Gets the lifetime of the delegated credential.
This is how long the delegated credential should be valid from the time
of the first request made with this credential.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eImpersonatedCredential\u003c/code\u003e class allows a service account or user credential to act on behalf of another service account.\u003c/p\u003e\n"],["\u003cp\u003eIt inherits from \u003ccode\u003eServiceCredential\u003c/code\u003e and implements multiple interfaces, including \u003ccode\u003eIHttpUnsuccessfulResponseHandler\u003c/code\u003e, \u003ccode\u003eIOidcTokenProvider\u003c/code\u003e, and \u003ccode\u003eIBlobSigner\u003c/code\u003e, among others.\u003c/p\u003e\n"],["\u003cp\u003eKey properties include \u003ccode\u003eDelegateAccounts\u003c/code\u003e, \u003ccode\u003eLifetime\u003c/code\u003e, \u003ccode\u003eSourceCredential\u003c/code\u003e, and \u003ccode\u003eTargetPrincipal\u003c/code\u003e, which manage the delegation chain, credential validity period, the source credential, and the service account being impersonated, respectively.\u003c/p\u003e\n"],["\u003cp\u003eThe class offers methods such as \u003ccode\u003eGetOidcTokenAsync\u003c/code\u003e, \u003ccode\u003eRequestAccessTokenAsync\u003c/code\u003e, and \u003ccode\u003eSignBlobAsync\u003c/code\u003e to manage tokens, request access, and sign data using the impersonated service account's credentials.\u003c/p\u003e\n"],["\u003cp\u003eThe available versions for this class are listed, starting from the latest version 1.69.0 down to version 1.50.0, indicating a range of available versions.\u003c/p\u003e\n"]]],[],null,["# Class ImpersonatedCredential (1.69.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.69.0 (latest)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ImpersonatedCredential)\n- [1.68.0](/dotnet/docs/reference/Google.Apis/1.68.0/Google.Apis.Auth.OAuth2.ImpersonatedCredential)\n- [1.60.0](/dotnet/docs/reference/Google.Apis/1.60.0/Google.Apis.Auth.OAuth2.ImpersonatedCredential)\n- [1.59.0](/dotnet/docs/reference/Google.Apis/1.59.0/Google.Apis.Auth.OAuth2.ImpersonatedCredential)\n- [1.55.0](/dotnet/docs/reference/Google.Apis/1.55.0/Google.Apis.Auth.OAuth2.ImpersonatedCredential)\n- [1.50.0](/dotnet/docs/reference/Google.Apis/1.50.0/Google.Apis.Auth.OAuth2.ImpersonatedCredential) \n\n public sealed class ImpersonatedCredential : ServiceCredential, IHttpUnsuccessfulResponseHandler, IOidcTokenProvider, ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IBlobSigner\n\nAllows a service account or user credential to impersonate a service account.\nSee \u003chttps://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\u003e\nand \u003chttps://cloud.google.com/iam/docs/impersonating-service-accounts\u003e\nfor more information. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e [ServiceCredential](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential) \\\u003e ImpersonatedCredential \n\nImplements\n----------\n\n[IHttpUnsuccessfulResponseHandler](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Http.IHttpUnsuccessfulResponseHandler), [IOidcTokenProvider](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.IOidcTokenProvider), [ICredential](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ICredential), [IConfigurableHttpClientInitializer](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Http.IConfigurableHttpClientInitializer), [ITokenAccessWithHeaders](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ITokenAccessWithHeaders), [ITokenAccess](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ITokenAccess), [IHttpExecuteInterceptor](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Http.IHttpExecuteInterceptor), [IBlobSigner](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.IBlobSigner) \n\nInherited Members\n-----------------\n\n[ServiceCredential.TokenServerUrl](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_TokenServerUrl) \n[ServiceCredential.Clock](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_Clock) \n[ServiceCredential.AccessMethod](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_AccessMethod) \n[ServiceCredential.HttpClient](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_HttpClient) \n[ServiceCredential.Scopes](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_Scopes) \n[ServiceCredential.Token](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_Token) \n[ServiceCredential.QuotaProject](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_QuotaProject) \n[ServiceCredential.Initialize(ConfigurableHttpClient)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_Initialize_Google_Apis_Http_ConfigurableHttpClient_) \n[ServiceCredential.InterceptAsync(HttpRequestMessage, CancellationToken)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_InterceptAsync_System_Net_Http_HttpRequestMessage_System_Threading_CancellationToken_) \n[ServiceCredential.HandleResponseAsync(HandleUnsuccessfulResponseArgs)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_HandleResponseAsync_Google_Apis_Http_HandleUnsuccessfulResponseArgs_) \n[ServiceCredential.GetAccessTokenForRequestAsync(string, CancellationToken)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_GetAccessTokenForRequestAsync_System_String_System_Threading_CancellationToken_) \n[ServiceCredential.GetAccessTokenWithHeadersForRequestAsync(string, CancellationToken)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_GetAccessTokenWithHeadersForRequestAsync_System_String_System_Threading_CancellationToken_) \n[object.Equals(object)](https://learn.microsoft.com/dotnet/api/system.object.equals#system-object-equals(system-object)) \n[object.Equals(object, object)](https://learn.microsoft.com/dotnet/api/system.object.equals#system-object-equals(system-object-system-object)) \n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ReferenceEquals(object, object)](https://learn.microsoft.com/dotnet/api/system.object.referenceequals) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Apis.Auth.OAuth2](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2)\n\nAssembly\n--------\n\nGoogle.Apis.Auth.dll\n\nProperties\n----------\n\n### DelegateAccounts\n\n public IEnumerable\u003cstring\u003e DelegateAccounts { get; }\n\nGets the chained list of delegate service accounts. May be empty.\n\n### Lifetime\n\n public TimeSpan Lifetime { get; }\n\nGets the lifetime of the delegated credential.\nThis is how long the delegated credential should be valid from the time\nof the first request made with this credential.\n\n### SourceCredential\n\n public GoogleCredential SourceCredential { get; }\n\nGets the source credential used to acquire the impersonated credentials.\n\n### TargetPrincipal\n\n public string TargetPrincipal { get; }\n\nGets the service account to impersonate.\n\nMethods\n-------\n\n### GetOidcTokenAsync(OidcTokenOptions, CancellationToken)\n\n public Task\u003cOidcToken\u003e GetOidcTokenAsync(OidcTokenOptions options, CancellationToken cancellationToken = default)\n\nReturns an OIDC token for the given options.\n\n### RequestAccessTokenAsync(CancellationToken)\n\n public override Task\u003cbool\u003e RequestAccessTokenAsync(CancellationToken taskCancellationToken)\n\nRequests a new token.\n\n**Overrides** \n[ServiceCredential.RequestAccessTokenAsync(CancellationToken)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ServiceCredential#Google_Apis_Auth_OAuth2_ServiceCredential_RequestAccessTokenAsync_System_Threading_CancellationToken_)\n\n### SignBlobAsync(byte\\[\\], CancellationToken)\n\n public Task\u003cstring\u003e SignBlobAsync(byte[] blob, CancellationToken cancellationToken = default)\n\nSigns the provided blob using the private key associated with the impersonated service account.\n\nExtension Method\n----------------\n\n[Utilities.ThrowIfNull\\\u003cT\\\u003e(T, string)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Util.Utilities#Google_Apis_Util_Utilities_ThrowIfNull__1___0_System_String_)"]]
