Reference documentation and code samples for the Google Auth Library Client class Iam.
Tools for using the IAM API.
Namespace
Google \ AuthMethods
__construct
| Parameters | |
|---|---|
| Name | Description |
httpHandler | callable|null [optional] The HTTP Handler to send requests. |
universeDomain | string |
signBlob
Sign a string using the IAM signBlob API.
Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.
| Parameters | |
|---|---|
| Name | Description |
email | string The service account email. |
accessToken | string An access token from the service account. |
stringToSign | string The string to be signed. |
delegates | string[] [optional] A list of service account emails to add to the delegate chain. If omitted, the value of |
| Returns | |
|---|---|
| Type | Description |
string | The signed string, base64-encoded. |
generateIdToken
Sign a string using the IAM signBlob API.
Note that signing using IAM requires your service account to have the iam.serviceAccounts.signBlob permission, part of the "Service Account Token Creator" IAM role.
| Parameters | |
|---|---|
| Name | Description |
clientEmail | string The service account email. |
targetAudience | string The audience for the ID token. |
bearerToken | string The token to authenticate the IAM request. |
headers | array [optional] Additional headers to send with the request. |
| Returns | |
|---|---|
| Type | Description |
string | The signed string, base64-encoded. |
Constants
IAM_API_ROOT
Value: 'https://iamcredentials.googleapis.com/v1'SIGN_BLOB_PATH
Value: '%s:signBlob?alt=json'SERVICE_ACCOUNT_NAME
Value: 'projects/-/serviceAccounts/%s'