IAM Service Account Credentials v1 API - Class IAMCredentialsClient (2.3.0)

public abstract class IAMCredentialsClient

Reference documentation and code samples for the IAM Service Account Credentials v1 API class IAMCredentialsClient.

IAMCredentials client wrapper, for convenient use.

Inheritance

object > IAMCredentialsClient

Inherited Members

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ToString()

Derived Types

IAMCredentialsClientImpl

Namespace

Google.Cloud.Iam.Credentials.V1

Assembly

Google.Cloud.Iam.Credentials.V1.dll

Remarks

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

Properties

DefaultEndpoint

public static string DefaultEndpoint { get; }

The default endpoint for the IAMCredentials service, which is a host of "iamcredentials.googleapis.com" and a port of 443.

Property Value
Type	Description
`string`

DefaultScopes

public static IReadOnlyList<string> DefaultScopes { get; }

The default IAMCredentials scopes.

Property Value
Type	Description
`IReadOnlyListstring`

Remarks

The default IAMCredentials scopes are:

https://www.googleapis.com/auth/cloud-platform

GrpcClient

public virtual IAMCredentials.IAMCredentialsClient GrpcClient { get; }

The underlying gRPC IAMCredentials client

Property Value
Type	Description
`IAMCredentialsIAMCredentialsClient`

ServiceMetadata

public static ServiceMetadata ServiceMetadata { get; }

The service metadata associated with this client type.

Property Value
Type	Description
`ServiceMetadata`

Methods

Create()

public static IAMCredentialsClient Create()

Synchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Returns
Type	Description
`IAMCredentialsClient`	The created IAMCredentialsClient.

CreateAsync(CancellationToken)

public static Task<IAMCredentialsClient> CreateAsync(CancellationToken cancellationToken = default)

Asynchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Parameter
Name	Description
`cancellationToken`	`CancellationToken` The CancellationToken to use while creating the client.

Returns
Type	Description
`TaskIAMCredentialsClient`	The task representing the created IAMCredentialsClient.

GenerateAccessToken(GenerateAccessTokenRequest, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`request`	`GenerateAccessTokenRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`GenerateAccessTokenResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(request);

GenerateAccessToken(ServiceAccountName, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`scope`	`IEnumerablestring` Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
`lifetime`	`Duration` The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`GenerateAccessTokenResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(name, delegates, scope, lifetime);

GenerateAccessToken(string, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`scope`	`IEnumerablestring` Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
`lifetime`	`Duration` The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`GenerateAccessTokenResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`request`	`GenerateAccessTokenRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskGenerateAccessTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(request);

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`request`	`GenerateAccessTokenRequest` The request object containing all of the parameters for the API call.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskGenerateAccessTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(request);

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`scope`	`IEnumerablestring` Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
`lifetime`	`Duration` The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskGenerateAccessTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<string>, IEnumerable<string>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`scope`	`IEnumerablestring` Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
`lifetime`	`Duration` The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskGenerateAccessTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(string, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`scope`	`IEnumerablestring` Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
`lifetime`	`Duration` The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskGenerateAccessTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(string, IEnumerable<string>, IEnumerable<string>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`scope`	`IEnumerablestring` Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
`lifetime`	`Duration` The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskGenerateAccessTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateIdToken(GenerateIdTokenRequest, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`request`	`GenerateIdTokenRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`GenerateIdTokenResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(request);

GenerateIdToken(ServiceAccountName, IEnumerable<string>, string, bool, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`audience`	`string` Required. The audience for the token, such as the API or account that this token grants access to.
`includeEmail`	`bool` Include the service account email in the token. If set to `true`, the token will contain `email` and `email_verified` claims.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`GenerateIdTokenResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(name, delegates, audience, includeEmail);

GenerateIdToken(string, IEnumerable<string>, string, bool, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`audience`	`string` Required. The audience for the token, such as the API or account that this token grants access to.
`includeEmail`	`bool` Include the service account email in the token. If set to `true`, the token will contain `email` and `email_verified` claims.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`GenerateIdTokenResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(GenerateIdTokenRequest, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`request`	`GenerateIdTokenRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskGenerateIdTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(request);

GenerateIdTokenAsync(GenerateIdTokenRequest, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`request`	`GenerateIdTokenRequest` The request object containing all of the parameters for the API call.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskGenerateIdTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(request);

