コードを Knative serving で実行する場合は、Compute Metadata Server を使用してアクセス トークンを取得できます。ローカルのパソコンから直接メタデータ サーバーにクエリを送信することはできません。
アクセス トークン
デフォルトでは、アクセス トークンに cloud-platform スコープが設定されています。Identity and Access Management でアクセスが許可されていれば、すべての Google Cloud APIs にアクセスできます。他の Google または Google Cloud APIs にアクセスするには、適切なスコープのアクセス トークンを取得する必要があります。
[[["わかりやすい","easyToUnderstand","thumb-up"],["問題の解決に役立った","solvedMyProblem","thumb-up"],["その他","otherUp","thumb-up"]],[["わかりにくい","hardToUnderstand","thumb-down"],["情報またはサンプルコードが不正確","incorrectInformationOrSampleCode","thumb-down"],["必要な情報 / サンプルがない","missingTheInformationSamplesINeed","thumb-down"],["翻訳に関する問題","translationIssue","thumb-down"],["その他","otherDown","thumb-down"]],["最終更新日 2025-09-01 UTC。"],[],[],null,["# Using OAuth2 access tokens\n\nYou can use access tokens to authenticate for a short period of time with\nGoogle Cloud APIs. If access tokens are not required, you should use a\n[service account](/kubernetes-engine/enterprise/knative-serving//docs/securing/service-accounts) to authenticate\nyour Knative serving services.\n\nFetching access tokens\n----------------------\n\nWhen your code runs on Knative serving it can use the\n[Compute Metadata Server](/compute/docs/storing-retrieving-metadata)\nto fetch access tokens. You cannot query the metadata server directly from your\nlocal computer.\n\n### Access tokens\n\nBy default, access tokens have the `cloud-platform` scope, which allows access\nto all Google Cloud APIs, assuming Identity and Access Management also allows access. In order to\naccess other Google or Google Cloud APIs, you will need to fetch an access\ntoken with the appropriate scope.\n\nYou can use the Compute Metadata Server to\n[fetch access tokens](/compute/docs/access/create-enable-service-accounts-for-instances#applications).\n\nIf you need an access token with a specific scope, you can generate one as\nfollows: \n\n```bash\ncurl \"http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token?scopes=\u003cvar translate=\"no\"\u003e[SCOPES]\u003c/var\u003e\" \\\n -H \"Metadata-Flavor: Google\"\n```\n\nWhere \u003cvar translate=\"no\"\u003eSCOPES\u003c/var\u003e is a comma separated list of OAuth scopes\nrequested, for example: `https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/spreadsheets`.\n\nConsult the full list of [Google OAuth scopes](https://developers.google.com/identity/protocols/googlescopes)\nto find which scopes you need.\n| **Note:** the `?scopes=` query parameter is only available on App Engine, Cloud Run functions, Cloud Run, and Knative serving.\n\nNext steps\n----------\n\nLearn how to [manage access](/kubernetes-engine/enterprise/knative-serving/docs/securing/managing-access) to your\nservices."]]