GenerateAccessTokenRequest
import type { GenerateAccessTokenRequest } from "https://googleapis.deno.dev/v1/iamcredentials:v1.ts";
§Properties
The sequence of service accounts in a delegation chain. This field is
required for delegated
requests.
For direct
requests,
which are more common, do not specify this field. Each service account must
be granted the roles/iam.serviceAccountTokenCreator
role on its next
service account in the chain. The last service account in the chain must be
granted the roles/iam.serviceAccountTokenCreator
role on the service
account that is specified in the name
field of the request. The delegates
must have the following format:
projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}
. The -
wildcard
character is required; replacing it with a project ID is invalid.
The desired lifetime duration of the access token in seconds. By default,
the maximum allowed value is 1 hour. To set a lifetime of up to 12 hours,
you can add the service account as an allowed value in an Organization
Policy that enforces the
constraints/iam.allowServiceAccountCredentialLifetimeExtension
constraint. See detailed instructions at
https://cloud.google.com/iam/help/credentials/lifetime If a value is not
specified, the token's lifetime will be set to a default value of 1 hour.
Required. Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.