The sequence of service accounts in a delegation chain. Each service
account must be granted the roles/iam.serviceAccountTokenCreator role
on its next service account in the chain. The last service account in the
chain must be granted the roles/iam.serviceAccountTokenCreator role
on the service account that is specified in the name field of the
request.
The delegates must have the following format:
projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard
character is required; replacing it with a project ID is invalid.
Required. The resource name of the service account for which the credentials
are requested, in the following format:
projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}. The - wildcard
character is required; replacing it with a project ID is invalid.
Property Value
Type
Description
System.String
Payload
publicstringPayload{get;set;}
Required. The JWT payload to sign: a JSON object that contains a JWT Claims Set.
Property Value
Type
Description
System.String
ServiceAccountName
public ServiceAccountName ServiceAccountName { get; set; }
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis page details the \u003ccode\u003eSignJwtRequest\u003c/code\u003e class, which is part of the Google Cloud IAM Credentials V1 library, specifically within the \u003ccode\u003eGoogle.Cloud.Iam.Credentials.V1\u003c/code\u003e namespace.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eSignJwtRequest\u003c/code\u003e class is used to request the signing of a JSON Web Token (JWT) and it is available in multiple versions, with version 2.4.0 being the latest.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eSignJwtRequest\u003c/code\u003e class has several properties, including \u003ccode\u003eDelegates\u003c/code\u003e, \u003ccode\u003eName\u003c/code\u003e, \u003ccode\u003ePayload\u003c/code\u003e, and \u003ccode\u003eServiceAccountName\u003c/code\u003e, which are essential for configuring the JWT signing request.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eName\u003c/code\u003e property requires a specific format, \u003ccode\u003eprojects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}\u003c/code\u003e, and the \u003ccode\u003e-\u003c/code\u003e wildcard character is mandatory in this field.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eDelegates\u003c/code\u003e property is a sequence of service accounts, where each must have the \u003ccode\u003eroles/iam.serviceAccountTokenCreator\u003c/code\u003e role on the next service account, to define a delegation chain for the request.\u003c/p\u003e\n"]]],[],null,[]]
