Class ImpersonatedCredential (1.59.0)

public sealed class ImpersonatedCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner

Allows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.

Inheritance

Object > ServiceCredential > ImpersonatedCredential

Namespace

Google.Apis.Auth.OAuth2

Assembly

Google.Apis.Auth.dll

Properties

DelegateAccounts

public IEnumerable<string> DelegateAccounts { get; }

Gets the chained list of delegate service accounts. May be empty.

Property Value
TypeDescription
IEnumerable<String>

Lifetime

public TimeSpan Lifetime { get; }

Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.

Property Value
TypeDescription
TimeSpan

SourceCredential

public GoogleCredential SourceCredential { get; }

Gets the source credential used to acquire the impersonated credentials.

Property Value
TypeDescription
GoogleCredential

TargetPrincipal

public string TargetPrincipal { get; }

Gets the service account to impersonate.

Property Value
TypeDescription
String

Methods

GetOidcTokenAsync(OidcTokenOptions, CancellationToken)

public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default(CancellationToken))

Returns an OIDC token for the given options.

Parameters
NameDescription
optionsOidcTokenOptions

The options to create the token from.

cancellationTokenCancellationToken

The cancellation token that may be used to cancel the request.

Returns
TypeDescription
Task<OidcToken>

The OIDC token.

RequestAccessTokenAsync(CancellationToken)

public override async Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)

Requests a new token.

Parameter
NameDescription
taskCancellationTokenCancellationToken

Cancellation token to cancel operation.

Returns
TypeDescription
Task<Boolean>

true if a new token was received successfully.

Overrides

SignBlobAsync(Byte[], CancellationToken)

public async Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default(CancellationToken))

Signs the provided blob using the private key associated with the impersonated service account.

Parameters
NameDescription
blobByte[]

The blob to sign.

cancellationTokenCancellationToken

Cancellation token to cancel operation.

Returns
TypeDescription
Task<String>

The base64 encoded signature.

Exceptions
TypeDescription
HttpRequestException

When signing request fails.

Extension Method