Reference documentation and code samples for the Google Auth Library Client class Iam.
Tools for using the IAM API.
Namespace
Google \ AuthMethods
__construct
| Parameters | |
|---|---|
| Name | Description |
httpHandler |
callable|null
[optional] The HTTP Handler to send requests. |
universeDomain |
string
|
signBlob
Sign a string using the IAM signBlob API.
Note that signing using IAM requires your service account to have the
iam.serviceAccounts.signBlob permission, part of the "Service Account
Token Creator" IAM role.
| Parameters | |
|---|---|
| Name | Description |
email |
string
The service account email. |
accessToken |
string
An access token from the service account. |
stringToSign |
string
The string to be signed. |
delegates |
string[]
[optional] A list of service account emails to
add to the delegate chain. If omitted, the value of |
| Returns | |
|---|---|
| Type | Description |
string |
The signed string, base64-encoded. |
generateIdToken
Sign a string using the IAM signBlob API.
Note that signing using IAM requires your service account to have the
iam.serviceAccounts.signBlob permission, part of the "Service Account
Token Creator" IAM role.
| Parameters | |
|---|---|
| Name | Description |
clientEmail |
string
The service account email. |
targetAudience |
string
The audience for the ID token. |
bearerToken |
string
The token to authenticate the IAM request. |
headers |
array
[optional] Additional headers to send with the request. |
| Returns | |
|---|---|
| Type | Description |
string |
The signed string, base64-encoded. |
Constants
IAM_API_ROOT
Value: 'https://iamcredentials.googleapis.com/v1'SIGN_BLOB_PATH
Value: '%s:signBlob?alt=json'SERVICE_ACCOUNT_NAME
Value: 'projects/-/serviceAccounts/%s'