Reference documentation and code samples for the Google Cloud Eventarc V1 Client class OidcToken.
Represents a config used to authenticate with a Google OIDC token using a GCP service account. Use this authentication method to invoke your Cloud Run and Cloud Functions destinations or HTTP endpoints that support Google OIDC.
Generated from protobuf message google.cloud.eventarc.v1.Pipeline.Destination.AuthenticationConfig.OidcToken
Namespace
Google \ Cloud \ Eventarc \ V1 \ Pipeline \ Destination \ AuthenticationConfigMethods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ service_account |
string
Required. Service account email used to generate the OIDC Token. The principal who calls this API must have iam.serviceAccounts.actAs permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts?hl=en#sa_common for more information. Eventarc service agents must have roles/roles/iam.serviceAccountTokenCreator role to allow the Pipeline to create OpenID tokens for authenticated requests. |
↳ audience |
string
Optional. Audience to be used to generate the OIDC Token. The audience claim identifies the recipient that the JWT is intended for. If unspecified, the destination URI will be used. |
getServiceAccount
Required. Service account email used to generate the OIDC Token.
The principal who calls this API must have iam.serviceAccounts.actAs permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts?hl=en#sa_common for more information. Eventarc service agents must have roles/roles/iam.serviceAccountTokenCreator role to allow the Pipeline to create OpenID tokens for authenticated requests.
| Returns | |
|---|---|
| Type | Description |
string |
|
setServiceAccount
Required. Service account email used to generate the OIDC Token.
The principal who calls this API must have iam.serviceAccounts.actAs permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts?hl=en#sa_common for more information. Eventarc service agents must have roles/roles/iam.serviceAccountTokenCreator role to allow the Pipeline to create OpenID tokens for authenticated requests.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getAudience
Optional. Audience to be used to generate the OIDC Token. The audience claim identifies the recipient that the JWT is intended for.
If unspecified, the destination URI will be used.
| Returns | |
|---|---|
| Type | Description |
string |
|
setAudience
Optional. Audience to be used to generate the OIDC Token. The audience claim identifies the recipient that the JWT is intended for.
If unspecified, the destination URI will be used.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|