public abstract class ExternalAccountCredential : ServiceCredential, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler
Base class for external account credentials.
Implements
ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandlerDerived Types
Namespace
GoogleApisAuthOAuth2Assembly
Google.Apis.Auth.dll
Properties
Audience
public string Audience { get; }
The STS audience which contains the resource name for the workload identity pool or the workforce pool and the provider identifier in that pool.
Property Value | |
---|---|
Type | Description |
string |
ClientId
public string ClientId { get; }
The Client ID.
Property Value | |
---|---|
Type | Description |
string |
Client ID and Client secret are currently only required if the token info endpoint needs to be called with the generated GCP access token. When provided, STS will be called with additional basic authentication using ClientId as username and ClientSecret as password.
ClientSecret
public string ClientSecret { get; }
The client secret.
Property Value | |
---|---|
Type | Description |
string |
Client ID and Client secret are currently only required if the token info endpoint needs to be called with the generated GCP access token. When provided, STS will be called with additional basic authentication using ClientId as username and ClientSecret as password.
ServiceAccountImpersonationUrl
public string ServiceAccountImpersonationUrl { get; }
This is the URL for the service account impersonation request. If this is not set, the STS-returned access token should be directly used without impersonation.
Property Value | |
---|---|
Type | Description |
string |
SubjectTokenType
public string SubjectTokenType { get; }
The STS subject token type based on the OAuth 2.0 token exchange spec.
Property Value | |
---|---|
Type | Description |
string |
WorkforcePoolUserProject
public string WorkforcePoolUserProject { get; }
The GCP project number to be used for Workforce Pools external credentials.
Property Value | |
---|---|
Type | Description |
string |
If this external account credential represents a Workforce Pool enabled identity and this values is not specified, then an API key needs to be used alongside this credential to call Google APIs.
Methods
GetSubjectTokenAsyncImpl(CancellationToken)
protected abstract Task<string> GetSubjectTokenAsyncImpl(CancellationToken taskCancellationToken)
Gets the subject token to be exchanged for the access token.
Parameter | |
---|---|
Name | Description |
taskCancellationToken |
CancellationToken |
Returns | |
---|---|
Type | Description |
Taskstring |
RequestAccessTokenAsync(CancellationToken)
public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
Requests a new token.
Parameter | |
---|---|
Name | Description |
taskCancellationToken |
CancellationToken Cancellation token to cancel operation. |
Returns | |
---|---|
Type | Description |
Taskbool |
|