Class ImpersonatedCredential

Allows a service account or user credential to impersonate a service account. See https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials and https://cloud.google.com/iam/docs/impersonating-service-accounts for more information.

Inheritance
object
ServiceCredential
ImpersonatedCredential
Implements
IHttpUnsuccessfulResponseHandler
IConfigurableHttpClientInitializer
IHttpExecuteInterceptor
Inherited Members
Namespace: Google.Apis.Auth.OAuth2
Assembly: Google.Apis.Auth.dll
Syntax
public sealed class ImpersonatedCredential : ServiceCredential, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IBlobSigner

Properties

DelegateAccounts

Gets the chained list of delegate service accounts. May be empty.

Declaration
public IEnumerable<string> DelegateAccounts { get; }
Property Value
Type Description
IEnumerable<string>

Lifetime

Gets the lifetime of the delegated credential. This is how long the delegated credential should be valid from the time of the first request made with this credential.

Declaration
public TimeSpan Lifetime { get; }
Property Value
Type Description
TimeSpan

SourceCredential

Gets the source credential used to acquire the impersonated credentials.

Declaration
public GoogleCredential SourceCredential { get; }
Property Value
Type Description
GoogleCredential

TargetPrincipal

Gets the service account to impersonate.

Declaration
public string TargetPrincipal { get; }
Property Value
Type Description
string

Methods

GetOidcTokenAsync(OidcTokenOptions, CancellationToken)

Returns an OIDC token for the given options.

Declaration
public Task<OidcToken> GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default)
Parameters
Type Name Description
OidcTokenOptions options

The options to create the token from.
CancellationToken cancellationToken

The cancellation token that may be used to cancel the request.
Returns
Type Description
Task<OidcToken>

The OIDC token.

RequestAccessTokenAsync(CancellationToken)

Requests a new token.

Declaration
public override Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
Parameters
Type Name Description
CancellationToken taskCancellationToken

Cancellation token to cancel operation.
Returns
Type Description
Task<bool>

true if a new token was received successfully.
Overrides

SignBlobAsync(byte[], CancellationToken)

Signs the provided blob using the private key associated with the impersonated service account.

Declaration
public Task<string> SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default)
Parameters
Type Name Description
byte[] blob

The blob to sign.
CancellationToken cancellationToken

Cancellation token to cancel operation.
Returns
Type Description
Task<string>

The base64 encoded signature.
Exceptions
Type Condition
HttpRequestException

When signing request fails.
JsonException

When signing response is not a valid JSON.

Implements

Google.Apis.Http.IHttpUnsuccessfulResponseHandler
Google.Apis.Http.IConfigurableHttpClientInitializer
Google.Apis.Http.IHttpExecuteInterceptor