Class ImpersonatedCredential (1.60.0)

public sealed class ImpersonatedCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner

Allows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.

Inheritance

object > ServiceCredential > ImpersonatedCredential

Implements

IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner

Inherited Members

ServiceCredential.Logger

ServiceCredential.TokenServerUrl

ServiceCredential.Clock

ServiceCredential.AccessMethod

ServiceCredential.HttpClient

ServiceCredential.Scopes

ServiceCredential.Token

ServiceCredential.QuotaProject

ServiceCredential.BuildCreateHttpClientArgs()

ServiceCredential.Initialize(ConfigurableHttpClient)

ServiceCredential.InterceptAsync(HttpRequestMessage, CancellationToken)

ServiceCredential.HandleResponseAsync(HandleUnsuccessfulResponseArgs)

ServiceCredential.GetAccessTokenForRequestAsync(string, CancellationToken)

ServiceCredential.GetAccessTokenWithHeadersForRequestAsync(string, CancellationToken)

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Namespace

Google Apis Auth OAuth2

Assembly

Google.Apis.Auth.dll

Properties

DelegateAccounts

public IEnumerable<string> DelegateAccounts { get; }

Gets the chained list of delegate service accounts. May be empty.

Property Value
Type	Description
`IEnumerablestring`

Lifetime

public TimeSpan Lifetime { get; }

Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.

Property Value
Type	Description
`TimeSpan`

SourceCredential

public GoogleCredential SourceCredential { get; }

Gets the source credential used to acquire the impersonated credentials.

Property Value
Type	Description
`GoogleCredential`

TargetPrincipal

public string TargetPrincipal { get; }

Gets the service account to impersonate.

Property Value
Type	Description
`string`

Methods

GetOidcTokenAsync(OidcTokenOptions, CancellationToken)

public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default)

Returns an OIDC token for the given options.

Parameters
Name	Description
`options`	`OidcTokenOptions` The options to create the token from.
`cancellationToken`	`CancellationToken` The cancellation token that may be used to cancel the request.

Returns
Type	Description
`TaskOidcToken`	The OIDC token.

RequestAccessTokenAsync(CancellationToken)

public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)

Requests a new token.

Parameter
Name	Description
`taskCancellationToken`	`CancellationToken` Cancellation token to cancel operation.

Returns
Type	Description
`Taskbool`	`true` if a new token was received successfully.

Overrides

ServiceCredential.RequestAccessTokenAsync(CancellationToken)

SignBlobAsync(byte[], CancellationToken)

public Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default)

Signs the provided blob using the private key associated with the impersonated service account.

Parameters
Name	Description
`blob`	`byte` The blob to sign.
`cancellationToken`	`CancellationToken` Cancellation token to cancel operation.

Returns
Type	Description
`Taskstring`	The base64 encoded signature.

Exceptions
Type	Description
`HttpRequestException`	When signing request fails.

Extension Method

Utilities.ThrowIfNull<T>(T, string)