public sealed class ImpersonatedCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner
Allows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.
Implements
IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSignerNamespace
Google.Apis.Auth.OAuth2Assembly
Google.Apis.Auth.dll
Properties
DelegateAccounts
public IEnumerable<string> DelegateAccounts { get; }
Gets the chained list of delegate service accounts. May be empty.
Property Value | |
---|---|
Type | Description |
IEnumerable<String> |
Lifetime
public TimeSpan Lifetime { get; }
Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.
Property Value | |
---|---|
Type | Description |
TimeSpan |
SourceCredential
public GoogleCredential SourceCredential { get; }
Gets the source credential used to acquire the impersonated credentials.
Property Value | |
---|---|
Type | Description |
GoogleCredential |
TargetPrincipal
public string TargetPrincipal { get; }
Gets the service account to impersonate.
Property Value | |
---|---|
Type | Description |
String |
Methods
GetOidcTokenAsync(OidcTokenOptions, CancellationToken)
public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default(CancellationToken))
Returns an OIDC token for the given options.
Parameters | |
---|---|
Name | Description |
options | OidcTokenOptions The options to create the token from. |
cancellationToken | CancellationToken The cancellation token that may be used to cancel the request. |
Returns | |
---|---|
Type | Description |
Task<OidcToken> | The OIDC token. |
RequestAccessTokenAsync(CancellationToken)
public override async Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
Requests a new token.
Parameter | |
---|---|
Name | Description |
taskCancellationToken | CancellationToken Cancellation token to cancel operation. |
Returns | |
---|---|
Type | Description |
Task<Boolean> |
|
SignBlobAsync(Byte[], CancellationToken)
public async Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default(CancellationToken))
Signs the provided blob using the private key associated with the impersonated service account.
Parameters | |
---|---|
Name | Description |
blob | Byte[] The blob to sign. |
cancellationToken | CancellationToken Cancellation token to cancel operation. |
Returns | |
---|---|
Type | Description |
Task<String> | The base64 encoded signature. |
Exceptions | |
---|---|
Type | Description |
HttpRequestException | When signing request fails. |