Class ImpersonatedCredential

Allows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.

Inheritance
System.Object
ServiceCredential
ImpersonatedCredential
Implements
Google.Apis.Http.IHttpExecuteInterceptor
Google.Apis.Http.IHttpUnsuccessfulResponseHandler
Google.Apis.Http.IConfigurableHttpClientInitializer
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Google.Apis.Auth.OAuth2
Assembly: Google.Apis.Auth.dll
Syntax
public sealed class ImpersonatedCredential : ServiceCredential, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, IGoogleCredential, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IBlobSigner

Properties

DelegateAccounts

Gets the chained list of delegate service accounts. May be empty.

Declaration
public IEnumerable<string> DelegateAccounts { get; }
Property Value
Type Description
System.Collections.Generic.IEnumerable<System.String>

Lifetime

Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.

Declaration
public TimeSpan Lifetime { get; }
Property Value
Type Description
System.TimeSpan

Scopes

Gets the scopes to request during the authorization grant. May be empty.

Declaration
public IEnumerable<string> Scopes { get; }
Property Value
Type Description
System.Collections.Generic.IEnumerable<System.String>

SourceCredential

Gets the source credential used to acquire the impersonated credentials.

Declaration
public GoogleCredential SourceCredential { get; }
Property Value
Type Description
GoogleCredential

TargetPrincipal

Gets the service account to impersonate.

Declaration
public string TargetPrincipal { get; }
Property Value
Type Description
System.String

Methods

GetOidcTokenAsync(OidcTokenOptions, CancellationToken)

Returns an OIDC token for the given options.

Declaration
public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default(CancellationToken))
Parameters
Type Name Description
OidcTokenOptions options

The options to create the token from.
System.Threading.CancellationToken cancellationToken

The cancellation token that may be used to cancel the request.
Returns
Type Description
System.Threading.Tasks.Task<OidcToken>

The OIDC token.

RequestAccessTokenAsync(CancellationToken)

Requests a new token.

Declaration
public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
Parameters
Type Name Description
System.Threading.CancellationToken taskCancellationToken

Cancellation token to cancel operation.
Returns
Type Description
System.Threading.Tasks.Task<System.Boolean>

true if a new token was received successfully.
Overrides

SignBlobAsync(Byte[], CancellationToken)

Signs the provided blob using the private key associated with the impersonated service account.

Declaration
public Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default(CancellationToken))
Parameters
Type Name Description
System.Byte[] blob

The blob to sign.
System.Threading.CancellationToken cancellationToken

Cancellation token to cancel operation.
Returns
Type Description
System.Threading.Tasks.Task<System.String>

The base64 encoded signature.
Exceptions
Type Condition
System.Net.Http.HttpRequestException

When signing request fails.
Newtonsoft.Json.JsonException

When signing response is not a valid JSON.

Implements

Google.Apis.Http.IHttpExecuteInterceptor
Google.Apis.Http.IHttpUnsuccessfulResponseHandler
Google.Apis.Http.IConfigurableHttpClientInitializer