public class UserCredential : ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler
OAuth 2.0 credential for accessing protected resources using an access token, as well as optionally refreshing
the access token when it expires using a refresh token.
Gets an access token to authorize a request.
Implementations should handle automatic refreshes of the token
if they are supported.
The authUri might be required by some credential types
(e.g. the JWT access token) while other credential types
migth just ignore it.
public Task<AccessTokenWithHeaders> GetAccessTokenWithHeadersForRequestAsync(string authUri = null, CancellationToken cancellationToken = default)
Gets an access token to authorize a request.
The token might be accompanied by extra information that should be sent
in the form of headers.
Implementations should handle automatic refreshes of the token
if they are supported.
The authUri might be required by some credential types
(e.g. the JWT access token) while other credential types
migth just ignore it.
public Task<bool> HandleResponseAsync(HandleUnsuccessfulResponseArgs args)
Handles an abnormal response when sending a HTTP request.
A simple rule must be followed, if you modify the request object in a way that the abnormal response can
be resolved, you must return true.
public Task InterceptAsync(HttpRequestMessage request, CancellationToken taskCancellationToken)
Default implementation is to try to refresh the access token if there is no access token or if we are 1
minute away from expiration. If token server is unavailable, it will try to use the access token even if
has expired. If successful, it will call Intercept(HttpRequestMessage, string).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eUserCredential\u003c/code\u003e class in the \u003ccode\u003eGoogle.Apis.Auth.OAuth2\u003c/code\u003e namespace manages OAuth 2.0 credentials, providing access to protected resources using an access token and optionally refreshing it when it expires.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eUserCredential\u003c/code\u003e implements multiple interfaces including \u003ccode\u003eICredential\u003c/code\u003e, \u003ccode\u003eIConfigurableHttpClientInitializer\u003c/code\u003e, and \u003ccode\u003eITokenAccess\u003c/code\u003e, enabling it to handle token-related operations and HTTP client initialization.\u003c/p\u003e\n"],["\u003cp\u003eIt contains properties like \u003ccode\u003eFlow\u003c/code\u003e (authorization code flow), \u003ccode\u003eQuotaProject\u003c/code\u003e (project ID for quota calculation), \u003ccode\u003eToken\u003c/code\u003e (access token), and \u003ccode\u003eUserId\u003c/code\u003e (user identifier).\u003c/p\u003e\n"],["\u003cp\u003eThe class provides methods for obtaining access tokens (\u003ccode\u003eGetAccessTokenForRequestAsync\u003c/code\u003e), handling responses (\u003ccode\u003eHandleResponseAsync\u003c/code\u003e), and managing token lifecycle, such as refreshing (\u003ccode\u003eRefreshTokenAsync\u003c/code\u003e) and revoking (\u003ccode\u003eRevokeTokenAsync\u003c/code\u003e).\u003c/p\u003e\n"],["\u003cp\u003eThe class is constructed with an authorization code flow, a user identifier and a TokenResponse; it can also be constructed with an optional project ID.\u003c/p\u003e\n"]]],[],null,["# Class UserCredential (1.69.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.69.0 (latest)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.UserCredential)\n- [1.68.0](/dotnet/docs/reference/Google.Apis/1.68.0/Google.Apis.Auth.OAuth2.UserCredential)\n- [1.60.0](/dotnet/docs/reference/Google.Apis/1.60.0/Google.Apis.Auth.OAuth2.UserCredential)\n- [1.59.0](/dotnet/docs/reference/Google.Apis/1.59.0/Google.Apis.Auth.OAuth2.UserCredential)\n- [1.55.0](/dotnet/docs/reference/Google.Apis/1.55.0/Google.Apis.Auth.OAuth2.UserCredential)\n- [1.50.0](/dotnet/docs/reference/Google.Apis/1.50.0/Google.Apis.Auth.OAuth2.UserCredential) \n\n public class UserCredential : ICredential, IConfigurableHttpClientInitializer, ITokenAccessWithHeaders, ITokenAccess, IHttpExecuteInterceptor, IHttpUnsuccessfulResponseHandler\n\nOAuth 2.0 credential for accessing protected resources using an access token, as well as optionally refreshing\nthe access token when it expires using a refresh token. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e UserCredential \n\nImplements\n----------\n\n[ICredential](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ICredential), [IConfigurableHttpClientInitializer](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Http.IConfigurableHttpClientInitializer), [ITokenAccessWithHeaders](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ITokenAccessWithHeaders), [ITokenAccess](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.ITokenAccess), [IHttpExecuteInterceptor](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Http.IHttpExecuteInterceptor), [IHttpUnsuccessfulResponseHandler](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Http.IHttpUnsuccessfulResponseHandler) \n\nInherited