public sealed class ImpersonatedCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, IGoogleCredential, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSignerAllows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.
Implements
IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSignerNamespace
Google.Apis.Auth.OAuth2Assembly
Google.Apis.Auth.dll
Properties
DelegateAccounts
public IEnumerable<string> DelegateAccounts { get; }Gets the chained list of delegate service accounts. May be empty.
| Property Value | |
|---|---|
| Type | Description |
IEnumerable<String> | |
Lifetime
public TimeSpan Lifetime { get; }Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.
| Property Value | |
|---|---|
| Type | Description |
TimeSpan | |
Scopes
public IEnumerable<string> Scopes { get; }Gets the scopes to request during the authorization grant. May be empty.
| Property Value | |
|---|---|
| Type | Description |
IEnumerable<String> | |
SourceCredential
public GoogleCredential SourceCredential { get; }Gets the source credential used to acquire the impersonated credentials.
| Property Value | |
|---|---|
| Type | Description |
GoogleCredential | |
TargetPrincipal
public string TargetPrincipal { get; }Gets the service account to impersonate.
| Property Value | |
|---|---|
| Type | Description |
String | |
Methods
GetOidcTokenAsync(OidcTokenOptions, CancellationToken)
public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default(CancellationToken))Returns an OIDC token for the given options.
| Parameters | |
|---|---|
| Name | Description |
options | OidcTokenOptionsThe options to create the token from. |
cancellationToken | CancellationTokenThe cancellation token that may be used to cancel the request. |
| Returns | |
|---|---|
| Type | Description |
Task<OidcToken> | The OIDC token. |
RequestAccessTokenAsync(CancellationToken)
public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)Requests a new token.
| Parameter | |
|---|---|
| Name | Description |
taskCancellationToken | CancellationTokenCancellation token to cancel operation. |
| Returns | |
|---|---|
| Type | Description |
Task<Boolean> |
|
SignBlobAsync(Byte[], CancellationToken)
public Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default(CancellationToken))Signs the provided blob using the private key associated with the impersonated service account.
| Parameters | |
|---|---|
| Name | Description |
blob | Byte[]The blob to sign. |
cancellationToken | CancellationTokenCancellation token to cancel operation. |
| Returns | |
|---|---|
| Type | Description |
Task<String> | The base64 encoded signature. |
| Exceptions | |
|---|---|
| Type | Description |
HttpRequestException | When signing request fails. |