ImpersonatedAuthClient constructor

ImpersonatedAuthClient({
  1. required AuthClient sourceClient,
  2. required String targetServiceAccount,
  3. required List<String> targetScopes,
  4. List<String>? delegates,
  5. String universeDomain = defaultUniverseDomain,
  6. Duration lifetime = const Duration(hours: 1),
})

Creates an ImpersonatedAuthClient instance.

sourceClient is the authenticated client used to make IAM API requests.

targetServiceAccount is the email of the service account to impersonate.

targetScopes are the OAuth2 scopes to request for the impersonated service account.

delegates is an optional list of service accounts in a delegation chain. Each service account must be granted roles/iam.serviceAccountTokenCreator on the next service account in the chain.

universeDomain specifies the universe domain for constructing the IAM endpoint. Defaults to defaultUniverseDomain.

lifetime specifies how long the access token should be valid. Defaults to 3600 seconds (1 hour). Maximum is 43200 seconds (12 hours).

Implementation

ImpersonatedAuthClient({
  required AuthClient sourceClient,
  required String targetServiceAccount,
  required List<String> targetScopes,
  List<String>? delegates,
  String universeDomain = defaultUniverseDomain,
  Duration lifetime = const Duration(hours: 1),
}) : _sourceClient = sourceClient,
     _targetServiceAccount = targetServiceAccount,
     _targetScopes = List.unmodifiable(targetScopes),
     _delegates = delegates != null ? List.unmodifiable(delegates) : null,
     _universeDomain = universeDomain,
     _lifetime = lifetime,
     _credentials = AccessCredentials(
       AccessToken('Bearer', '', DateTime.now().toUtc()),
       null,
       targetScopes,
     ),
     super(sourceClient, closeUnderlyingClient: false);