IAM Service Account Credentials v1 API - Class IAMCredentialsClient (2.1.0)

public abstract class IAMCredentialsClient

Reference documentation and code samples for the IAM Service Account Credentials v1 API class IAMCredentialsClient.

IAMCredentials client wrapper, for convenient use.

Inheritance

Object > IAMCredentialsClient

Derived Types

Namespace

Google.Cloud.Iam.Credentials.V1

Assembly

Google.Cloud.Iam.Credentials.V1.dll

Remarks

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

Properties

DefaultEndpoint

public static string DefaultEndpoint { get; }

The default endpoint for the IAMCredentials service, which is a host of "iamcredentials.googleapis.com" and a port of 443.

Property Value
TypeDescription
String

DefaultScopes

public static IReadOnlyList<string> DefaultScopes { get; }

The default IAMCredentials scopes.

Property Value
TypeDescription
IReadOnlyList<String>
Remarks

The default IAMCredentials scopes are:

GrpcClient

public virtual IAMCredentials.IAMCredentialsClient GrpcClient { get; }

The underlying gRPC IAMCredentials client

Property Value
TypeDescription
IAMCredentials.IAMCredentialsClient

ServiceMetadata

public static ServiceMetadata ServiceMetadata { get; }

The service metadata associated with this client type.

Property Value
TypeDescription
ServiceMetadata

Methods

Create()

public static IAMCredentialsClient Create()

Synchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Returns
TypeDescription
IAMCredentialsClient

The created IAMCredentialsClient.

CreateAsync(CancellationToken)

public static Task<IAMCredentialsClient> CreateAsync(CancellationToken cancellationToken = default(CancellationToken))

Asynchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Parameter
NameDescription
cancellationTokenCancellationToken

The CancellationToken to use while creating the client.

Returns
TypeDescription
Task<IAMCredentialsClient>

The task representing the created IAMCredentialsClient.

GenerateAccessToken(GenerateAccessTokenRequest, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
requestGenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateAccessTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(request);

GenerateAccessToken(ServiceAccountName, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeIEnumerable<String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeDuration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateAccessTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(name, delegates, scope, lifetime);

GenerateAccessToken(String, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeIEnumerable<String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeDuration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateAccessTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
requestGenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(request);

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
requestGenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(request);

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeIEnumerable<String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeDuration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<String>, IEnumerable<String>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeIEnumerable<String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeDuration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(String, IEnumerable<String>, IEnumerable<String>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeIEnumerable<String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeDuration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(String, IEnumerable<String>, IEnumerable<String>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scopeIEnumerable<String>

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetimeDuration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<GenerateAccessTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateIdToken(GenerateIdTokenRequest, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
requestGenerateIdTokenRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateIdTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(request);

GenerateIdToken(ServiceAccountName, IEnumerable<String>, String, Boolean, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceString

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailBoolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateIdTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(name, delegates, audience, includeEmail);

GenerateIdToken(String, IEnumerable<String>, String, Boolean, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceString

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailBoolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
GenerateIdTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(GenerateIdTokenRequest, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
requestGenerateIdTokenRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<GenerateIdTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(request);

GenerateIdTokenAsync(GenerateIdTokenRequest, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
requestGenerateIdTokenRequest

The request object containing all of the parameters for the API call.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<GenerateIdTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(request);

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<String>, String, Boolean, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceString

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailBoolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<GenerateIdTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<String>, String, Boolean, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceString

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailBoolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<GenerateIdTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(String, IEnumerable<String>, String, Boolean, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceString

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailBoolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<GenerateIdTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(String, IEnumerable<String>, String, Boolean, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audienceString

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmailBoolean

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<GenerateIdTokenResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

ShutdownDefaultChannelsAsync()

public static Task ShutdownDefaultChannelsAsync()

Shuts down any channels automatically created by Create() and CreateAsync(CancellationToken). Channels which weren't automatically created are not affected.

Returns
TypeDescription
Task

A task representing the asynchronous shutdown operation.

Remarks

After calling this method, further calls to Create() and CreateAsync(CancellationToken) will create new channels, which could in turn be shut down by another call to this method.

SignBlob(ServiceAccountName, IEnumerable<String>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadByteString

Required. The bytes to sign.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignBlobResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(name, delegates, payload);

SignBlob(SignBlobRequest, CallSettings)

public virtual SignBlobResponse SignBlob(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
requestSignBlobRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignBlobResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(request);

SignBlob(String, IEnumerable<String>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadByteString

Required. The bytes to sign.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignBlobResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(name, delegates, payload);

SignBlobAsync(ServiceAccountName, IEnumerable<String>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadByteString

Required. The bytes to sign.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<SignBlobResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(ServiceAccountName, IEnumerable<String>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadByteString

Required. The bytes to sign.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<SignBlobResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(SignBlobRequest, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
requestSignBlobRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<SignBlobResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(request);

SignBlobAsync(SignBlobRequest, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
requestSignBlobRequest

The request object containing all of the parameters for the API call.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<SignBlobResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(request);

SignBlobAsync(String, IEnumerable<String>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadByteString

Required. The bytes to sign.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<SignBlobResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(String, IEnumerable<String>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadByteString

Required. The bytes to sign.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<SignBlobResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignJwt(ServiceAccountName, IEnumerable<String>, String, CallSettings)

public virtual SignJwtResponse SignJwt(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadString

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignJwtResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(name, delegates, payload);

SignJwt(SignJwtRequest, CallSettings)

public virtual SignJwtResponse SignJwt(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
requestSignJwtRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignJwtResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(request);

SignJwt(String, IEnumerable<String>, String, CallSettings)

public virtual SignJwtResponse SignJwt(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadString

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
SignJwtResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(name, delegates, payload);

SignJwtAsync(ServiceAccountName, IEnumerable<String>, String, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadString

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<SignJwtResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(ServiceAccountName, IEnumerable<String>, String, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadString

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<SignJwtResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(SignJwtRequest, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
requestSignJwtRequest

The request object containing all of the parameters for the API call.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<SignJwtResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(request);

SignJwtAsync(SignJwtRequest, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
requestSignJwtRequest

The request object containing all of the parameters for the API call.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<SignJwtResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(request);

SignJwtAsync(String, IEnumerable<String>, String, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadString

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettingsCallSettings

If not null, applies overrides to this RPC call.

Returns
TypeDescription
Task<SignJwtResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(String, IEnumerable<String>, String, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
NameDescription
nameString

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegatesIEnumerable<String>

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payloadString

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

cancellationTokenCancellationToken

A CancellationToken to use for this RPC.

Returns
TypeDescription
Task<SignJwtResponse>

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);