IAM Service Account Credentials v1 API - Class IAMCredentialsClient (2.4.0)

public abstract class IAMCredentialsClient

Reference documentation and code samples for the IAM Service Account Credentials v1 API class IAMCredentialsClient.

IAMCredentials client wrapper, for convenient use.

Inheritance

object > IAMCredentialsClient

Derived Types

Namespace

Google.Cloud.Iam.Credentials.V1

Assembly

Google.Cloud.Iam.Credentials.V1.dll

Remarks

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

Properties

DefaultEndpoint

public static string DefaultEndpoint { get; }

The default endpoint for the IAMCredentials service, which is a host of "iamcredentials.googleapis.com" and a port of 443.

Property Value
Type Description
string

DefaultScopes

public static IReadOnlyList<string> DefaultScopes { get; }

The default IAMCredentials scopes.

Property Value
Type Description
IReadOnlyListstring
Remarks

The default IAMCredentials scopes are:

GrpcClient

public virtual IAMCredentials.IAMCredentialsClient GrpcClient { get; }

The underlying gRPC IAMCredentials client

Property Value
Type Description
IAMCredentialsIAMCredentialsClient

ServiceMetadata

public static ServiceMetadata ServiceMetadata { get; }

The service metadata associated with this client type.

Property Value
Type Description
ServiceMetadata

Methods

Create()

public static IAMCredentialsClient Create()

Synchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Returns
Type Description
IAMCredentialsClient

The created IAMCredentialsClient.

CreateAsync(CancellationToken)

public static Task<IAMCredentialsClient> CreateAsync(CancellationToken cancellationToken = default)

Asynchronously creates a IAMCredentialsClient using the default credentials, endpoint and settings. To specify custom credentials or other settings, use IAMCredentialsClientBuilder.

Parameter
Name Description
cancellationToken CancellationToken

The CancellationToken to use while creating the client.

Returns
Type Description
TaskIAMCredentialsClient

The task representing the created IAMCredentialsClient.

GenerateAccessToken(GenerateAccessTokenRequest, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
request GenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
GenerateAccessTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(request);

GenerateAccessToken(ServiceAccountName, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scope IEnumerablestring

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
GenerateAccessTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(name, delegates, scope, lifetime);

GenerateAccessToken(string, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual GenerateAccessTokenResponse GenerateAccessToken(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scope IEnumerablestring

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
GenerateAccessTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = iAMCredentialsClient.GenerateAccessToken(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
request GenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskGenerateAccessTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(request);

GenerateAccessTokenAsync(GenerateAccessTokenRequest, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(GenerateAccessTokenRequest request, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
request GenerateAccessTokenRequest

The request object containing all of the parameters for the API call.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskGenerateAccessTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateAccessTokenRequest request = new GenerateAccessTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Scope = { "", },
    Lifetime = new Duration(),
};
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(request);

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scope IEnumerablestring

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskGenerateAccessTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(ServiceAccountName, IEnumerable<string>, IEnumerable<string>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scope IEnumerablestring

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskGenerateAccessTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(string, IEnumerable<string>, IEnumerable<string>, Duration, CallSettings)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CallSettings callSettings = null)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scope IEnumerablestring

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskGenerateAccessTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateAccessTokenAsync(string, IEnumerable<string>, IEnumerable<string>, Duration, CancellationToken)

public virtual Task<GenerateAccessTokenResponse> GenerateAccessTokenAsync(string name, IEnumerable<string> delegates, IEnumerable<string> scope, Duration lifetime, CancellationToken cancellationToken)

Generates an OAuth 2.0 access token for a service account.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

scope IEnumerablestring

Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime Duration

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token's lifetime will be set to a default value of one hour.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskGenerateAccessTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
IEnumerable<string> scope = new string[] { "", };
Duration lifetime = new Duration();
// Make the request
GenerateAccessTokenResponse response = await iAMCredentialsClient.GenerateAccessTokenAsync(name, delegates, scope, lifetime);

GenerateIdToken(GenerateIdTokenRequest, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
request GenerateIdTokenRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
GenerateIdTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(request);

GenerateIdToken(ServiceAccountName, IEnumerable<string>, string, bool, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audience string

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmail bool

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
GenerateIdTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(name, delegates, audience, includeEmail);

GenerateIdToken(string, IEnumerable<string>, string, bool, CallSettings)

public virtual GenerateIdTokenResponse GenerateIdToken(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audience string

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmail bool

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
GenerateIdTokenResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = iAMCredentialsClient.GenerateIdToken(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(GenerateIdTokenRequest, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
request GenerateIdTokenRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskGenerateIdTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(request);

GenerateIdTokenAsync(GenerateIdTokenRequest, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(GenerateIdTokenRequest request, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
request GenerateIdTokenRequest

The request object containing all of the parameters for the API call.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskGenerateIdTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
GenerateIdTokenRequest request = new GenerateIdTokenRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Audience = "",
    IncludeEmail = false,
};
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(request);

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<string>, string, bool, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audience string

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmail bool

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskGenerateIdTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(ServiceAccountName, IEnumerable<string>, string, bool, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(ServiceAccountName name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audience string

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmail bool

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskGenerateIdTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(string, IEnumerable<string>, string, bool, CallSettings)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CallSettings callSettings = null)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audience string

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmail bool

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskGenerateIdTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

GenerateIdTokenAsync(string, IEnumerable<string>, string, bool, CancellationToken)

public virtual Task<GenerateIdTokenResponse> GenerateIdTokenAsync(string name, IEnumerable<string> delegates, string audience, bool includeEmail, CancellationToken cancellationToken)

Generates an OpenID Connect ID token for a service account.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

audience string

Required. The audience for the token, such as the API or account that this token grants access to.

includeEmail bool

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskGenerateIdTokenResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string audience = "";
bool includeEmail = false;
// Make the request
GenerateIdTokenResponse response = await iAMCredentialsClient.GenerateIdTokenAsync(name, delegates, audience, includeEmail);

ShutdownDefaultChannelsAsync()

public static Task ShutdownDefaultChannelsAsync()

Shuts down any channels automatically created by Create() and CreateAsync(CancellationToken). Channels which weren't automatically created are not affected.

