Class ServiceCredential (1.59.0)

public abstract class ServiceCredential : ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler

This type of Google OAuth 2.0 credential enables access to protected resources using an access token when interacting server to server. For example, a service account credential could be used to access Google Cloud Storage from a web application without a user's involvement.

ServiceAccountCredential inherits from this class in order to support Service Accounts. More details available at: https://developers.google.com/accounts/docs/OAuth2ServiceAccount. ComputeCredential is another example of a class that inherits from this class in order to support Compute credentials. For more information about Compute authentication, see: https://cloud.google.com/compute/docs/authentication.

ExternalAccountCredential inherits from this class to support both Workload Identity Federation and Workforce Identity Federation. You can read more about these topics in https://cloud.google.com/iam/docs/workload-identity-federation and https://cloud.google.com/iam/docs/workforce-identity-federation respectively. Note that in the case of Workforce Identity Federation, the external account does not represent a service account but a user account, so, the fact that ExternalAccountCredential inherits from ServiceCredential might be construed as misleading. In reality ServiceCredential is not tied to a service account in terms of implementation, only in terms of name. For instance, a better name for this class might have been NoUserFlowCredential, and in that sense, it's correct that ExternalAccountCredential inherits from ServiceCredential even when representing a Workforce Identity Federation account.

Inheritance

Object > ServiceCredential

Namespace

Google.Apis.Auth.OAuth2

Assembly

Google.Apis.Auth.dll

Constructors

ServiceCredential(ServiceCredential.Initializer)

public ServiceCredential(ServiceCredential.Initializer initializer)

Constructs a new service account credential using the given initializer.

Parameter
NameDescription
initializerServiceCredential.Initializer

Fields

Logger

protected static readonly ILogger Logger

Logger for this class

Field Value
TypeDescription
ILogger

Properties

AccessMethod

public IAccessMethod AccessMethod { get; }

Gets the method for presenting the access token to the resource server.

Property Value
TypeDescription
IAccessMethod

Clock

public IClock Clock { get; }

Gets the clock used to refresh the token if it expires.

Property Value
TypeDescription
IClock

HttpClient

public ConfigurableHttpClient HttpClient { get; }

Gets the HTTP client used to make authentication requests to the server.

Property Value
TypeDescription
ConfigurableHttpClient

QuotaProject

public string QuotaProject { get; }

The ID of the project associated to this credential for the purposes of quota calculation and billing. May be null.

Property Value
TypeDescription
String

Scopes

public IEnumerable<string> Scopes { get; set; }

Scopes to request during the authorization grant. May be null or empty.

Property Value
TypeDescription
IEnumerable<String>
Remarks

If the scopes are pre-granted through the environment, like in GCE where scopes are granted to the VM, scopes set here will be ignored.

Token

public TokenResponse Token { get; set; }

Gets the token response which contains the access token.

Property Value
TypeDescription
TokenResponse

TokenServerUrl

public string TokenServerUrl { get; }

Gets the token server URL.

Property Value
TypeDescription
String

Methods

BuildCreateHttpClientArgs()

protected CreateHttpClientArgs BuildCreateHttpClientArgs()

Builds HTTP client creation args from this credential settings.

Returns
TypeDescription
CreateHttpClientArgs

GetAccessTokenForRequestAsync(String, CancellationToken)

public virtual Task<string> GetAccessTokenForRequestAsync(string authUri = null, CancellationToken cancellationToken = default(CancellationToken))

Gets an access token to authorize a request. If the existing token expires soon, try to refresh it first. GetAccessTokenForRequestAsync(String, CancellationToken)

Parameters
NameDescription
authUriString
cancellationTokenCancellationToken
Returns
TypeDescription
Task<String>

GetAccessTokenWithHeadersForRequestAsync(String, CancellationToken)

public async Task<AccessTokenWithHeaders> GetAccessTokenWithHeadersForRequestAsync(string authUri = null, CancellationToken cancellationToken = default(CancellationToken))

Gets an access token to authorize a request. The token might be accompanied by extra information that should be sent in the form of headers. Implementations should handle automatic refreshes of the token if they are supported. The authUri might be required by some credential types (e.g. the JWT access token) while other credential types migth just ignore it.

Parameters
NameDescription
authUriString

The URI the returned token will grant access to.

cancellationTokenCancellationToken

The cancellation token.

Returns
TypeDescription
Task<AccessTokenWithHeaders>

The access token with headers if any.

HandleResponseAsync(HandleUnsuccessfulResponseArgs)

public async Task<bool> HandleResponseAsync(HandleUnsuccessfulResponseArgs args)

Decorates unsuccessful responses, returns true if the response gets modified. See IHttpUnsuccessfulResponseHandler for more information.

Parameter
NameDescription
argsHandleUnsuccessfulResponseArgs
Returns
TypeDescription
Task<Boolean>

Initialize(ConfigurableHttpClient)

public void Initialize(ConfigurableHttpClient httpClient)

Initializes a HTTP client after it was created.

Parameter
NameDescription
httpClientConfigurableHttpClient

InterceptAsync(HttpRequestMessage, CancellationToken)

public async Task InterceptAsync(HttpRequestMessage request, CancellationToken cancellationToken)
Invoked before the request is being sent.
Parameters
NameDescription
requestHttpRequestMessage

The HTTP request message.

cancellationTokenCancellationToken

Cancellation token to cancel the operation.

Returns
TypeDescription
Task

RequestAccessTokenAsync(CancellationToken)

public abstract Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)

Requests a new token.

Parameter
NameDescription
taskCancellationTokenCancellationToken

Cancellation token to cancel operation.

Returns
TypeDescription
Task<Boolean>

true if a new token was received successfully.

Extension Method