Class ComputeCredential (1.60.0)

public class ComputeCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner

Google OAuth 2.0 credential for accessing protected resources using an access token. The Google OAuth 2.0 Authorization Server supports server-to-server interactions such as those between a web application and Google Cloud Storage. The requesting application has to prove its own identity to gain access to an API, and an end-user doesn't have to be involved.

More details about Compute Engine authentication is available at: https://cloud.google.com/compute/docs/authentication.

Inheritance

object > ServiceCredential > ComputeCredential

Implements

IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner

Inherited Members

ServiceCredential.Logger

ServiceCredential.TokenServerUrl

ServiceCredential.Clock

ServiceCredential.AccessMethod

ServiceCredential.HttpClient

ServiceCredential.Scopes

ServiceCredential.Token

ServiceCredential.QuotaProject

ServiceCredential.BuildCreateHttpClientArgs()

ServiceCredential.Initialize(ConfigurableHttpClient)

ServiceCredential.InterceptAsync(HttpRequestMessage, CancellationToken)

ServiceCredential.HandleResponseAsync(HandleUnsuccessfulResponseArgs)

ServiceCredential.GetAccessTokenForRequestAsync(string, CancellationToken)

ServiceCredential.GetAccessTokenWithHeadersForRequestAsync(string, CancellationToken)

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Namespace

Google Apis Auth OAuth2

Assembly

Google.Apis.Auth.dll

Constructors

ComputeCredential()

public ComputeCredential()

Constructs a new Compute credential instance.

ComputeCredential(Initializer)

public ComputeCredential(ComputeCredential.Initializer initializer)

Constructs a new Compute credential instance.

Parameter
Name	Description
`initializer`	`ComputeCredentialInitializer`

Fields

MetadataServerUrl

public const string MetadataServerUrl = "http://169.254.169.254"

The metadata server url. This can be overridden (for the purposes of Compute environment detection and auth token retrieval) using the GCE_METADATA_HOST environment variable.

Field Value
Type	Description
`string`

Properties

OidcTokenUrl

public string OidcTokenUrl { get; }

Gets the OIDC Token URL.

Property Value
Type	Description
`string`

Methods

GetDefaultServiceAccountEmailAsync(CancellationToken)

public Task<string> GetDefaultServiceAccountEmailAsync(CancellationToken cancellationToken = default)

Returns a task whose result, when completed, is the default service account email associated to this Compute credential.

Parameter
Name	Description
`cancellationToken`	`CancellationToken`

Returns
Type	Description
`Taskstring`

Remarks

This value is cached, because for changing the default service account associated to a Compute VM, the machine needs to be turned off. This means that the operation is only asynchronous when calling for the first time.

Note that if, when fetching this value, an exception is thrown, the exception is cached and will be rethrown by the task returned by any future call to this method. You can create a new ComputeCredential instance if that happens so fetching the service account default email is re-attempted.

GetOidcTokenAsync(OidcTokenOptions, CancellationToken)

public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default)

Returns an OIDC token for the given options.

Parameters
Name	Description
`options`	`OidcTokenOptions` The options to create the token from.
`cancellationToken`	`CancellationToken` The cancellation token that may be used to cancel the request.

Returns
Type	Description
`TaskOidcToken`	The OIDC token.

IsRunningOnComputeEngine()

public static Task<bool> IsRunningOnComputeEngine()

Detects if application is running on Google Compute Engine. This is achieved by attempting to contact GCE metadata server, that is only available on GCE. The check is only performed the first time you call this method, subsequent invocations used cached result of the first call.

Returns
Type	Description
`Taskbool`

RequestAccessTokenAsync(CancellationToken)

public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)

Requests a new token.

Parameter
Name	Description
`taskCancellationToken`	`CancellationToken` Cancellation token to cancel operation.

Returns
Type	Description
`Taskbool`	`true` if a new token was received successfully.

Overrides

ServiceCredential.RequestAccessTokenAsync(CancellationToken)

SignBlobAsync(byte[], CancellationToken)

public Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default)

Signs the provided blob using the private key associated with the service account this ComputeCredential represents.

Parameters
Name	Description
`blob`	`byte` The blob to sign.
`cancellationToken`	`CancellationToken` Cancellation token to cancel the operation.

Returns
Type	Description
`Taskstring`	The base64 encoded signature.

Remarks

The private key associated with the Compute service account is not known locally by a ComputeCredential. Signing happens by executing a request to the IAM Credentials API which increases latency and counts towards IAM Credentials API quotas. Aditionally, the first time a ComputeCredential is used to sign data, a request to the metadata server is made to to obtain the email of the default Compute service account.

Exceptions
Type	Description
`HttpRequestException`	When the signing request fails.

Extension Method

Utilities.ThrowIfNull<T>(T, string)