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<string>, string, bool, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`audience`	`string` Required. The audience for the token, such as the API or account that this token grants access to.
`includeEmail`	`bool` Include the service account email in the token. If set to `true`, the token will contain `email` and `email_verified` claims.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskGenerateIdTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<string>, string, bool, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`audience`	`string` Required. The audience for the token, such as the API or account that this token grants access to.
`includeEmail`	`bool` Include the service account email in the token. If set to `true`, the token will contain `email` and `email_verified` claims.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskGenerateIdTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(string, IEnumerable<string>, string, bool, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`audience`	`string` Required. The audience for the token, such as the API or account that this token grants access to.
`includeEmail`	`bool` Include the service account email in the token. If set to `true`, the token will contain `email` and `email_verified` claims.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskGenerateIdTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(string, IEnumerable<string>, string, bool, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`audience`	`string` Required. The audience for the token, such as the API or account that this token grants access to.
`includeEmail`	`bool` Include the service account email in the token. If set to `true`, the token will contain `email` and `email_verified` claims.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskGenerateIdTokenResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

ShutdownDefaultChannelsAsync()

public static Task ShutdownDefaultChannelsAsync()

Shuts down any channels automatically created by Create() and CreateAsync(CancellationToken). Channels which weren't automatically created are not affected.

Returns
Type	Description
`Task`	A task representing the asynchronous shutdown operation.

Remarks

After calling this method, further calls to Create() and CreateAsync(CancellationToken) will create new channels, which could in turn be shut down by another call to this method.

SignBlob(ServiceAccountName, IEnumerable<string>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`ByteString` Required. The bytes to sign.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`SignBlobResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(name, delegates, payload);

SignBlob(SignBlobRequest, CallSettings)

public virtual SignBlobResponse SignBlob(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`request`	`SignBlobRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`SignBlobResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(request);

SignBlob(string, IEnumerable<string>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`ByteString` Required. The bytes to sign.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`SignBlobResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(name, delegates, payload);

SignBlobAsync(ServiceAccountName, IEnumerable<string>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`ByteString` Required. The bytes to sign.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskSignBlobResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(ServiceAccountName, IEnumerable<string>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`ByteString` Required. The bytes to sign.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskSignBlobResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(SignBlobRequest, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`request`	`SignBlobRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskSignBlobResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(request);

SignBlobAsync(SignBlobRequest, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`request`	`SignBlobRequest` The request object containing all of the parameters for the API call.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskSignBlobResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(request);

SignBlobAsync(string, IEnumerable<string>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`ByteString` Required. The bytes to sign.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskSignBlobResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(string, IEnumerable<string>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`ByteString` Required. The bytes to sign.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskSignBlobResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignJwt(ServiceAccountName, IEnumerable<string>, string, CallSettings)

public virtual SignJwtResponse SignJwt(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`string` Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`SignJwtResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(name, delegates, payload);

SignJwt(SignJwtRequest, CallSettings)

public virtual SignJwtResponse SignJwt(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`request`	`SignJwtRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`SignJwtResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(request);

SignJwt(string, IEnumerable<string>, string, CallSettings)

public virtual SignJwtResponse SignJwt(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`string` Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`SignJwtResponse`	The RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(name, delegates, payload);

SignJwtAsync(ServiceAccountName, IEnumerable<string>, string, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`string` Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskSignJwtResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(ServiceAccountName, IEnumerable<string>, string, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`name`	`ServiceAccountName` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`string` Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskSignJwtResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(SignJwtRequest, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`request`	`SignJwtRequest` The request object containing all of the parameters for the API call.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskSignJwtResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(request);

SignJwtAsync(SignJwtRequest, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`request`	`SignJwtRequest` The request object containing all of the parameters for the API call.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskSignJwtResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(request);

SignJwtAsync(string, IEnumerable<string>, string, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`string` Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
`callSettings`	`CallSettings` If not null, applies overrides to this RPC call.

Returns
Type	Description
`TaskSignJwtResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(string, IEnumerable<string>, string, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
Name	Description
`name`	`string` Required. The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`delegates`	`IEnumerablestring` The sequence of service accounts in a delegation chain. Each service account must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account in the chain. The last service account in the chain must be granted the `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the `name` field of the request. The delegates must have the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`. The `-` wildcard character is required; replacing it with a project ID is invalid.
`payload`	`string` Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
`cancellationToken`	`CancellationToken` A CancellationToken to use for this RPC.

Returns
Type	Description
`TaskSignJwtResponse`	A Task containing the RPC response.

Example

// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);