KeyError when generating IDTokenCredentials with bad permissions

[charlielito]

When trying to generate a IDTokenCredentials token, if for some reason there is some sort of permissions error, the library crashes with a KeyError instead of providing useful info to fix the error.

Environment details

• OS: Ubuntu 22.04
• Python version: 3.10.6
• pip version: 23.0
• google-auth version: 2.16.0

Steps to reproduce

import google.auth
import google.auth.transport.requests
import google.oauth2.id_token
from google.auth import impersonated_credentials

target_principal = "[email protected]"
target_audience = "https://some_url.appspot.com"

credentials, project = google.auth.default()

target_credentials = impersonated_credentials.Credentials(
    source_credentials=credentials,
    target_principal=target_principal,
    target_scopes=["https://www.googleapis.com/auth/cloud-platform"],
    lifetime=120,
)

credentials = impersonated_credentials.IDTokenCredentials(
    target_credentials, target_audience=target_audience
)
request = google.auth.transport.requests.Request()
credentials.refresh(request)
print(credentials.token)

And the traceback is

Traceback (most recent call last):
  File "/workspace/test.py", line 23, in <module>
    credentials.refresh(request)
  File "/usr/local/lib/python3.10/dist-packages/google/auth/impersonated_credentials.py", line 445, in refresh
    id_token = response.json()["token"]
KeyError: 'token'