Types for IAM Service Account Credentials API Client#

class google.cloud.iam_credentials_v1.types.Duration#
nanos#

Field google.protobuf.Duration.nanos

seconds#

Field google.protobuf.Duration.seconds

class google.cloud.iam_credentials_v1.types.GenerateAccessTokenRequest#
name#

The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}.

delegates#

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}

scope#

Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

lifetime#

The desired lifetime duration of the access token in seconds. Must be set to a value less than or equal to 3600 (1 hour). If a value is not specified, the token’s lifetime will be set to a default value of one hour.

delegates

Field google.iam.credentials.v1.GenerateAccessTokenRequest.delegates

lifetime

Field google.iam.credentials.v1.GenerateAccessTokenRequest.lifetime

name

Field google.iam.credentials.v1.GenerateAccessTokenRequest.name

scope

Field google.iam.credentials.v1.GenerateAccessTokenRequest.scope

class google.cloud.iam_credentials_v1.types.GenerateAccessTokenResponse#
access_token#

The OAuth 2.0 access token.

expire_time#

Token expiration time. The expiration time is always set.

access_token

Field google.iam.credentials.v1.GenerateAccessTokenResponse.access_token

expire_time

Field google.iam.credentials.v1.GenerateAccessTokenResponse.expire_time

class google.cloud.iam_credentials_v1.types.GenerateIdTokenRequest#
name#

The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}.

delegates#

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}

audience#

The audience for the token, such as the API or account that this token grants access to.

include_email#

Include the service account email in the token. If set to true, the token will contain email and email_verified claims.

audience

Field google.iam.credentials.v1.GenerateIdTokenRequest.audience

delegates

Field google.iam.credentials.v1.GenerateIdTokenRequest.delegates

include_email

Field google.iam.credentials.v1.GenerateIdTokenRequest.include_email

name

Field google.iam.credentials.v1.GenerateIdTokenRequest.name

class google.cloud.iam_credentials_v1.types.GenerateIdTokenResponse#
token#

The OpenId Connect ID token.

token

Field google.iam.credentials.v1.GenerateIdTokenResponse.token

class google.cloud.iam_credentials_v1.types.SignBlobRequest#
name#

The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}.

delegates#

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}

payload#

The bytes to sign.

delegates

Field google.iam.credentials.v1.SignBlobRequest.delegates

name

Field google.iam.credentials.v1.SignBlobRequest.name

payload

Field google.iam.credentials.v1.SignBlobRequest.payload

class google.cloud.iam_credentials_v1.types.SignBlobResponse#
key_id#

The ID of the key used to sign the blob.

signed_blob#

The signed blob.

key_id

Field google.iam.credentials.v1.SignBlobResponse.key_id

signed_blob

Field google.iam.credentials.v1.SignBlobResponse.signed_blob

class google.cloud.iam_credentials_v1.types.SignJwtRequest#
name#

The resource name of the service account for which the credentials are requested, in the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}.

delegates#

The sequence of service accounts in a delegation chain. Each service account must be granted the roles/iam.serviceAccountTokenCreator role on its next service account in the chain. The last service account in the chain must be granted the roles/iam.serviceAccountTokenCreator role on the service account that is specified in the name field of the request. The delegates must have the following format: projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}

payload#

The JWT payload to sign: a JSON object that contains a JWT Claims Set.

delegates

Field google.iam.credentials.v1.SignJwtRequest.delegates

name

Field google.iam.credentials.v1.SignJwtRequest.name

payload

Field google.iam.credentials.v1.SignJwtRequest.payload

class google.cloud.iam_credentials_v1.types.SignJwtResponse#
key_id#

The ID of the key used to sign the JWT.

signed_jwt#

The signed JWT.

key_id

Field google.iam.credentials.v1.SignJwtResponse.key_id

signed_jwt

Field google.iam.credentials.v1.SignJwtResponse.signed_jwt

class google.cloud.iam_credentials_v1.types.Timestamp#
nanos#

Field google.protobuf.Timestamp.nanos

seconds#

Field google.protobuf.Timestamp.seconds