Skip to content

docs: add AWS Workload Identity Federation known issue #1218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
talhasajid849 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add AWS Workload Identity Federation known issue #1218

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,23 @@ The Google Gen AI SDK is designed to work with Gemini 2.0+ features.
> **API Key Security:** Avoid exposing API keys in client-side code.
> Use server-side implementations in production environments.

## AWS Workload Identity Federation (Known Issue)

When using AWS → GCP Workload Identity Federation (WIF) with the JavaScript SDK
(`@google/genai`), authentication may fail when `google-auth-library` v10.x is used.

**Symptoms**
- `invalid_grant`
- `InvalidClientTokenId`
- Token exchange failure from AWS STS to GCP

**Workarounds**
- Use `@google/genai <= 1.25.0` (uses google-auth-library v9.x), or
- Use the Python SDK, which is not affected

Tracking issue: https://github.com/googleapis/js-genai/issues/1216


## Code Generation

Generative models are often unaware of recent API and SDK updates and may suggest outdated or legacy code.
Expand Down