Members\n-----------------\n\n[object.Equals(object)](https://learn.microsoft.com/dotnet/api/system.object.equals#system-object-equals(system-object)) \n[object.Equals(object, object)](https://learn.microsoft.com/dotnet/api/system.object.equals#system-object-equals(system-object-system-object)) \n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.MemberwiseClone()](https://learn.microsoft.com/dotnet/api/system.object.memberwiseclone) \n[object.ReferenceEquals(object, object)](https://learn.microsoft.com/dotnet/api/system.object.referenceequals) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Apis.Auth.OAuth2](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2)\n\nAssembly\n--------\n\nGoogle.Apis.Auth.dll\n\nConstructors\n------------\n\n### UserCredential(IAuthorizationCodeFlow, string, TokenResponse)\n\n public UserCredential(IAuthorizationCodeFlow flow, string userId, TokenResponse token)\n\nConstructs a new credential instance.\n\n### UserCredential(IAuthorizationCodeFlow, string, TokenResponse, string)\n\n public UserCredential(IAuthorizationCodeFlow flow, string userId, TokenResponse token, string quotaProjectId)\n\nConstructs a new credential instance.\n\nFields\n------\n\n### Logger\n\n protected static readonly ILogger Logger\n\nLogger for this class.\n\nProperties\n----------\n\n### Flow\n\n public IAuthorizationCodeFlow Flow { get; }\n\nGets the authorization code flow.\n\n### QuotaProject\n\n public string QuotaProject { get; }\n\nThe ID of the project associated to this credential for the purposes of\nquota calculation and billing. May be null.\n\n### Token\n\n public TokenResponse Token { get; set; }\n\nGets or sets the token response which contains the access token.\n\n### UserId\n\n public string UserId { get; }\n\nGets the user identity.\n\nMethods\n-------\n\n### GetAccessTokenForRequestAsync(string, CancellationToken)\n\n public virtual Task\u003cstring\u003e GetAccessTokenForRequestAsync(string authUri = null, CancellationToken cancellationToken = default)\n\nGets an access token to authorize a request.\nImplementations should handle automatic refreshes of the token\nif they are supported.\nThe `authUri` might be required by some credential types\n(e.g. the JWT access token) while other credential types\nmigth just ignore it.\n\n### GetAccessTokenWithHeadersForRequestAsync(string, CancellationToken)\n\n public Task\u003cAccessTokenWithHeaders\u003e GetAccessTokenWithHeadersForRequestAsync(string authUri = null, CancellationToken cancellationToken = default)\n\nGets an access token to authorize a request.\nThe token might be accompanied by extra information that should be sent\nin the form of headers.\nImplementations should handle automatic refreshes of the token\nif they are supported.\nThe `authUri` might be required by some credential types\n(e.g. the JWT access token) while other credential types\nmigth just ignore it.\n\n### HandleResponseAsync(HandleUnsuccessfulResponseArgs)\n\n public Task\u003cbool\u003e HandleResponseAsync(HandleUnsuccessfulResponseArgs args)\n\nHandles an abnormal response when sending a HTTP request.\nA simple rule must be followed, if you modify the request object in a way that the abnormal response can\nbe resolved, you must return `true`.\n\n### Initialize(ConfigurableHttpClient)\n\n public void Initialize(ConfigurableHttpClient httpClient)\n\nInitializes a HTTP client after it was created.\n\n### InterceptAsync(HttpRequestMessage, CancellationToken)\n\n public Task InterceptAsync(HttpRequestMessage request, CancellationToken taskCancellationToken)\n\nDefault implementation is to try to refresh the access token if there is no access token or if we are 1\nminute away from expiration. If token server is unavailable, it will try to use the access token even if\nhas expired. If successful, it will call [Intercept(HttpRequestMessage, string)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.IAccessMethod#Google_Apis_Auth_OAuth2_IAccessMethod_Intercept_System_Net_Http_HttpRequestMessage_System_String_).\n\n### RefreshTokenAsync(CancellationToken)\n\n public Task\u003cbool\u003e RefreshTokenAsync(CancellationToken taskCancellationToken)\n\nRefreshes the token by calling to\n[RefreshTokenAsync(string, string, CancellationToken)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.Flows.IAuthorizationCodeFlow#Google_Apis_Auth_OAuth2_Flows_IAuthorizationCodeFlow_RefreshTokenAsync_System_String_System_String_System_Threading_CancellationToken_).\nThen it updates the [TokenResponse](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.Responses.TokenResponse) with the new token instance.\n\n### RevokeTokenAsync(CancellationToken)\n\n public Task\u003cbool\u003e RevokeTokenAsync(CancellationToken taskCancellationToken)\n\nAsynchronously revokes the token by calling\n[RevokeTokenAsync(string, string, CancellationToken)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.Flows.IAuthorizationCodeFlow#Google_Apis_Auth_OAuth2_Flows_IAuthorizationCodeFlow_RevokeTokenAsync_System_String_System_String_System_Threading_CancellationToken_).\n\nExtension Method\n----------------\n\n[Utilities.ThrowIfNull\\\u003cT\\\u003e(T, string)](/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Util.Utilities#Google_Apis_Util_Utilities_ThrowIfNull__1___0_System_String_)"]]
