diff --git a/google-api-grpc/grpc-google-cloud-iamcredentials-v1/pom.xml b/google-api-grpc/grpc-google-cloud-iamcredentials-v1/pom.xml
new file mode 100644
index 000000000000..f0bf98c8ee6a
--- /dev/null
+++ b/google-api-grpc/grpc-google-cloud-iamcredentials-v1/pom.xml
@@ -0,0 +1,31 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>grpc-google-cloud-iamcredentials-v1</artifactId>
+  <version>0.0.1-alpha-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-iamcredentials-v1:current} -->
+  <name>grpc-google-cloud-iamcredentials-v1</name>
+  <description>GRPC library for grpc-google-cloud-iamcredentials-v1</description>
+  <parent>
+    <groupId>com.google.api.grpc</groupId>
+    <artifactId>google-api-grpc</artifactId>
+    <version>0.38.1-SNAPSHOT</version><!-- {x-version-update:google-api-grpc:current} -->
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-stub</artifactId>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-protobuf</artifactId>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-cloud-iamcredentials-v1</artifactId>
+      <scope>compile</scope>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/google-api-grpc/grpc-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsGrpc.java b/google-api-grpc/grpc-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsGrpc.java
new file mode 100644
index 000000000000..64f247bfb9a2
--- /dev/null
+++ b/google-api-grpc/grpc-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsGrpc.java
@@ -0,0 +1,782 @@
+package com.google.cloud.iam.credentials.v1;
+
+import static io.grpc.MethodDescriptor.generateFullMethodName;
+import static io.grpc.stub.ClientCalls.asyncUnaryCall;
+import static io.grpc.stub.ClientCalls.blockingUnaryCall;
+import static io.grpc.stub.ClientCalls.futureUnaryCall;
+import static io.grpc.stub.ServerCalls.asyncUnaryCall;
+import static io.grpc.stub.ServerCalls.asyncUnimplementedUnaryCall;
+
+/**
+ *
+ *
+ * <pre>
+ * A service account is a special type of Google account that belongs to your
+ * application or a virtual machine (VM), instead of to an individual end user.
+ * Your application assumes the identity of the service account to call Google
+ * APIs, so that the users aren't directly involved.
+ * Service account credentials are used to temporarily assume the identity
+ * of the service account. Supported credential types include OAuth 2.0 access
+ * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
+ * more.
+ * </pre>
+ */
+@javax.annotation.Generated(
+    value = "by gRPC proto compiler (version 1.10.0)",
+    comments = "Source: google/iam/credentials/v1/iamcredentials.proto")
+public final class IAMCredentialsGrpc {
+
+  private IAMCredentialsGrpc() {}
+
+  public static final String SERVICE_NAME = "google.iam.credentials.v1.IAMCredentials";
+
+  // Static method descriptors that strictly reflect the proto.
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  @java.lang.Deprecated // Use {@link #getGenerateAccessTokenMethod()} instead.
+  public static final io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+      METHOD_GENERATE_ACCESS_TOKEN = getGenerateAccessTokenMethodHelper();
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+      getGenerateAccessTokenMethod;
+
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+      getGenerateAccessTokenMethod() {
+    return getGenerateAccessTokenMethodHelper();
+  }
+
+  private static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+      getGenerateAccessTokenMethodHelper() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest,
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+        getGenerateAccessTokenMethod;
+    if ((getGenerateAccessTokenMethod = IAMCredentialsGrpc.getGenerateAccessTokenMethod) == null) {
+      synchronized (IAMCredentialsGrpc.class) {
+        if ((getGenerateAccessTokenMethod = IAMCredentialsGrpc.getGenerateAccessTokenMethod)
+            == null) {
+          IAMCredentialsGrpc.getGenerateAccessTokenMethod =
+              getGenerateAccessTokenMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest,
+                          com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(
+                              "google.iam.credentials.v1.IAMCredentials", "GenerateAccessToken"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new IAMCredentialsMethodDescriptorSupplier("GenerateAccessToken"))
+                      .build();
+        }
+      }
+    }
+    return getGenerateAccessTokenMethod;
+  }
+
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  @java.lang.Deprecated // Use {@link #getGenerateIdTokenMethod()} instead.
+  public static final io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+      METHOD_GENERATE_ID_TOKEN = getGenerateIdTokenMethodHelper();
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+      getGenerateIdTokenMethod;
+
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+      getGenerateIdTokenMethod() {
+    return getGenerateIdTokenMethodHelper();
+  }
+
+  private static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest,
+          com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+      getGenerateIdTokenMethodHelper() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest,
+            com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+        getGenerateIdTokenMethod;
+    if ((getGenerateIdTokenMethod = IAMCredentialsGrpc.getGenerateIdTokenMethod) == null) {
+      synchronized (IAMCredentialsGrpc.class) {
+        if ((getGenerateIdTokenMethod = IAMCredentialsGrpc.getGenerateIdTokenMethod) == null) {
+          IAMCredentialsGrpc.getGenerateIdTokenMethod =
+              getGenerateIdTokenMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest,
+                          com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(
+                              "google.iam.credentials.v1.IAMCredentials", "GenerateIdToken"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(
+                          new IAMCredentialsMethodDescriptorSupplier("GenerateIdToken"))
+                      .build();
+        }
+      }
+    }
+    return getGenerateIdTokenMethod;
+  }
+
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  @java.lang.Deprecated // Use {@link #getSignBlobMethod()} instead.
