Class ImpersonatedCredential (1.60.0)

public sealed class ImpersonatedCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner

Allows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.

Inheritance

object > ServiceCredential > ImpersonatedCredential

Namespace

GoogleApisAuthOAuth2

Assembly

Google.Apis.Auth.dll

Properties

DelegateAccounts

public IEnumerable<string> DelegateAccounts { get; }

Gets the chained list of delegate service accounts. May be empty.

Property Value
Type Description
IEnumerablestring

Lifetime

public TimeSpan Lifetime { get; }

Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.

Property Value
Type Description
TimeSpan

SourceCredential

public GoogleCredential SourceCredential { get; }

Gets the source credential used to acquire the impersonated credentials.

Property Value
Type Description
GoogleCredential

TargetPrincipal

public string TargetPrincipal { get; }

Gets the service account to impersonate.

Property Value
Type Description
string

Methods

GetOidcTokenAsync(OidcTokenOptions, CancellationToken)

public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default)

Returns an OIDC token for the given options.

Parameters
Name Description
options OidcTokenOptions

The options to create the token from.

cancellationToken CancellationToken

The cancellation token that may be used to cancel the request.

Returns
Type Description
TaskOidcToken

The OIDC token.

RequestAccessTokenAsync(CancellationToken)

public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)

Requests a new token.

Parameter
Name Description
taskCancellationToken CancellationToken

Cancellation token to cancel operation.

Returns
Type Description
Taskbool

true if a new token was received successfully.

Overrides

SignBlobAsync(byte[], CancellationToken)

public Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default)

Signs the provided blob using the private key associated with the impersonated service account.

Parameters
Name Description
blob byte

The blob to sign.

cancellationToken CancellationToken

Cancellation token to cancel operation.

Returns
Type Description
Taskstring

The base64 encoded signature.

Exceptions
Type Description
HttpRequestException

When signing request fails.

Extension Method