Google Auth Library Client - Class Iam (1.45.2)

Reference documentation and code samples for the Google Auth Library Client class Iam.

Tools for using the IAM API.

Namespace

Google \ Auth

Methods

__construct

Parameters
Name Description
httpHandler callable|null

[optional] The HTTP Handler to send requests.

universeDomain string

signBlob

Sign a string using the IAM signBlob API.

Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.

Parameters
Name Description
email string

The service account email.

accessToken string

An access token from the service account.

stringToSign string

The string to be signed.

delegates string[]

[optional] A list of service account emails to add to the delegate chain. If omitted, the value of $email will be used.

Returns
Type Description
string The signed string, base64-encoded.

generateIdToken

Sign a string using the IAM signBlob API.

Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.

Parameters
Name Description
clientEmail string

The service account email.

targetAudience string

The audience for the ID token.

bearerToken string

The token to authenticate the IAM request.

headers array

[optional] Additional headers to send with the request.

Returns
Type Description
string The signed string, base64-encoded.

Constants

IAM_API_ROOT

Value: 'https://iamcredentials.googleapis.com/v1'

SIGN_BLOB_PATH

Value: '%s:signBlob?alt=json'

SERVICE_ACCOUNT_NAME

Value: 'projects/-/serviceAccounts/%s'