generateAccessToken method
Generates a new access token for the impersonated service account.
This method calls the IAM Credentials API generateAccessToken endpoint to obtain a new access token. The token will be valid for the duration specified when the client was created.
Returns AccessCredentials containing the new access token.
Throws ServerRequestFailedException if the request fails.
Implementation
Future<AccessCredentials> generateAccessToken() async {
final encodedEmail = Uri.encodeComponent(_targetServiceAccount);
final tokenUrl = Uri.parse(
'https://iamcredentials.$_universeDomain/v1/projects/-/serviceAccounts/$encodedEmail:generateAccessToken',
);
final requestBody = jsonEncode({
'scope': _targetScopes,
if (_delegates != null) 'delegates': _delegates,
'lifetime': '${_lifetime.inSeconds}s',
});
final request = http.Request('POST', tokenUrl)
..headers['Content-Type'] = 'application/json'
..body = requestBody;
final responseJson = await _sourceClient.requestJson(
request,
'Failed to generate access token for impersonated service account.',
);
final (accessToken, expireTime) = switch (responseJson) {
{'accessToken': final String t, 'expireTime': final String e} => (t, e),
_ => throw ServerRequestFailedException(
'IAM generateAccessToken response missing required fields.',
responseContent: responseJson,
),
};
// Parse RFC 3339 timestamp
final expiry = DateTime.parse(expireTime);
return AccessCredentials(
AccessToken('Bearer', accessToken, expiry),
null,
_targetScopes,
);
}