Some of the GCP products when retrieving the JWT token from the GCE
Metadata Server come with the email claim, but some have recently
started not returning that claim as part of the JWT payload. Adding the
format=full query parameter to the GCE Metdata Server API seems to
return the email claim for these cases, along with other GCE Metadata
which for the time being we do not need and thus, we discard.
Summary
Some of the GCP products when retrieving the JWT token from the GCE Metadata Server come with the
email
claim, but some have recently started not returning that claim as part of the JWT payload. Adding theformat=full
query parameter to the GCE Metdata Server API seems to return theemail
claim for these cases, along with other GCE Metadata which for the time being we do not need and thus, we discard.See these docs for more information.