Class ExternalAccountCredential
Base class for external account credentials.
Inheritance
Implements
Inherited Members
Namespace: Google.Apis.Auth.OAuth2
Assembly: Google.Apis.Auth.dll
Syntax
public abstract class ExternalAccountCredential : ServiceCredential, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandlerProperties
Audience
The STS audience which contains the resource name for the workload identity pool or the workforce pool and the provider identifier in that pool.
Declaration
public string Audience { get; }Property Value
| Type | Description |
|---|---|
| string |
ClientId
The Client ID.
Declaration
public string ClientId { get; }Property Value
| Type | Description |
|---|---|
| string |
Remarks
Client ID and Client secret are currently only required if the token info endpoint needs to be called with the generated GCP access token. When provided, STS will be called with additional basic authentication using ClientId as username and ClientSecret as password.
ClientSecret
The client secret.
Declaration
public string ClientSecret { get; }Property Value
| Type | Description |
|---|---|
| string |
Remarks
Client ID and Client secret are currently only required if the token info endpoint needs to be called with the generated GCP access token. When provided, STS will be called with additional basic authentication using ClientId as username and ClientSecret as password.
ServiceAccountImpersonationUrl
This is the URL for the service account impersonation request. If this is not set, the STS-returned access token should be directly used without impersonation.
Declaration
public string ServiceAccountImpersonationUrl { get; }Property Value
| Type | Description |
|---|---|
| string |
SubjectTokenType
The STS subject token type based on the OAuth 2.0 token exchange spec.
Declaration
public string SubjectTokenType { get; }Property Value
| Type | Description |
|---|---|
| string |
UniverseDomain
The universe domain this credential belogns to. Won't be null.
Declaration
public string UniverseDomain { get; }Property Value
| Type | Description |
|---|---|
| string |
WorkforcePoolUserProject
The GCP project number to be used for Workforce Pools external credentials.
Declaration
public string WorkforcePoolUserProject { get; }Property Value
| Type | Description |
|---|---|
| string |
Remarks
If this external account credential represents a Workforce Pool enabled identity and this values is not specified, then an API key needs to be used alongside this credential to call Google APIs.
Methods
GetSubjectTokenAsyncImpl(CancellationToken)
Gets the subject token to be exchanged for the access token.
Declaration
protected abstract Task<string> GetSubjectTokenAsyncImpl(CancellationToken taskCancellationToken)Parameters
| Type | Name | Description |
|---|---|---|
| CancellationToken | taskCancellationToken |
Returns
| Type | Description |
|---|---|
| Task<string> |
RequestAccessTokenAsync(CancellationToken)
Requests a new token.
Declaration
public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)Parameters
| Type | Name | Description |
|---|---|---|
| CancellationToken | taskCancellationToken | Cancellation token to cancel operation. |
Returns
| Type | Description |
|---|---|
| Task<bool> |
|