+  public static final io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignBlobRequest,
+          com.google.cloud.iam.credentials.v1.SignBlobResponse>
+      METHOD_SIGN_BLOB = getSignBlobMethodHelper();
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignBlobRequest,
+          com.google.cloud.iam.credentials.v1.SignBlobResponse>
+      getSignBlobMethod;
+
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignBlobRequest,
+          com.google.cloud.iam.credentials.v1.SignBlobResponse>
+      getSignBlobMethod() {
+    return getSignBlobMethodHelper();
+  }
+
+  private static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignBlobRequest,
+          com.google.cloud.iam.credentials.v1.SignBlobResponse>
+      getSignBlobMethodHelper() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.iam.credentials.v1.SignBlobRequest,
+            com.google.cloud.iam.credentials.v1.SignBlobResponse>
+        getSignBlobMethod;
+    if ((getSignBlobMethod = IAMCredentialsGrpc.getSignBlobMethod) == null) {
+      synchronized (IAMCredentialsGrpc.class) {
+        if ((getSignBlobMethod = IAMCredentialsGrpc.getSignBlobMethod) == null) {
+          IAMCredentialsGrpc.getSignBlobMethod =
+              getSignBlobMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.iam.credentials.v1.SignBlobRequest,
+                          com.google.cloud.iam.credentials.v1.SignBlobResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(
+                              "google.iam.credentials.v1.IAMCredentials", "SignBlob"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.SignBlobRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.SignBlobResponse
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(new IAMCredentialsMethodDescriptorSupplier("SignBlob"))
+                      .build();
+        }
+      }
+    }
+    return getSignBlobMethod;
+  }
+
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  @java.lang.Deprecated // Use {@link #getSignJwtMethod()} instead.
+  public static final io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignJwtRequest,
+          com.google.cloud.iam.credentials.v1.SignJwtResponse>
+      METHOD_SIGN_JWT = getSignJwtMethodHelper();
+
+  private static volatile io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignJwtRequest,
+          com.google.cloud.iam.credentials.v1.SignJwtResponse>
+      getSignJwtMethod;
+
+  @io.grpc.ExperimentalApi("https://github.com/grpc/grpc-java/issues/1901")
+  public static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignJwtRequest,
+          com.google.cloud.iam.credentials.v1.SignJwtResponse>
+      getSignJwtMethod() {
+    return getSignJwtMethodHelper();
+  }
+
+  private static io.grpc.MethodDescriptor<
+          com.google.cloud.iam.credentials.v1.SignJwtRequest,
+          com.google.cloud.iam.credentials.v1.SignJwtResponse>
+      getSignJwtMethodHelper() {
+    io.grpc.MethodDescriptor<
+            com.google.cloud.iam.credentials.v1.SignJwtRequest,
+            com.google.cloud.iam.credentials.v1.SignJwtResponse>
+        getSignJwtMethod;
+    if ((getSignJwtMethod = IAMCredentialsGrpc.getSignJwtMethod) == null) {
+      synchronized (IAMCredentialsGrpc.class) {
+        if ((getSignJwtMethod = IAMCredentialsGrpc.getSignJwtMethod) == null) {
+          IAMCredentialsGrpc.getSignJwtMethod =
+              getSignJwtMethod =
+                  io.grpc.MethodDescriptor
+                      .<com.google.cloud.iam.credentials.v1.SignJwtRequest,
+                          com.google.cloud.iam.credentials.v1.SignJwtResponse>
+                          newBuilder()
+                      .setType(io.grpc.MethodDescriptor.MethodType.UNARY)
+                      .setFullMethodName(
+                          generateFullMethodName(
+                              "google.iam.credentials.v1.IAMCredentials", "SignJwt"))
+                      .setSampledToLocalTracing(true)
+                      .setRequestMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.SignJwtRequest
+                                  .getDefaultInstance()))
+                      .setResponseMarshaller(
+                          io.grpc.protobuf.ProtoUtils.marshaller(
+                              com.google.cloud.iam.credentials.v1.SignJwtResponse
+                                  .getDefaultInstance()))
+                      .setSchemaDescriptor(new IAMCredentialsMethodDescriptorSupplier("SignJwt"))
+                      .build();
+        }
+      }
+    }
+    return getSignJwtMethod;
+  }
+
+  /** Creates a new async stub that supports all call types for the service */
+  public static IAMCredentialsStub newStub(io.grpc.Channel channel) {
+    return new IAMCredentialsStub(channel);
+  }
+
+  /**
+   * Creates a new blocking-style stub that supports unary and streaming output calls on the service
+   */
+  public static IAMCredentialsBlockingStub newBlockingStub(io.grpc.Channel channel) {
+    return new IAMCredentialsBlockingStub(channel);
+  }
+
+  /** Creates a new ListenableFuture-style stub that supports unary calls on the service */
+  public static IAMCredentialsFutureStub newFutureStub(io.grpc.Channel channel) {
+    return new IAMCredentialsFutureStub(channel);
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * A service account is a special type of Google account that belongs to your
+   * application or a virtual machine (VM), instead of to an individual end user.
+   * Your application assumes the identity of the service account to call Google
+   * APIs, so that the users aren't directly involved.
+   * Service account credentials are used to temporarily assume the identity
+   * of the service account. Supported credential types include OAuth 2.0 access
+   * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
+   * more.
+   * </pre>
+   */
+  public abstract static class IAMCredentialsImplBase implements io.grpc.BindableService {
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OAuth 2.0 access token for a service account.
+     * </pre>
+     */
+    public void generateAccessToken(
+        com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+            responseObserver) {
+      asyncUnimplementedUnaryCall(getGenerateAccessTokenMethodHelper(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OpenID Connect ID token for a service account.
+     * </pre>
+     */
+    public void generateIdToken(
+        com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+            responseObserver) {
+      asyncUnimplementedUnaryCall(getGenerateIdTokenMethodHelper(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a blob using a service account's system-managed private key.
+     * </pre>
+     */
+    public void signBlob(
+        com.google.cloud.iam.credentials.v1.SignBlobRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.SignBlobResponse>
+            responseObserver) {
+      asyncUnimplementedUnaryCall(getSignBlobMethodHelper(), responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a JWT using a service account's system-managed private key.
+     * </pre>
+     */
+    public void signJwt(
+        com.google.cloud.iam.credentials.v1.SignJwtRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.SignJwtResponse>
+            responseObserver) {
+      asyncUnimplementedUnaryCall(getSignJwtMethodHelper(), responseObserver);
+    }
+
+    @java.lang.Override
+    public final io.grpc.ServerServiceDefinition bindService() {
+      return io.grpc.ServerServiceDefinition.builder(getServiceDescriptor())
+          .addMethod(
+              getGenerateAccessTokenMethodHelper(),
+              asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest,
+                      com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>(
+                      this, METHODID_GENERATE_ACCESS_TOKEN)))
+          .addMethod(
+              getGenerateIdTokenMethodHelper(),
+              asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest,
+                      com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>(
+                      this, METHODID_GENERATE_ID_TOKEN)))
+          .addMethod(
+              getSignBlobMethodHelper(),
+              asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.iam.credentials.v1.SignBlobRequest,
+                      com.google.cloud.iam.credentials.v1.SignBlobResponse>(
+                      this, METHODID_SIGN_BLOB)))
+          .addMethod(
+              getSignJwtMethodHelper(),
+              asyncUnaryCall(
+                  new MethodHandlers<
+                      com.google.cloud.iam.credentials.v1.SignJwtRequest,
+                      com.google.cloud.iam.credentials.v1.SignJwtResponse>(
+                      this, METHODID_SIGN_JWT)))
+          .build();
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * A service account is a special type of Google account that belongs to your
+   * application or a virtual machine (VM), instead of to an individual end user.
+   * Your application assumes the identity of the service account to call Google
+   * APIs, so that the users aren't directly involved.
+   * Service account credentials are used to temporarily assume the identity
+   * of the service account. Supported credential types include OAuth 2.0 access
+   * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
+   * more.
+   * </pre>
+   */
+  public static final class IAMCredentialsStub
+      extends io.grpc.stub.AbstractStub<IAMCredentialsStub> {
+    private IAMCredentialsStub(io.grpc.Channel channel) {
+      super(channel);
+    }
+
+    private IAMCredentialsStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected IAMCredentialsStub build(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new IAMCredentialsStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OAuth 2.0 access token for a service account.
+     * </pre>
+     */
+    public void generateAccessToken(
+        com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+            responseObserver) {
+      asyncUnaryCall(
+          getChannel().newCall(getGenerateAccessTokenMethodHelper(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OpenID Connect ID token for a service account.
+     * </pre>
+     */
+    public void generateIdToken(
+        com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+            responseObserver) {
+      asyncUnaryCall(
+          getChannel().newCall(getGenerateIdTokenMethodHelper(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a blob using a service account's system-managed private key.
+     * </pre>
+     */
+    public void signBlob(
+        com.google.cloud.iam.credentials.v1.SignBlobRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.SignBlobResponse>
+            responseObserver) {
+      asyncUnaryCall(
+          getChannel().newCall(getSignBlobMethodHelper(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a JWT using a service account's system-managed private key.
+     * </pre>
+     */
+    public void signJwt(
+        com.google.cloud.iam.credentials.v1.SignJwtRequest request,
+        io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.SignJwtResponse>
+            responseObserver) {
+      asyncUnaryCall(
+          getChannel().newCall(getSignJwtMethodHelper(), getCallOptions()),
+          request,
+          responseObserver);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * A service account is a special type of Google account that belongs to your
+   * application or a virtual machine (VM), instead of to an individual end user.
+   * Your application assumes the identity of the service account to call Google
+   * APIs, so that the users aren't directly involved.
+   * Service account credentials are used to temporarily assume the identity
+   * of the service account. Supported credential types include OAuth 2.0 access
+   * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
+   * more.
+   * </pre>
+   */
+  public static final class IAMCredentialsBlockingStub
+      extends io.grpc.stub.AbstractStub<IAMCredentialsBlockingStub> {
+    private IAMCredentialsBlockingStub(io.grpc.Channel channel) {
+      super(channel);
+    }
+
+    private IAMCredentialsBlockingStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected IAMCredentialsBlockingStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new IAMCredentialsBlockingStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OAuth 2.0 access token for a service account.
+     * </pre>
+     */
+    public com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse generateAccessToken(
+        com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest request) {
+      return blockingUnaryCall(
+          getChannel(), getGenerateAccessTokenMethodHelper(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OpenID Connect ID token for a service account.
+     * </pre>
+     */
+    public com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse generateIdToken(
+        com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest request) {
+      return blockingUnaryCall(
+          getChannel(), getGenerateIdTokenMethodHelper(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a blob using a service account's system-managed private key.
+     * </pre>
+     */
+    public com.google.cloud.iam.credentials.v1.SignBlobResponse signBlob(
+        com.google.cloud.iam.credentials.v1.SignBlobRequest request) {
+      return blockingUnaryCall(getChannel(), getSignBlobMethodHelper(), getCallOptions(), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a JWT using a service account's system-managed private key.
+     * </pre>
+     */
+    public com.google.cloud.iam.credentials.v1.SignJwtResponse signJwt(
+        com.google.cloud.iam.credentials.v1.SignJwtRequest request) {
+      return blockingUnaryCall(getChannel(), getSignJwtMethodHelper(), getCallOptions(), request);
+    }
+  }
+
+  /**
+   *
+   *
+   * <pre>
+   * A service account is a special type of Google account that belongs to your
+   * application or a virtual machine (VM), instead of to an individual end user.
+   * Your application assumes the identity of the service account to call Google
+   * APIs, so that the users aren't directly involved.
+   * Service account credentials are used to temporarily assume the identity
+   * of the service account. Supported credential types include OAuth 2.0 access
+   * tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
+   * more.
+   * </pre>
+   */
+  public static final class IAMCredentialsFutureStub
+      extends io.grpc.stub.AbstractStub<IAMCredentialsFutureStub> {
+    private IAMCredentialsFutureStub(io.grpc.Channel channel) {
+      super(channel);
+    }
+
+    private IAMCredentialsFutureStub(io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      super(channel, callOptions);
+    }
+
+    @java.lang.Override
+    protected IAMCredentialsFutureStub build(
+        io.grpc.Channel channel, io.grpc.CallOptions callOptions) {
+      return new IAMCredentialsFutureStub(channel, callOptions);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OAuth 2.0 access token for a service account.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>
+        generateAccessToken(
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest request) {
+      return futureUnaryCall(
+          getChannel().newCall(getGenerateAccessTokenMethodHelper(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Generates an OpenID Connect ID token for a service account.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>
+        generateIdToken(com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest request) {
+      return futureUnaryCall(
+          getChannel().newCall(getGenerateIdTokenMethodHelper(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a blob using a service account's system-managed private key.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.iam.credentials.v1.SignBlobResponse>
+        signBlob(com.google.cloud.iam.credentials.v1.SignBlobRequest request) {
+      return futureUnaryCall(
+          getChannel().newCall(getSignBlobMethodHelper(), getCallOptions()), request);
+    }
+
+    /**
+     *
+     *
+     * <pre>
+     * Signs a JWT using a service account's system-managed private key.
+     * </pre>
+     */
+    public com.google.common.util.concurrent.ListenableFuture<
+            com.google.cloud.iam.credentials.v1.SignJwtResponse>
+        signJwt(com.google.cloud.iam.credentials.v1.SignJwtRequest request) {
+      return futureUnaryCall(
+          getChannel().newCall(getSignJwtMethodHelper(), getCallOptions()), request);
+    }
+  }
+
+  private static final int METHODID_GENERATE_ACCESS_TOKEN = 0;
+  private static final int METHODID_GENERATE_ID_TOKEN = 1;
+  private static final int METHODID_SIGN_BLOB = 2;
+  private static final int METHODID_SIGN_JWT = 3;
+
+  private static final class MethodHandlers<Req, Resp>
+      implements io.grpc.stub.ServerCalls.UnaryMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ServerStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.ClientStreamingMethod<Req, Resp>,
+          io.grpc.stub.ServerCalls.BidiStreamingMethod<Req, Resp> {
+    private final IAMCredentialsImplBase serviceImpl;
+    private final int methodId;
+
+    MethodHandlers(IAMCredentialsImplBase serviceImpl, int methodId) {
+      this.serviceImpl = serviceImpl;
+      this.methodId = methodId;
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public void invoke(Req request, io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        case METHODID_GENERATE_ACCESS_TOKEN:
+          serviceImpl.generateAccessToken(
+              (com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse>)
+                  responseObserver);
+          break;
+        case METHODID_GENERATE_ID_TOKEN:
+          serviceImpl.generateIdToken(
+              (com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest) request,
+              (io.grpc.stub.StreamObserver<
+                      com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse>)
+                  responseObserver);
+          break;
+        case METHODID_SIGN_BLOB:
+          serviceImpl.signBlob(
+              (com.google.cloud.iam.credentials.v1.SignBlobRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.SignBlobResponse>)
+                  responseObserver);
+          break;
+        case METHODID_SIGN_JWT:
+          serviceImpl.signJwt(
+              (com.google.cloud.iam.credentials.v1.SignJwtRequest) request,
+              (io.grpc.stub.StreamObserver<com.google.cloud.iam.credentials.v1.SignJwtResponse>)
+                  responseObserver);
+          break;
+        default:
+          throw new AssertionError();
+      }
+    }
+
+    @java.lang.Override
+    @java.lang.SuppressWarnings("unchecked")
+    public io.grpc.stub.StreamObserver<Req> invoke(
+        io.grpc.stub.StreamObserver<Resp> responseObserver) {
+      switch (methodId) {
+        default:
+          throw new AssertionError();
+      }
+    }
+  }
+
+  private abstract static class IAMCredentialsBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoFileDescriptorSupplier,
+          io.grpc.protobuf.ProtoServiceDescriptorSupplier {
+    IAMCredentialsBaseDescriptorSupplier() {}
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.FileDescriptor getFileDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsProto.getDescriptor();
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.ServiceDescriptor getServiceDescriptor() {
+      return getFileDescriptor().findServiceByName("IAMCredentials");
+    }
+  }
+
+  private static final class IAMCredentialsFileDescriptorSupplier
+      extends IAMCredentialsBaseDescriptorSupplier {
+    IAMCredentialsFileDescriptorSupplier() {}
+  }
+
+  private static final class IAMCredentialsMethodDescriptorSupplier
+      extends IAMCredentialsBaseDescriptorSupplier
+      implements io.grpc.protobuf.ProtoMethodDescriptorSupplier {
+    private final String methodName;
+
+    IAMCredentialsMethodDescriptorSupplier(String methodName) {
+      this.methodName = methodName;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.MethodDescriptor getMethodDescriptor() {
+      return getServiceDescriptor().findMethodByName(methodName);
+    }
+  }
+
+  private static volatile io.grpc.ServiceDescriptor serviceDescriptor;
+
+  public static io.grpc.ServiceDescriptor getServiceDescriptor() {
+    io.grpc.ServiceDescriptor result = serviceDescriptor;
+    if (result == null) {
+      synchronized (IAMCredentialsGrpc.class) {
+        result = serviceDescriptor;
+        if (result == null) {
+          serviceDescriptor =
+              result =
+                  io.grpc.ServiceDescriptor.newBuilder(SERVICE_NAME)
+                      .setSchemaDescriptor(new IAMCredentialsFileDescriptorSupplier())
+                      .addMethod(getGenerateAccessTokenMethodHelper())
+                      .addMethod(getGenerateIdTokenMethodHelper())
+                      .addMethod(getSignBlobMethodHelper())
+                      .addMethod(getSignJwtMethodHelper())
+                      .build();
+        }
+      }
+    }
+    return result;
+  }
+}
diff --git a/google-api-grpc/pom.xml b/google-api-grpc/pom.xml
index fa571c4f3ef1..124236960743 100644
--- a/google-api-grpc/pom.xml
+++ b/google-api-grpc/pom.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.google.api.grpc</groupId>
@@ -634,6 +634,16 @@
         <artifactId>grpc-google-cloud-websecurityscanner-v1alpha</artifactId>
         <version>0.38.1-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-websecurityscanner-v1alpha:current} -->
       </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>proto-google-cloud-iamcredentials-v1</artifactId>
+        <version>0.0.1-alpha-SNAPSHOT</version><!--{x-version-update:proto-google-cloud-iamcredentials-v1:current}-->
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-iamcredentials-v1</artifactId>
+        <version>0.0.1-alpha-SNAPSHOT</version><!--{x-version-update:grpc-google-cloud-iamcredentials-v1:current}-->
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
@@ -653,6 +663,7 @@
     <module>grpc-google-cloud-dlp-v2</module>
     <module>grpc-google-cloud-error-reporting-v1beta1</module>
     <module>grpc-google-cloud-firestore-v1beta1</module>
+    <module>grpc-google-cloud-iamcredentials-v1</module>
     <module>grpc-google-cloud-iot-v1</module>
     <module>grpc-google-cloud-kms-v1</module>
     <module>grpc-google-cloud-language-v1</module>
@@ -704,6 +715,7 @@
     <module>proto-google-cloud-dlp-v2</module>
     <module>proto-google-cloud-error-reporting-v1beta1</module>
     <module>proto-google-cloud-firestore-v1beta1</module>
+    <module>proto-google-cloud-iamcredentials-v1</module>
     <module>proto-google-cloud-iot-v1</module>
     <module>proto-google-cloud-kms-v1</module>
     <module>proto-google-cloud-language-v1</module>
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/pom.xml b/google-api-grpc/proto-google-cloud-iamcredentials-v1/pom.xml
new file mode 100644
index 000000000000..1bea5d2b4dd0
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/pom.xml
@@ -0,0 +1,36 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>proto-google-cloud-iamcredentials-v1</artifactId>
+  <version>0.0.1-alpha-SNAPSHOT</version><!-- {x-version-update:proto-google-cloud-iamcredentials-v1:current} -->
+  <name>proto-google-cloud-iamcredentials-v1</name>
+  <description>PROTO library for proto-google-cloud-iamcredentials-v1</description>
+  <parent>
+    <groupId>com.google.api.grpc</groupId>
+    <artifactId>google-api-grpc</artifactId>
+    <version>0.38.1-SNAPSHOT</version><!-- {x-version-update:google-api-grpc:current} -->
+  </parent>
+  <dependencies>
+    <dependency>
+      <groupId>com.google.protobuf</groupId>
+      <artifactId>protobuf-java</artifactId>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api</groupId>
+      <artifactId>api-common</artifactId>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-common-protos</artifactId>
+      <scope>compile</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-iam-v1</artifactId>
+      <scope>compile</scope>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenRequest.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenRequest.java
new file mode 100644
index 000000000000..78035a93ecc5
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenRequest.java
@@ -0,0 +1,1515 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.GenerateAccessTokenRequest} */
+public final class GenerateAccessTokenRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateAccessTokenRequest)
+    GenerateAccessTokenRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GenerateAccessTokenRequest.newBuilder() to construct.
+  private GenerateAccessTokenRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GenerateAccessTokenRequest() {
+    name_ = "";
+    delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GenerateAccessTokenRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+                delegates_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              delegates_.add(s);
+              break;
+            }
+          case 34:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000004) == 0x00000004)) {
+                scope_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000004;
+              }
+              scope_.add(s);
+              break;
+            }
+          case 58:
+            {
+              com.google.protobuf.Duration.Builder subBuilder = null;
+              if (lifetime_ != null) {
+                subBuilder = lifetime_.toBuilder();
+              }
+              lifetime_ =
+                  input.readMessage(com.google.protobuf.Duration.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(lifetime_);
+                lifetime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+      }
+      if (((mutable_bitField0_ & 0x00000004) == 0x00000004)) {
+        scope_ = scope_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest.class,
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest.Builder.class);
+  }
+
+  private int bitField0_;
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int DELEGATES_FIELD_NUMBER = 2;
+  private com.google.protobuf.LazyStringList delegates_;
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public com.google.protobuf.ProtocolStringList getDelegatesList() {
+    return delegates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public int getDelegatesCount() {
+    return delegates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public java.lang.String getDelegates(int index) {
+    return delegates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+    return delegates_.getByteString(index);
+  }
+
+  public static final int SCOPE_FIELD_NUMBER = 4;
+  private com.google.protobuf.LazyStringList scope_;
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  public com.google.protobuf.ProtocolStringList getScopeList() {
+    return scope_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  public int getScopeCount() {
+    return scope_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  public java.lang.String getScope(int index) {
+    return scope_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  public com.google.protobuf.ByteString getScopeBytes(int index) {
+    return scope_.getByteString(index);
+  }
+
+  public static final int LIFETIME_FIELD_NUMBER = 7;
+  private com.google.protobuf.Duration lifetime_;
+  /**
+   *
+   *
+   * <pre>
+   * The desired lifetime duration of the access token in seconds.
+   * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+   * not specified, the token's lifetime will be set to a default value of one
+   * hour.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 7;</code>
+   */
+  public boolean hasLifetime() {
+    return lifetime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The desired lifetime duration of the access token in seconds.
+   * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+   * not specified, the token's lifetime will be set to a default value of one
+   * hour.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 7;</code>
+   */
+  public com.google.protobuf.Duration getLifetime() {
+    return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The desired lifetime duration of the access token in seconds.
+   * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+   * not specified, the token's lifetime will be set to a default value of one
+   * hour.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 7;</code>
+   */
+  public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+    return getLifetime();
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    for (int i = 0; i < delegates_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, delegates_.getRaw(i));
+    }
+    for (int i = 0; i < scope_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 4, scope_.getRaw(i));
+    }
+    if (lifetime_ != null) {
+      output.writeMessage(7, getLifetime());
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < delegates_.size(); i++) {
+        dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getDelegatesList().size();
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < scope_.size(); i++) {
+        dataSize += computeStringSizeNoTag(scope_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getScopeList().size();
+    }
+    if (lifetime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(7, getLifetime());
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest other =
+        (com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest) obj;
+
+    boolean result = true;
+    result = result && getName().equals(other.getName());
+    result = result && getDelegatesList().equals(other.getDelegatesList());
+    result = result && getScopeList().equals(other.getScopeList());
+    result = result && (hasLifetime() == other.hasLifetime());
+    if (hasLifetime()) {
+      result = result && getLifetime().equals(other.getLifetime());
+    }
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    if (getDelegatesCount() > 0) {
+      hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+      hash = (53 * hash) + getDelegatesList().hashCode();
+    }
+    if (getScopeCount() > 0) {
+      hash = (37 * hash) + SCOPE_FIELD_NUMBER;
+      hash = (53 * hash) + getScopeList().hashCode();
+    }
+    if (hasLifetime()) {
+      hash = (37 * hash) + LIFETIME_FIELD_NUMBER;
+      hash = (53 * hash) + getLifetime().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.GenerateAccessTokenRequest} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.GenerateAccessTokenRequest)
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest.class,
+              com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000004);
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = null;
+      } else {
+        lifetime_ = null;
+        lifetimeBuilder_ = null;
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest
+        getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest build() {
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest buildPartial() {
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest result =
+          new com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest(this);
+      int from_bitField0_ = bitField0_;
+      int to_bitField0_ = 0;
+      result.name_ = name_;
+      if (((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.delegates_ = delegates_;
+      if (((bitField0_ & 0x00000004) == 0x00000004)) {
+        scope_ = scope_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000004);
+      }
+      result.scope_ = scope_;
+      if (lifetimeBuilder_ == null) {
+        result.lifetime_ = lifetime_;
+      } else {
+        result.lifetime_ = lifetimeBuilder_.build();
+      }
+      result.bitField0_ = to_bitField0_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest other) {
+      if (other
+          == com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.delegates_.isEmpty()) {
+        if (delegates_.isEmpty()) {
+          delegates_ = other.delegates_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureDelegatesIsMutable();
+          delegates_.addAll(other.delegates_);
+        }
+        onChanged();
+      }
+      if (!other.scope_.isEmpty()) {
+        if (scope_.isEmpty()) {
+          scope_ = other.scope_;
+          bitField0_ = (bitField0_ & ~0x00000004);
+        } else {
+          ensureScopeIsMutable();
+          scope_.addAll(other.scope_);
+        }
+        onChanged();
+      }
+      if (other.hasLifetime()) {
+        mergeLifetime(other.getLifetime());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList delegates_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureDelegatesIsMutable() {
+      if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public com.google.protobuf.ProtocolStringList getDelegatesList() {
+      return delegates_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public int getDelegatesCount() {
+      return delegates_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public java.lang.String getDelegates(int index) {
+      return delegates_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+      return delegates_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder setDelegates(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder addDelegates(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder addAllDelegates(java.lang.Iterable<java.lang.String> values) {
+      ensureDelegatesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, delegates_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder clearDelegates() {
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder addDelegatesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList scope_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureScopeIsMutable() {
+      if (!((bitField0_ & 0x00000004) == 0x00000004)) {
+        scope_ = new com.google.protobuf.LazyStringArrayList(scope_);
+        bitField0_ |= 0x00000004;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public com.google.protobuf.ProtocolStringList getScopeList() {
+      return scope_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public int getScopeCount() {
+      return scope_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public java.lang.String getScope(int index) {
+      return scope_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public com.google.protobuf.ByteString getScopeBytes(int index) {
+      return scope_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public Builder setScope(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureScopeIsMutable();
+      scope_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public Builder addScope(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureScopeIsMutable();
+      scope_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public Builder addAllScope(java.lang.Iterable<java.lang.String> values) {
+      ensureScopeIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, scope_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public Builder clearScope() {
+      scope_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000004);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Code to identify the scopes to be included in the OAuth 2.0 access token.
+     * See https://developers.google.com/identity/protocols/googlescopes for more
+     * information.
+     * At least one value required.
