Types for IAM Service Account Credentials API Client#
-
class
google.cloud.iam_credentials_v1.types.
Duration
# -
nanos
# Field google.protobuf.Duration.nanos
-
seconds
# Field google.protobuf.Duration.seconds
-
-
class
google.cloud.iam_credentials_v1.types.
GenerateAccessTokenRequest
# -
name
# The resource name of the service account for which the credentials are requested, in the following format:
projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
.
-
delegates
# The sequence of service accounts in a delegation chain. Each service account must be granted the
roles/iam.serviceAccountTokenCreator
role on its next service account in the chain. The last service account in the chain must be granted theroles/iam.serviceAccountTokenCreator
role on the service account that is specified in thename
field of the request. The delegates must have the following format:projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
-
scope
# Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
-
lifetime
# The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token’s lifetime will be set to a default value of one hour.
-
delegates
Field google.iam.credentials.v1.GenerateAccessTokenRequest.delegates
-
lifetime
Field google.iam.credentials.v1.GenerateAccessTokenRequest.lifetime
-
name
Field google.iam.credentials.v1.GenerateAccessTokenRequest.name
-
scope
Field google.iam.credentials.v1.GenerateAccessTokenRequest.scope
-
-
class
google.cloud.iam_credentials_v1.types.
GenerateAccessTokenResponse
# -
access_token
# The OAuth 2.0 access token.
-
expire_time
# Token expiration time. The expiration time is always set.
-
access_token
Field google.iam.credentials.v1.GenerateAccessTokenResponse.access_token
-
expire_time
Field google.iam.credentials.v1.GenerateAccessTokenResponse.expire_time
-
-
class
google.cloud.iam_credentials_v1.types.
GenerateIdTokenRequest
# -
name
# The resource name of the service account for which the credentials are requested, in the following format:
projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
.
-
delegates
# The sequence of service accounts in a delegation chain. Each service account must be granted the
roles/iam.serviceAccountTokenCreator
role on its next service account in the chain. The last service account in the chain must be granted theroles/iam.serviceAccountTokenCreator
role on the service account that is specified in thename
field of the request. The delegates must have the following format:projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
-
audience
# The audience for the token, such as the API or account that this token grants access to.
-
include_email
# Include the service account email in the token. If set to
true
, the token will containemail
andemail_verified
claims.
-
audience
Field google.iam.credentials.v1.GenerateIdTokenRequest.audience
-
delegates
Field google.iam.credentials.v1.GenerateIdTokenRequest.delegates
-
include_email
Field google.iam.credentials.v1.GenerateIdTokenRequest.include_email
-
name
Field google.iam.credentials.v1.GenerateIdTokenRequest.name
-
-
class
google.cloud.iam_credentials_v1.types.
GenerateIdTokenResponse
# -
token
# The OpenId Connect ID token.
-
token
Field google.iam.credentials.v1.GenerateIdTokenResponse.token
-
-
class
google.cloud.iam_credentials_v1.types.
SignBlobRequest
# -
name
# The resource name of the service account for which the credentials are requested, in the following format:
projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
.
-
delegates
# The sequence of service accounts in a delegation chain. Each service account must be granted the
roles/iam.serviceAccountTokenCreator
role on its next service account in the chain. The last service account in the chain must be granted theroles/iam.serviceAccountTokenCreator
role on the service account that is specified in thename
field of the request. The delegates must have the following format:projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
-
payload
# The bytes to sign.
-
delegates
Field google.iam.credentials.v1.SignBlobRequest.delegates
-
name
Field google.iam.credentials.v1.SignBlobRequest.name
-
payload
Field google.iam.credentials.v1.SignBlobRequest.payload
-
-
class
google.cloud.iam_credentials_v1.types.
SignBlobResponse
# -
key_id
# The ID of the key used to sign the blob.
-
signed_blob
# The signed blob.
-
key_id
Field google.iam.credentials.v1.SignBlobResponse.key_id
-
signed_blob
Field google.iam.credentials.v1.SignBlobResponse.signed_blob
-
-
class
google.cloud.iam_credentials_v1.types.
SignJwtRequest
# -
name
# The resource name of the service account for which the credentials are requested, in the following format:
projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
.
-
delegates
# The sequence of service accounts in a delegation chain. Each service account must be granted the
roles/iam.serviceAccountTokenCreator
role on its next service account in the chain. The last service account in the chain must be granted theroles/iam.serviceAccountTokenCreator
role on the service account that is specified in thename
field of the request. The delegates must have the following format:projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
-
payload
# The JWT payload to sign: a JSON object that contains a JWT Claims Set.
-
delegates
Field google.iam.credentials.v1.SignJwtRequest.delegates
-
name
Field google.iam.credentials.v1.SignJwtRequest.name
-
payload
Field google.iam.credentials.v1.SignJwtRequest.payload
-