Returns
Type Description
Task

A task representing the asynchronous shutdown operation.

Remarks

After calling this method, further calls to Create() and CreateAsync(CancellationToken) will create new channels, which could in turn be shut down by another call to this method.

SignBlob(ServiceAccountName, IEnumerable<string>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload ByteString

Required. The bytes to sign.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
SignBlobResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(name, delegates, payload);

SignBlob(SignBlobRequest, CallSettings)

public virtual SignBlobResponse SignBlob(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
request SignBlobRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
SignBlobResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(request);

SignBlob(string, IEnumerable<string>, ByteString, CallSettings)

public virtual SignBlobResponse SignBlob(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload ByteString

Required. The bytes to sign.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
SignBlobResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = iAMCredentialsClient.SignBlob(name, delegates, payload);

SignBlobAsync(ServiceAccountName, IEnumerable<string>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload ByteString

Required. The bytes to sign.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskSignBlobResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(ServiceAccountName, IEnumerable<string>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(ServiceAccountName name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload ByteString

Required. The bytes to sign.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskSignBlobResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(SignBlobRequest, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
request SignBlobRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskSignBlobResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(request);

SignBlobAsync(SignBlobRequest, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(SignBlobRequest request, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
request SignBlobRequest

The request object containing all of the parameters for the API call.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskSignBlobResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignBlobRequest request = new SignBlobRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = ByteString.Empty,
};
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(request);

SignBlobAsync(string, IEnumerable<string>, ByteString, CallSettings)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CallSettings callSettings = null)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload ByteString

Required. The bytes to sign.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskSignBlobResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignBlobAsync(string, IEnumerable<string>, ByteString, CancellationToken)

public virtual Task<SignBlobResponse> SignBlobAsync(string name, IEnumerable<string> delegates, ByteString payload, CancellationToken cancellationToken)

Signs a blob using a service account's system-managed private key.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload ByteString

Required. The bytes to sign.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskSignBlobResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
ByteString payload = ByteString.Empty;
// Make the request
SignBlobResponse response = await iAMCredentialsClient.SignBlobAsync(name, delegates, payload);

SignJwt(ServiceAccountName, IEnumerable<string>, string, CallSettings)

public virtual SignJwtResponse SignJwt(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload string

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
SignJwtResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(name, delegates, payload);

SignJwt(SignJwtRequest, CallSettings)

public virtual SignJwtResponse SignJwt(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
request SignJwtRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
SignJwtResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(request);

SignJwt(string, IEnumerable<string>, string, CallSettings)

public virtual SignJwtResponse SignJwt(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload string

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
SignJwtResponse

The RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = IAMCredentialsClient.Create();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = iAMCredentialsClient.SignJwt(name, delegates, payload);

SignJwtAsync(ServiceAccountName, IEnumerable<string>, string, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload string

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskSignJwtResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(ServiceAccountName, IEnumerable<string>, string, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(ServiceAccountName name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
name ServiceAccountName

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload string

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskSignJwtResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
ServiceAccountName name = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]");
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(SignJwtRequest, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
request SignJwtRequest

The request object containing all of the parameters for the API call.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskSignJwtResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(request);

SignJwtAsync(SignJwtRequest, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(SignJwtRequest request, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
request SignJwtRequest

The request object containing all of the parameters for the API call.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskSignJwtResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
SignJwtRequest request = new SignJwtRequest
{
    ServiceAccountName = ServiceAccountName.FromProjectServiceAccount("[PROJECT]", "[SERVICE_ACCOUNT]"),
    Delegates = { "", },
    Payload = "",
};
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(request);

SignJwtAsync(string, IEnumerable<string>, string, CallSettings)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CallSettings callSettings = null)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload string

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

callSettings CallSettings

If not null, applies overrides to this RPC call.

Returns
Type Description
TaskSignJwtResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);

SignJwtAsync(string, IEnumerable<string>, string, CancellationToken)

public virtual Task<SignJwtResponse> SignJwtAsync(string name, IEnumerable<string> delegates, string payload, CancellationToken cancellationToken)

Signs a JWT using a service account's system-managed private key.

Parameters
Name Description
name string

Required. The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

delegates IEnumerablestring

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request.

The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard character is required; replacing it with a project ID is invalid.

payload string

Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.

cancellationToken CancellationToken

A CancellationToken to use for this RPC.

Returns
Type Description
TaskSignJwtResponse

A Task containing the RPC response.

Example
// Create client
IAMCredentialsClient iAMCredentialsClient = await IAMCredentialsClient.CreateAsync();
// Initialize request argument(s)
string name = "projects/[PROJECT]/serviceAccounts/[SERVICE_ACCOUNT]";
IEnumerable<string> delegates = new string[] { "", };
string payload = "";
// Make the request
SignJwtResponse response = await iAMCredentialsClient.SignJwtAsync(name, delegates, payload);