONEXAMPLESc URSSSS9 URS[R"SS9SS 9 URS S [R"S S 9SSR [ 5S9 UR RS5 g)Naccount?z_Account to get the access token for. If not specified, the current active account will be used.)nargshelp --lifetime43200s) upper_boundaAccess token lifetime. The default access token lifetime is 3600 seconds, but you can use this flag to reduce the lifetime or extend it up to 43200 seconds (12 hours). The org policy constraint `constraints/iam.allowServiceAccountCredentialLifetimeExtension` must be set if you want to extend the lifetime beyond 3600 seconds. Note that this flag is for service account impersonation only, so it must be used together with the `--impersonate-service-account` flag.)typer,--scopesT) min_lengthSCOPEaThe scopes to authorize for. This flag is supported for user accounts and service accounts only. The list of possible scopes can be found at: https://developers.google.com/identity/protocols/googlescopes. For end-user accounts the provided scopes must from [{0}])hiddenr0metavarr,z value(token)) add_argumentr DurationArgListformat_TRUSTED_SCOPES display_info AddFormat)parsers rArgsAccessToken.ArgsUs  7    ! !h 7 4    A . EFLVF !!.1rc[RRRR 5(a0[R "5(a[ R"S5 UR(a(UR(d[R"SS5eUR(aSOSn[R"URSSUS9nSnUR(GaZSn[ R"R%U5nU[ R"R&[ R"R(4;a/[ R"SR+UR,55 UR[.R0[.R2/-n[5U[6R85(aUR;U5nOt[=UR5n[=[>5nURAU5(d4[R"SS R+[BRD55eXcl#[ RH"U5(a$UR(aSnURUl%U(a[RL"U5 [ RN"U5(a URPn O URRn U (d[TRV"S 5e[YU 5$) zRun the helper command.a)Warning: This access token is for the gcloud CLI tool itself and is bound to its specific client ID, which requires mTLS. This means it can only be used with mTLS-enabled API endpoints. If you need a token for your own application code or scripts, you should use Application Default Credentials (ADC). Obtain an ADC token by running: 1. gcloud auth application-default login (if you haven't already) 2. gcloud auth application-default print-access-token ADC tokens are intended for local development and does not have the same mTLS restrictions.r-z~Lifetime flag is for service account impersonation only. It must be used together with the --impersonate-service-account flag.TF)allow_account_impersonationuse_google_authcache_only_raptzQ`--scopes` flag may not work as expected and will be ignored for account type {}.r1z@Invalid scopes value. Please make sure the scopes are from [{0}]z?No access token could be obtained from the current credentials.)-r VALUES context_awareuse_client_certificateGetBoolIsInternalUserCheckr warninglifetimeimpersonate_service_accountc_excInvalidArgumentExceptionscopesc_storeLoadr)c_credsCredentialTypeGoogleAuthFromCredentials USER_ACCOUNTSERVICE_ACCOUNTr:key auth_utilOPENIDUSER_EMAIL_SCOPE isinstancerScoped with_scopessetr;issubsetr CLOUDSDK_SCOPES_scopes IsImpersonatedAccountCredentials _lifetimeRefreshIsOauth2ClientCredentials access_tokenrauth_exceptionsInvalidCredentialsErrorr) rargsrDcredshould_refresh_again cred_typerOrequested_scopestrusted_scopesrs rRunAccessToken.Runs: ''>>FFHH  * * , , kk ;  }}T==  * *  G #kkduO << $('  D! {{{!22BB4Hi   * * 7 7  * * : :   ##)6)--#8 {{i.. 0J0JKKf D+,, - -'t{{+_-((88..Pvf,,-   //55$--!}}dn ood((..ejje   3 3 K  5 !!rr"N)rrrrr detailed_help staticmethodr?rMRaiseErrorInsteadOfrgAuthenticationErrorrErrorgoogle_auth_exceptionsGoogleAuthErrorror!r"rrr$r$6se8 & )-6'2'2R )) ll,, W"  W"rr$N)%r __future__rrr google.authrrrvgooglecloudsdk.api_lib.authrgrrXgooglecloudsdk.callioper r rMgooglecloudsdk.corer r r googlecloudsdk.core.credentialsrrRrrP oauth2clientrlistr`GOOGLE_DRIVE_SCOPEr;objectrUniverseCompatibleCommandr$r"rrrs +&'#<E9/(7&#*<<v--.)2N2N1OO f d"$,,d"d"r