As an alternative, you can use the - wildcard character instead of the project ID:
projects/-/serviceAccounts/{EMAIL_ADDRESS}
projects/-/serviceAccounts/{UNIQUE_ID}
When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account projects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not
Found error.
Authorization requires the following IAM permission on the specified resource name:
iam.serviceAccounts.signJwt
Request body
The request body contains data with the following structure:
The JWT payload to sign. Must be a serialized JSON object that contains a JWT Claims Set. For example: {"sub": "user@example.com", "iat": 313435}
If the JWT Claims Set contains an expiration time (exp) claim, it must be an integer timestamp that is not in the past and no more than 12 hours in the future.
If the JWT Claims Set does not contain an expiration time (exp) claim, this claim is added automatically, with a timestamp that is 1 hour in the future.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["This document outlines the `signJwt` method, which is now deprecated and should be replaced with the `signJwt` method in the IAM Service Account Credentials API."],["The `signJwt` method allows you to sign a JSON Web Token (JWT) using the system-managed private key of a service account, and requires the service account's resource name in the `name` parameter of the HTTP request."],["The request body for signing a JWT must contain a `payload` field, which is a serialized JSON object containing a JWT Claims Set and authorization requires the `iam.serviceAccounts.signJwt` permission on the resource `name`."],["The response body provides a signed JWT (`signedJwt`) and the key ID (`keyId`) used to sign it, however both are deprecated."],["Using this method requires one of the specified OAuth scopes, either `https://www.googleapis.com/auth/iam` or `https://www.googleapis.com/auth/cloud-platform`."]]],[]]
