View Source GoogleApi.IAMCredentials.V1.Model.GenerateAccessTokenRequest (google_api_iam_credentials v0.13.0)
Attributes
-
delegates
(type:list(String.t)
, default:nil
) - The sequence of service accounts in a delegation chain. This field is required for delegated requests. For direct requests, which are more common, do not specify this field. Each service account must be granted theroles/iam.serviceAccountTokenCreator
role on its next service account in the chain. The last service account in the chain must be granted theroles/iam.serviceAccountTokenCreator
role on the service account that is specified in thename
field of the request. The delegates must have the following format:projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
. The-
wildcard character is required; replacing it with a project ID is invalid. -
lifetime
(type:String.t
, default:nil
) - The desired lifetime duration of the access token in seconds. By default, the maximum allowed value is 1 hour. To set a lifetime of up to 12 hours, you can add the service account as an allowed value in an Organization Policy that enforces theconstraints/iam.allowServiceAccountCredentialLifetimeExtension
constraint. See detailed instructions at https://cloud.google.com/iam/help/credentials/lifetime If a value is not specified, the token's lifetime will be set to a default value of 1 hour. -
scope
(type:list(String.t)
, default:nil
) - Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.
Summary
Functions
Unwrap a decoded JSON object into its complex fields.
Types
Functions
Unwrap a decoded JSON object into its complex fields.