Open andrewhamon opened 4 days ago
Somewhat related, on gcloud servers it is not uncommon to be logged in with a personal identity. As far as I know, there is no way to tell oauth2l
if it should prefer the current gcloud session, application_default_credentials.json
, or the instances service account (all of which could be different identities, in theory).
If
~/.config/gcloud/application_default_credentials.json
exists and is invalid, oauth2l will always fail, even if I log in to gcloud usinggcloud auth login
.This is quite annoying, since it is quite common for stale
~/.config/gcloud/application_default_credentials.json
to be hanging around (i.e. if I rangcloud auth login --update-adc
yesterday, but later logged in today without--update-adc
). In my company,application_default_credentials.json
that are fetched in this way expire relatively quickly (24 hours or less).It would be very convenient if
oauth2l
did some or all of the following: