docs: update docs (#916)
* fix: re-run script
* test: fix noxfile
diff --git a/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html b/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html
index 430c48a..9198489 100644
--- a/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html
+++ b/docs/dyn/iamcredentials_v1.projects.serviceAccounts.html
@@ -152,6 +152,10 @@
The object takes the form of:
{
+ "audience": "A String", # Required. The audience for the token, such as the API or account that this token
+ # grants access to.
+ "includeEmail": True or False, # Include the service account email in the token. If set to `true`, the
+ # token will contain `email` and `email_verified` claims.
"delegates": [ # The sequence of service accounts in a delegation chain. Each service
# account must be granted the `roles/iam.serviceAccountTokenCreator` role
# on its next service account in the chain. The last service account in the
@@ -164,10 +168,6 @@
# character is required; replacing it with a project ID is invalid.
"A String",
],
- "audience": "A String", # Required. The audience for the token, such as the API or account that this token
- # grants access to.
- "includeEmail": True or False, # Include the service account email in the token. If set to `true`, the
- # token will contain `email` and `email_verified` claims.
}
x__xgafv: string, V1 error format.
@@ -196,6 +196,7 @@
The object takes the form of:
{
+ "payload": "A String", # Required. The bytes to sign.
"delegates": [ # The sequence of service accounts in a delegation chain. Each service
# account must be granted the `roles/iam.serviceAccountTokenCreator` role
# on its next service account in the chain. The last service account in the
@@ -208,7 +209,6 @@
# character is required; replacing it with a project ID is invalid.
"A String",
],
- "payload": "A String", # Required. The bytes to sign.
}
x__xgafv: string, V1 error format.
@@ -220,8 +220,22 @@
An object of the form:
{
- "keyId": "A String", # The ID of the key used to sign the blob.
+ "keyId": "A String", # The ID of the key used to sign the blob. The key used for signing will
+ # remain valid for at least 12 hours after the blob is signed. To verify the
+ # signature, you can retrieve the public key in several formats from the
+ # following endpoints:
+ #
+ # - RSA public key wrapped in an X.509 v3 certificate:
+ # `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}`
+ # - Raw key in JSON format:
+ # `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`
+ # - JSON Web Key (JWK):
+ # `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`
"signedBlob": "A String", # The signature for the blob. Does not include the original blob.
+ #
+ # After the key pair referenced by the `key_id` response field expires,
+ # Google no longer exposes the public key that can be used to verify the
+ # blob. As a result, the receiver can no longer verify the signature.
}</pre>
</div>
@@ -266,10 +280,24 @@
An object of the form:
{
- "keyId": "A String", # The ID of the key used to sign the JWT.
+ "keyId": "A String", # The ID of the key used to sign the JWT. The key used for signing will
+ # remain valid for at least 12 hours after the JWT is signed. To verify the
+ # signature, you can retrieve the public key in several formats from the
+ # following endpoints:
+ #
+ # - RSA public key wrapped in an X.509 v3 certificate:
+ # `https://www.googleapis.com/service_accounts/v1/metadata/x509/{ACCOUNT_EMAIL}`
+ # - Raw key in JSON format:
+ # `https://www.googleapis.com/service_accounts/v1/metadata/raw/{ACCOUNT_EMAIL}`
+ # - JSON Web Key (JWK):
+ # `https://www.googleapis.com/service_accounts/v1/metadata/jwk/{ACCOUNT_EMAIL}`
"signedJwt": "A String", # The signed JWT. Contains the automatically generated header; the
# client-supplied payload; and the signature, which is generated using the
# key referenced by the `kid` field in the header.
+ #
+ # After the key pair referenced by the `key_id` response field expires,
+ # Google no longer exposes the public key that can be used to verify the JWT.
+ # As a result, the receiver can no longer verify the signature.
}</pre>
</div>