Class IAMCredentialsClient (1.0.0)

public abstract class IAMCredentialsClient

IAMCredentials client wrapper, for convenient use.

Inheritance

System.Object > IAMCredentialsClient

Namespace

Google.Cloud.Iam.Credentials.V1

Assembly

Google.Cloud.Iam.Credentials.V1.dll

Remarks

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

Properties

DefaultEndpoint

public static string DefaultEndpoint { get; }

The default endpoint for the IAMCredentials service, which is a host of "iamcredentials.googleapis.com" and a port of 443.

Property Value
TypeDescription
System.String

DefaultScopes

public static IReadOnlyList<string> DefaultScopes { get; }

The default IAMCredentials scopes.

Property Value
TypeDescription
System.Collections.Generic.IReadOnlyList<System.String>
Remarks

The default IAMCredentials scopes are:

GrpcClient

public virtual IAMCredentials.IAMCredentialsClient GrpcClient { get; }

The underlying gRPC IAMCredentials client

Property Value
TypeDescription
IAMCredentials.IAMCredentialsClient

Methods

Create()

public static IAMCredentialsClient Create()

Synchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Returns
TypeDescription
IAMCredentialsClient

The created IAMCredentialsClient.

CreateAsync(CancellationToken)

public static Task<IAMCredentialsClient> CreateAsync(CancellationToken cancellationToken = default(CancellationToken))

Asynchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Parameter
NameDescription
cancellationTokenSystem.Threading.CancellationToken

The System.Threading.CancellationToken to use while creating the client.

Returns
TypeDescription
System.Threading.Tasks.Task<IAMCredentialsClient>

The task representing the created IAMCredentialsClient.

GenerateAccessToken(GenerateAccessTokenRequest, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
requestGenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateAccessTokenResponse

The RPC response.

GenerateAccessToken(ServiceAccountName, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeSystem.Collections.Generic.IEnumerable<System.String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeGoogle.Protobuf.WellKnownTypes.Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateAccessTokenResponse

The RPC response.

GenerateAccessToken(String, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeSystem.Collections.Generic.IEnumerable<System.String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeGoogle.Protobuf.WellKnownTypes.Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateAccessTokenResponse

The RPC response.

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
requestGenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
requestGenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeSystem.Collections.Generic.IEnumerable<System.String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeGoogle.Protobuf.WellKnownTypes.Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<String>, IEnumerable<String>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeSystem.Collections.Generic.IEnumerable<System.String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeGoogle.Protobuf.WellKnownTypes.Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

GenerateAccessTokenAsync(String, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeSystem.Collections.Generic.IEnumerable<System.String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeGoogle.Protobuf.WellKnownTypes.Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

GenerateAccessTokenAsync(String, IEnumerable<String>, IEnumerable<String>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeSystem.Collections.Generic.IEnumerable<System.String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeGoogle.Protobuf.WellKnownTypes.Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

GenerateIdToken(GenerateIdTokenRequest, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
requestGenerateIdTokenRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateIdTokenResponse

The RPC response.

GenerateIdToken(ServiceAccountName, IEnumerable<String>, String, Boolean, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceSystem.String

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailSystem.Boolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateIdTokenResponse

The RPC response.

GenerateIdToken(String, IEnumerable<String>, String, Boolean, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceSystem.String

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailSystem.Boolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateIdTokenResponse

The RPC response.

GenerateIdTokenAsync(GenerateIdTokenRequest, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
requestGenerateIdTokenRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateIdTokenResponse>

A Task containing the RPC response.

GenerateIdTokenAsync(GenerateIdTokenRequest, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
requestGenerateIdTokenRequest

The request object containing all of the parameters for the API call.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateIdTokenResponse>

A Task containing the RPC response.

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<String>, String, Boolean, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceSystem.String

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailSystem.Boolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateIdTokenResponse>

A Task containing the RPC response.

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<String>, String, Boolean, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceSystem.String

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailSystem.Boolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateIdTokenResponse>

A Task containing the RPC response.

GenerateIdTokenAsync(String, IEnumerable<String>, String, Boolean, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceSystem.String

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailSystem.Boolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateIdTokenResponse>

A Task containing the RPC response.

