artrayd
commented
3 weeks ago Solved it by adjusting permission "Service Account Token Creator" via command line:
gcloud projects add-iam-policy-binding PROJECT_ID --member=serviceAccount:PROJECT_ID@appspot.gserviceaccount.com --role='roles/iam.serviceAccountTokenCreator
Getting this error: Error: Error returned from server while signing a custom token: Permission 'iam.serviceAccounts.signBlob' denied on resource (or it may not exist).
Assigned the "Service Account Token Creator" permission to all users that may need access to this function.
Enabled the token generation API: https://cloud.google.com/docs/authentication/use-service-account-impersonation#enable-apis
Still not working 🤯