public sealed class ImpersonatedCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner
Allows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.
Implements
IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSignerNamespace
GoogleApisAuthOAuth2Assembly
Google.Apis.Auth.dll
Properties
DelegateAccounts
public IEnumerable<string> DelegateAccounts { get; }
Gets the chained list of delegate service accounts. May be empty.
Property Value | |
---|---|
Type | Description |
IEnumerablestring |
Lifetime
public TimeSpan Lifetime { get; }
Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.
Property Value | |
---|---|
Type | Description |
TimeSpan |
SourceCredential
public GoogleCredential SourceCredential { get; }
Gets the source credential used to acquire the impersonated credentials.
Property Value | |
---|---|
Type | Description |
GoogleCredential |
TargetPrincipal
public string TargetPrincipal { get; }
Gets the service account to impersonate.
Property Value | |
---|---|
Type | Description |
string |
Methods
GetOidcTokenAsync(OidcTokenOptions, CancellationToken)
public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default)
Returns an OIDC token for the given options.
Parameters | |
---|---|
Name | Description |
options | OidcTokenOptions The options to create the token from. |
cancellationToken | CancellationToken The cancellation token that may be used to cancel the request. |
Returns | |
---|---|
Type | Description |
TaskOidcToken | The OIDC token. |
RequestAccessTokenAsync(CancellationToken)
public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
Requests a new token.
Parameter | |
---|---|
Name | Description |
taskCancellationToken | CancellationToken Cancellation token to cancel operation. |
Returns | |
---|---|
Type | Description |
Taskbool |
|
SignBlobAsync(byte[], CancellationToken)
public Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default)
Signs the provided blob using the private key associated with the impersonated service account.
Parameters | |
---|---|
Name | Description |
blob | byte The blob to sign. |
cancellationToken | CancellationToken Cancellation token to cancel operation. |
Returns | |
---|---|
Type | Description |
Taskstring | The base64 encoded signature. |
Exceptions | |
---|---|
Type | Description |
HttpRequestException | When signing request fails. |