GenerateIdTokenAsync(String, IEnumerable<String>, String, Boolean, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceSystem.String

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailSystem.Boolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<GenerateIdTokenResponse>

A Task containing the RPC response.

ShutdownDefaultChannelsAsync()

public static Task ShutdownDefaultChannelsAsync()

Shuts down any channels automatically created by Create() and CreateAsync(CancellationToken). Channels which weren't automatically created are not affected.

Returns
TypeDescription
System.Threading.Tasks.Task

A task representing the asynchronous shutdown operation.

Remarks

After calling this method, further calls to Create() and CreateAsync(CancellationToken) will create new channels, which could in turn be shut down by another call to this method.

SignBlob(ServiceAccountName, IEnumerable<String>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadGoogle.Protobuf.ByteString

Required. The bytes to sign.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignBlobResponse

The RPC response.

SignBlob(SignBlobRequest, CallSettings)

public virtual SignBlobResponse SignBlob(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
requestSignBlobRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignBlobResponse

The RPC response.

SignBlob(String, IEnumerable<String>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadGoogle.Protobuf.ByteString

Required. The bytes to sign.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignBlobResponse

The RPC response.

SignBlobAsync(ServiceAccountName, IEnumerable<String>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadGoogle.Protobuf.ByteString

Required. The bytes to sign.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<SignBlobResponse>

A Task containing the RPC response.

SignBlobAsync(ServiceAccountName, IEnumerable<String>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadGoogle.Protobuf.ByteString

Required. The bytes to sign.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<SignBlobResponse>

A Task containing the RPC response.

SignBlobAsync(SignBlobRequest, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
requestSignBlobRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<SignBlobResponse>

A Task containing the RPC response.

SignBlobAsync(SignBlobRequest, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
requestSignBlobRequest

The request object containing all of the parameters for the API call.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<SignBlobResponse>

A Task containing the RPC response.

SignBlobAsync(String, IEnumerable<String>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadGoogle.Protobuf.ByteString

Required. The bytes to sign.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<SignBlobResponse>

A Task containing the RPC response.

SignBlobAsync(String, IEnumerable<String>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadGoogle.Protobuf.ByteString

Required. The bytes to sign.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<SignBlobResponse>

A Task containing the RPC response.

SignJwt(ServiceAccountName, IEnumerable<String>, String, CallSettings)

public virtual SignJwtResponse SignJwt(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadSystem.String

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignJwtResponse

The RPC response.

SignJwt(SignJwtRequest, CallSettings)

public virtual SignJwtResponse SignJwt(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
requestSignJwtRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignJwtResponse

The RPC response.

SignJwt(String, IEnumerable<String>, String, CallSettings)

public virtual SignJwtResponse SignJwt(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadSystem.String

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignJwtResponse

The RPC response.

SignJwtAsync(ServiceAccountName, IEnumerable<String>, String, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadSystem.String

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<SignJwtResponse>

A Task containing the RPC response.

SignJwtAsync(ServiceAccountName, IEnumerable<String>, String, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadSystem.String

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<SignJwtResponse>

A Task containing the RPC response.

SignJwtAsync(SignJwtRequest, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
requestSignJwtRequest

The request object containing all of the parameters for the API call.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<SignJwtResponse>

A Task containing the RPC response.

SignJwtAsync(SignJwtRequest, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
requestSignJwtRequest

The request object containing all of the parameters for the API call.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<SignJwtResponse>

A Task containing the RPC response.

SignJwtAsync(String, IEnumerable<String>, String, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadSystem.String

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsGoogle.Api.Gax.Grpc.CallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
System.Threading.Tasks.Task<SignJwtResponse>

A Task containing the RPC response.

SignJwtAsync(String, IEnumerable<String>, String, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameSystem.String

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesSystem.Collections.Generic.IEnumerable<System.String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadSystem.String

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

cancellationTokenSystem.Threading.CancellationToken

A System.Threading.CancellationToken to use for this RPC.

Returns
TypeDescription
System.Threading.Tasks.Task<SignJwtResponse>

A Task containing the RPC response.