액세스 토큰을 사용하여 짧은 시간 동안Google Cloud API에 인증할 수 있습니다. 액세스 토큰이 필요하지 않으면 서비스 계정을 사용해서 Knative serving 서비스를 인증해야 합니다.
액세스 토큰 가져오기
코드가 Knative serving에서 실행되면 Compute 메타데이터 서버를 사용하여 액세스 토큰을 가져올 수 있으며 로컬 컴퓨터에서 직접 메타데이터 서버를 쿼리할 수 없습니다.
액세스 토큰
기본적으로 액세스 토큰에는 cloud-platform 범위가 있으며, ID 및 액세스 관리에서도 액세스를 허용한다면 모든 Google Cloud API에 액세스할 수 있습니다. 다른 Google 또는 Google Cloud API에 액세스하려면 해당 범위의 액세스 토큰을 가져와야 합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-01(UTC)"],[],[],null,["# Using OAuth2 access tokens\n\nYou can use access tokens to authenticate for a short period of time with\nGoogle Cloud APIs. If access tokens are not required, you should use a\n[service account](/kubernetes-engine/enterprise/knative-serving//docs/securing/service-accounts) to authenticate\nyour Knative serving services.\n\nFetching access tokens\n----------------------\n\nWhen your code runs on Knative serving it can use the\n[Compute Metadata Server](/compute/docs/storing-retrieving-metadata)\nto fetch access tokens. You cannot query the metadata server directly from your\nlocal computer.\n\n### Access tokens\n\nBy default, access tokens have the `cloud-platform` scope, which allows access\nto all Google Cloud APIs, assuming Identity and Access Management also allows access. In order to\naccess other Google or Google Cloud APIs, you will need to fetch an access\ntoken with the appropriate scope.\n\nYou can use the Compute Metadata Server to\n[fetch access tokens](/compute/docs/access/create-enable-service-accounts-for-instances#applications).\n\nIf you need an access token with a specific scope, you can generate one as\nfollows: \n\n```bash\ncurl \"http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token?scopes=\u003cvar translate=\"no\"\u003e[SCOPES]\u003c/var\u003e\" \\\n -H \"Metadata-Flavor: Google\"\n```\n\nWhere \u003cvar translate=\"no\"\u003eSCOPES\u003c/var\u003e is a comma separated list of OAuth scopes\nrequested, for example: `https://www.googleapis.com/auth/drive,https://www.googleapis.com/auth/spreadsheets`.\n\nConsult the full list of [Google OAuth scopes](https://developers.google.com/identity/protocols/googlescopes)\nto find which scopes you need.\n| **Note:** the `?scopes=` query parameter is only available on App Engine, Cloud Run functions, Cloud Run, and Knative serving.\n\nNext steps\n----------\n\nLearn how to [manage access](/kubernetes-engine/enterprise/knative-serving/docs/securing/managing-access) to your\nservices."]]