Class ServiceCredential (1.68.0)

public abstract class ServiceCredential : ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler

This type of Google OAuth 2.0 credential enables access to protected resources using an access token when interacting server to server. For example, a service account credential could be used to access Google Cloud Storage from a web application without a user's involvement.

ServiceAccountCredential inherits from this class in order to support Service Accounts. More details available at: https://developers.google.com/accounts/docs/OAuth2ServiceAccount. ComputeCredential is another example of a class that inherits from this class in order to support Compute credentials. For more information about Compute authentication, see: https://cloud.google.com/compute/docs/authentication.

ExternalAccountCredential inherits from this class to support both Workload Identity Federation and Workforce Identity Federation. You can read more about these topics in https://cloud.google.com/iam/docs/workload-identity-federation and https://cloud.google.com/iam/docs/workforce-identity-federation respectively. Note that in the case of Workforce Identity Federation, the external account does not represent a service account but a user account, so, the fact that ExternalAccountCredential inherits from ServiceCredential might be construed as misleading. In reality ServiceCredential is not tied to a service account in terms of implementation, only in terms of name. For instance, a better name for this class might have been NoUserFlowCredential, and in that sense, it's correct that ExternalAccountCredential inherits from ServiceCredential even when representing a Workforce Identity Federation account.

Inheritance

object > ServiceCredential

Implements

ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Derived Types

ComputeCredential

ExternalAccountCredential

ImpersonatedCredential

ServiceAccountCredential

Namespace

Google.Apis.Auth.OAuth2

Assembly

Google.Apis.Auth.dll

Constructors

ServiceCredential(Initializer)

public ServiceCredential(ServiceCredential.Initializer initializer)

Constructs a new service account credential using the given initializer.

Parameter
Name	Description
`initializer`	`ServiceCredentialInitializer`

Fields

Logger

protected static readonly ILogger Logger

Logger for this class

Field Value
Type	Description
`ILogger`

Properties

AccessMethod

public IAccessMethod AccessMethod { get; }

Gets the method for presenting the access token to the resource server.

Property Value
Type	Description
`IAccessMethod`

Clock

public IClock Clock { get; }

Gets the clock used to refresh the token if it expires.

Property Value
Type	Description
`IClock`

HttpClient

public ConfigurableHttpClient HttpClient { get; }

Gets the HTTP client used to make authentication requests to the server.

Property Value
Type	Description
`ConfigurableHttpClient`

QuotaProject

public string QuotaProject { get; }

The ID of the project associated to this credential for the purposes of quota calculation and billing. May be null.

Property Value
Type	Description
`string`

Scopes

public IEnumerable<string> Scopes { get; set; }

Scopes to request during the authorization grant. May be null or empty.

Property Value
Type	Description
`IEnumerablestring`

Remarks

If the scopes are pre-granted through the environment, like in GCE where scopes are granted to the VM, scopes set here will be ignored.

Token

public TokenResponse Token { get; set; }

Gets the token response which contains the access token.

Property Value
Type	Description
`TokenResponse`

TokenServerUrl

public string TokenServerUrl { get; }

Gets the token server URL.

Property Value
Type	Description
`string`

Remarks

May be null for credential types that resolve token endpoints just before obtaining an access token. This is the case for ImpersonatedCredential where the SourceCredential is a ComputeCredential.

Methods

BuildCreateHttpClientArgs()

protected CreateHttpClientArgs BuildCreateHttpClientArgs()

Builds HTTP client creation args from this credential settings.

Returns
Type	Description
`CreateHttpClientArgs`

GetAccessTokenForRequestAsync(string, CancellationToken)

public virtual Task<string> GetAccessTokenForRequestAsync(string authUri = null, CancellationToken cancellationToken = default)

Gets an access token to authorize a request. If the existing token expires soon, try to refresh it first. GetAccessTokenForRequestAsync(string, CancellationToken)

Parameters
Name	Description
`authUri`	`string`
`cancellationToken`	`CancellationToken`

Returns
Type	Description
`Taskstring`

GetAccessTokenWithHeadersForRequestAsync(string, CancellationToken)

public Task<AccessTokenWithHeaders> GetAccessTokenWithHeadersForRequestAsync(string authUri = null, CancellationToken cancellationToken = default)

Gets an access token to authorize a request. The token might be accompanied by extra information that should be sent in the form of headers. Implementations should handle automatic refreshes of the token if they are supported. The authUri might be required by some credential types (e.g. the JWT access token) while other credential types migth just ignore it.

Parameters
Name	Description
`authUri`	`string` The URI the returned token will grant access to.
`cancellationToken`	`CancellationToken` The cancellation token.

Returns
Type	Description
`TaskAccessTokenWithHeaders`	The access token with headers if any.

HandleResponseAsync(HandleUnsuccessfulResponseArgs)

public Task<bool> HandleResponseAsync(HandleUnsuccessfulResponseArgs args)

Decorates unsuccessful responses, returns true if the response gets modified. See IHttpUnsuccessfulResponseHandler for more information.

Parameter
Name	Description
`args`	`HandleUnsuccessfulResponseArgs`

Returns
Type	Description
`Taskbool`

Initialize(ConfigurableHttpClient)

public void Initialize(ConfigurableHttpClient httpClient)

Initializes a HTTP client after it was created.

Parameter
Name	Description
`httpClient`	`ConfigurableHttpClient`

InterceptAsync(HttpRequestMessage, CancellationToken)

public Task InterceptAsync(HttpRequestMessage request, CancellationToken cancellationToken)

Invoked before the request is being sent.

Parameters
Name	Description
`request`	`HttpRequestMessage` The HTTP request message.
`cancellationToken`	`CancellationToken` Cancellation token to cancel the operation.

Returns
Type	Description
`Task`

RequestAccessTokenAsync(CancellationToken)

public abstract Task<bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)

Requests a new token.

Parameter
Name	Description
`taskCancellationToken`	`CancellationToken` Cancellation token to cancel operation.

Returns
Type	Description
`Taskbool`	`true` if a new token was received successfully.

Extension Method

Utilities.ThrowIfNull<T>(T, string)