discover account associated with token provider credentials

Question

discover account associated with token provider credentials

Opened this issue 6 months ago · 1 comments

google-cloud-auth provides a mechanism to get a token (presumably) from the application default credentials. Is there a way to determine the account associated with the token, either a user email address or the service account email address?

Answer 1 · 2024-04-29T07:51:18.000Z

Currently, there is no API to directly retrieve the associated service account from the token.

In GCE, GKE and Cloud, Run the service account corresponding to the IAM role applied to the Node or Pod is used.
This service account can be obtained at.

let service_account_email =  google_cloud_metadata::email(“default”).await?

In the case of using the credentials file, it is held in the DefaultTokenSourceProvider. However, there is no API to obtain these from each component client (storage, pubsub, etc.), so they must be added.