Generates an OpenID Connect ID token for a service account.
HTTP request
POST https://iamcredentials.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:generateIdToken
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
name |
Required. The resource name of the service account for which the credentials are requested, in the following format: Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "delegates": [ string ], "audience": string, "includeEmail": boolean } |
Fields | |
---|---|
delegates[] |
The sequence of service accounts in a delegation chain. Each service account must be granted the The delegates must have the following format: |
audience |
Required. The audience for the token, such as the API or account that this token grants access to. |
includeEmail |
Include the service account email in the token. If set to |
Response body
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "token": string } |
Fields | |
---|---|
token |
The OpenId Connect ID token. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.