Google API Client Library for .NET  1.10.0
Classes | Public Member Functions | Static Protected Attributes | Properties | List of all members
Google.Apis.Auth.OAuth2.ServiceAccountCredential Class Reference

Google OAuth 2.0 credential for accessing protected resources using an access token. The Google OAuth 2.0 Authorization Server supports server-to-server interactions such as those between a web application and Google Cloud Storage. The requesting application has to prove its own identity to gain access to an API, and an end-user doesn't have to be involved. More...

Inheritance diagram for Google.Apis.Auth.OAuth2.ServiceAccountCredential:
Google.Apis.Auth.OAuth2.ServiceCredential Google.Apis.Auth.OAuth2.ICredential Google.Apis.Http.IHttpExecuteInterceptor Google.Apis.Http.IHttpUnsuccessfulResponseHandler Google.Apis.Http.IConfigurableHttpClientInitializer Google.Apis.Auth.OAuth2.ITokenAccess

Classes

class  Initializer
 An initializer class for the service account credential. More...
 

Public Member Functions

 ServiceAccountCredential (Initializer initializer)
 Constructs a new service account credential using the given initializer. More...
 
override async Task< bool > RequestAccessTokenAsync (CancellationToken taskCancellationToken)
 Requests a new token as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount#makingrequest. More...
 
override async Task< string > GetAccessTokenForRequestAsync (string authUri=null, CancellationToken cancellationToken=default(CancellationToken))
 Gets an access token to authorize a request. If authUri is set and this credential has no scopes associated with it, a locally signed JWT access token for given authUri is returned. Otherwise, an OAuth2 access token obtained from token server will be returned. A cached token is used if possible and the token is only refreshed once its close to its expiry. More...
 
- Public Member Functions inherited from Google.Apis.Auth.OAuth2.ServiceCredential
 ServiceCredential (Initializer initializer)
 Constructs a new service account credential using the given initializer. More...
 
void Initialize (ConfigurableHttpClient httpClient)
 Initializes a HTTP client after it was created. More...
 
async Task InterceptAsync (HttpRequestMessage request, CancellationToken cancellationToken)
 
async Task< bool > HandleResponseAsync (HandleUnsuccessfulResponseArgs args)
 Handles an abnormal response when sending a HTTP request. A simple rule must be followed, if you modify the request object in a way that the abnormal response can be resolved, you must return true. More...
 

Static Protected Attributes

static readonly DateTime UnixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)
 Unix epoch as a DateTime More...
 
- Static Protected Attributes inherited from Google.Apis.Auth.OAuth2.ServiceCredential
static readonly ILogger Logger = ApplicationContext.Logger.ForType<ServiceCredential>()
 

Properties

string Id [get]
 Gets the service account ID (typically an e-mail address). More...
 
string User [get]
 Gets the email address of the user the application is trying to impersonate in the service account flow or null. More...
 
IEnumerable< string > Scopes [get]
 Gets the service account scopes. More...
 
RSACryptoServiceProvider Key [get]
 Gets the key which is used to sign the request, as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount#computingsignature. More...
 
- Properties inherited from Google.Apis.Auth.OAuth2.ServiceCredential
string TokenServerUrl [get]
 Gets the token server URL. More...
 
IClock Clock [get]
 Gets the clock used to refresh the token if it expires. More...
 
IAccessMethod AccessMethod [get]
 Gets the method for presenting the access token to the resource server. More...
 
ConfigurableHttpClient HttpClient [get]
 Gets the HTTP client used to make authentication requests to the server. More...
 
TokenResponse Token [get, set]
 Gets the token response which contains the access token. More...
 

Detailed Description

Google OAuth 2.0 credential for accessing protected resources using an access token. The Google OAuth 2.0 Authorization Server supports server-to-server interactions such as those between a web application and Google Cloud Storage. The requesting application has to prove its own identity to gain access to an API, and an end-user doesn't have to be involved.

Take a look in https://developers.google.com/accounts/docs/OAuth2ServiceAccount for more details.

Since version 1.9.3, service account credential also supports JSON Web Token access token scenario. In this scenario, instead of sending a signed JWT claim to a token server and exchanging it for an access token, a locally signed JWT claim bound to an appropriate URI is used as an access token directly. See GetAccessTokenForRequestAsync for explanation when JWT access token is used and when regular OAuth2 token is used.

Constructor & Destructor Documentation

Google.Apis.Auth.OAuth2.ServiceAccountCredential.ServiceAccountCredential ( Initializer  initializer)
inline

Constructs a new service account credential using the given initializer.

Member Function Documentation

override async Task<string> Google.Apis.Auth.OAuth2.ServiceAccountCredential.GetAccessTokenForRequestAsync ( string  authUri = null,
CancellationToken  cancellationToken = default(CancellationToken) 
)
inlinevirtual

Gets an access token to authorize a request. If authUri is set and this credential has no scopes associated with it, a locally signed JWT access token for given authUri is returned. Otherwise, an OAuth2 access token obtained from token server will be returned. A cached token is used if possible and the token is only refreshed once its close to its expiry.

Parameters
authUriThe URI the returned token will grant access to.
cancellationTokenThe cancellation token.
Returns
The access token.

Reimplemented from Google.Apis.Auth.OAuth2.ServiceCredential.

override async Task<bool> Google.Apis.Auth.OAuth2.ServiceAccountCredential.RequestAccessTokenAsync ( CancellationToken  taskCancellationToken)
inlinevirtual

Requests a new token as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount#makingrequest.

Parameters
taskCancellationTokenCancellation token to cancel operation.
Returns
true if a new token was received successfully.

Implements Google.Apis.Auth.OAuth2.ServiceCredential.

Member Data Documentation

readonly DateTime Google.Apis.Auth.OAuth2.ServiceAccountCredential.UnixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)
staticprotected

Unix epoch as a DateTime

Property Documentation

string Google.Apis.Auth.OAuth2.ServiceAccountCredential.Id
get

Gets the service account ID (typically an e-mail address).

RSACryptoServiceProvider Google.Apis.Auth.OAuth2.ServiceAccountCredential.Key
get

Gets the key which is used to sign the request, as specified in https://developers.google.com/accounts/docs/OAuth2ServiceAccount#computingsignature.

IEnumerable<string> Google.Apis.Auth.OAuth2.ServiceAccountCredential.Scopes
get

Gets the service account scopes.

string Google.Apis.Auth.OAuth2.ServiceAccountCredential.User
get

Gets the email address of the user the application is trying to impersonate in the service account flow or null.


The documentation for this class was generated from the following file: