I'm trying to get a JWT for my personal account but this command errors out:
$ gcloud auth print-identity-token
ERROR: (gcloud.auth.print-identity-token) `--audiences` can only be specified for service account.
It's complaining that I can't supply the --audiences option, but I didn't provide that. According to their docs, I'm supposed to be able to use this command while signed in to my individual developer account.
Edit: I'm using Google Cloud SDK version 254.0.0
Update: JUST NOW Google released gcloud version 255.0.0 and the command works exactly as advertised with an individual account.
The error you are receiving is correct. Trying to modify Google OAuth User Credentials for a "gmail" type of account with claims is not supported. Audience aud is a claim specified when a JWT is created.
If you are using Identity Platform, you can to a limited degree.
You cannot modify User Credentials with claims, but you can specify certain claims when requesting a service account Identity Token.
Execute the following command gcloud auth list. If the active account is an email address and not a service account email address, you will get this error.