-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot refresh credentials to retrieve an ID token #441
Comments
Hi there @GergelyKalmar 👋! Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps. |
This seems like a bug with the python library. Which library are you using and what version is it? |
We're using |
Ok, I'm blocked releasing with the new version by googleapis/google-auth-library-python#1593, so we'll need to wait that out. |
Hmm okay - I'm not a python expert, so I'm not sure how to help debug that. Let's keep an eye on it, and see what the team says. |
Hi @GergelyKalmar - any update? |
No, the blocking issue is still open. Seems like the guys on that library are not very quick at fixing CI/CD issues :). If you can reach out to them internally and nudge them a bit, that might help! |
Okay, I've updated the library, it still throws the same error. I also tried to do |
I suppose the best option then would be to use this action to generate the ID token and then inject it into the environment. I'd have one question regarding this: if I choose |
You'll always get an |
TL;DR
I'm trying to get an ID token to use for authenticating towards Google Cloud Run services in GitHub Actions in Python code, however, for some reason it does not seem to be working.
Expected behavior
Receive the ID token.
Observed behavior
I got the following error:
Action YAML
Log output
Additional information
The following code snippet was triggering the error:
I understand that there is a way to generate an ID token as an output value, however, injecting that value into the Python script seems like a hack as opposed to using the default credential flow. Shouldn't this approach work too?
The text was updated successfully, but these errors were encountered: