Document ID Token lifetimes (#433)

Closes https://github.com/google-github-actions/auth/issues/432
2024-08-06 21:28:34 -04:00 · 2024-08-06 21:28:34 -04:00 · 6384b341b7
commit 6384b341b7
parent f112390a2d
1 changed files with 6 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -191,6 +191,10 @@ Cloud as an output for use in future steps in the workflow. These options only
 apply to ID tokens generated by this action. By default, this action does not
 generate any tokens.

+> [!CAUTION]
+>
+> ID Tokens have a maximum lifetime of 10 minutes. This value cannot be changed.
+
 -   `service_account`: (Required) Email address or unique identifier of the
    Google Cloud service account for which to generate the ID token. For
    example:
@ -333,8 +337,8 @@ In this setup, the Workload Identity Pool has direct IAM permissions on Google
 Cloud resources; there are no intermediate service accounts or keys. This is
 preferred since it directly authenticates GitHub Actions to Google Cloud without
 a proxy resource. However, not all Google Cloud resources support `principalSet`
-identities. Please see the documentation for your Google Cloud service for more
-information.
+identities, and the resulting token has a maximum lifetime of 10 minutes. Please
+see the documentation for your Google Cloud service for more information.

 [![Authenticate to Google Cloud from GitHub Actions with Direct Workload Identity Federation](docs/google-github-actions-auth-direct-workload-identity-federation.svg)](docs/google-github-actions-auth-direct-workload-identity-federation.svg)