+     * </pre>
+     *
+     * <code>repeated string scope = 4;</code>
+     */
+    public Builder addScopeBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureScopeIsMutable();
+      scope_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.Duration lifetime_ = null;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Duration,
+            com.google.protobuf.Duration.Builder,
+            com.google.protobuf.DurationOrBuilder>
+        lifetimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public boolean hasLifetime() {
+      return lifetimeBuilder_ != null || lifetime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public com.google.protobuf.Duration getLifetime() {
+      if (lifetimeBuilder_ == null) {
+        return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+      } else {
+        return lifetimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public Builder setLifetime(com.google.protobuf.Duration value) {
+      if (lifetimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        lifetime_ = value;
+        onChanged();
+      } else {
+        lifetimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public Builder setLifetime(com.google.protobuf.Duration.Builder builderForValue) {
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = builderForValue.build();
+        onChanged();
+      } else {
+        lifetimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public Builder mergeLifetime(com.google.protobuf.Duration value) {
+      if (lifetimeBuilder_ == null) {
+        if (lifetime_ != null) {
+          lifetime_ =
+              com.google.protobuf.Duration.newBuilder(lifetime_).mergeFrom(value).buildPartial();
+        } else {
+          lifetime_ = value;
+        }
+        onChanged();
+      } else {
+        lifetimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public Builder clearLifetime() {
+      if (lifetimeBuilder_ == null) {
+        lifetime_ = null;
+        onChanged();
+      } else {
+        lifetime_ = null;
+        lifetimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public com.google.protobuf.Duration.Builder getLifetimeBuilder() {
+
+      onChanged();
+      return getLifetimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    public com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder() {
+      if (lifetimeBuilder_ != null) {
+        return lifetimeBuilder_.getMessageOrBuilder();
+      } else {
+        return lifetime_ == null ? com.google.protobuf.Duration.getDefaultInstance() : lifetime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The desired lifetime duration of the access token in seconds.
+     * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+     * not specified, the token's lifetime will be set to a default value of one
+     * hour.
+     * </pre>
+     *
+     * <code>.google.protobuf.Duration lifetime = 7;</code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Duration,
+            com.google.protobuf.Duration.Builder,
+            com.google.protobuf.DurationOrBuilder>
+        getLifetimeFieldBuilder() {
+      if (lifetimeBuilder_ == null) {
+        lifetimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Duration,
+                com.google.protobuf.Duration.Builder,
+                com.google.protobuf.DurationOrBuilder>(
+                getLifetime(), getParentForChildren(), isClean());
+        lifetime_ = null;
+      }
+      return lifetimeBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateAccessTokenRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateAccessTokenRequest)
+  private static final com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GenerateAccessTokenRequest> PARSER =
+      new com.google.protobuf.AbstractParser<GenerateAccessTokenRequest>() {
+        @java.lang.Override
+        public GenerateAccessTokenRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GenerateAccessTokenRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GenerateAccessTokenRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GenerateAccessTokenRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenRequestOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenRequestOrBuilder.java
new file mode 100644
index 000000000000..4d1d761ab05d
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenRequestOrBuilder.java
@@ -0,0 +1,197 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface GenerateAccessTokenRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.GenerateAccessTokenRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  java.util.List<java.lang.String> getDelegatesList();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  int getDelegatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  java.lang.String getDelegates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  com.google.protobuf.ByteString getDelegatesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  java.util.List<java.lang.String> getScopeList();
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  int getScopeCount();
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  java.lang.String getScope(int index);
+  /**
+   *
+   *
+   * <pre>
+   * Code to identify the scopes to be included in the OAuth 2.0 access token.
+   * See https://developers.google.com/identity/protocols/googlescopes for more
+   * information.
+   * At least one value required.
+   * </pre>
+   *
+   * <code>repeated string scope = 4;</code>
+   */
+  com.google.protobuf.ByteString getScopeBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * The desired lifetime duration of the access token in seconds.
+   * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+   * not specified, the token's lifetime will be set to a default value of one
+   * hour.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 7;</code>
+   */
+  boolean hasLifetime();
+  /**
+   *
+   *
+   * <pre>
+   * The desired lifetime duration of the access token in seconds.
+   * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+   * not specified, the token's lifetime will be set to a default value of one
+   * hour.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 7;</code>
+   */
+  com.google.protobuf.Duration getLifetime();
+  /**
+   *
+   *
+   * <pre>
+   * The desired lifetime duration of the access token in seconds.
+   * Must be set to a value less than or equal to 3600 (1 hour). If a value is
+   * not specified, the token's lifetime will be set to a default value of one
+   * hour.
+   * </pre>
+   *
+   * <code>.google.protobuf.Duration lifetime = 7;</code>
+   */
+  com.google.protobuf.DurationOrBuilder getLifetimeOrBuilder();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenResponse.java
new file mode 100644
index 000000000000..d8eab2301d25
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenResponse.java
@@ -0,0 +1,864 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.GenerateAccessTokenResponse} */
+public final class GenerateAccessTokenResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateAccessTokenResponse)
+    GenerateAccessTokenResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GenerateAccessTokenResponse.newBuilder() to construct.
+  private GenerateAccessTokenResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GenerateAccessTokenResponse() {
+    accessToken_ = "";
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GenerateAccessTokenResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              accessToken_ = s;
+              break;
+            }
+          case 26:
+            {
+              com.google.protobuf.Timestamp.Builder subBuilder = null;
+              if (expireTime_ != null) {
+                subBuilder = expireTime_.toBuilder();
+              }
+              expireTime_ =
+                  input.readMessage(com.google.protobuf.Timestamp.parser(), extensionRegistry);
+              if (subBuilder != null) {
+                subBuilder.mergeFrom(expireTime_);
+                expireTime_ = subBuilder.buildPartial();
+              }
+
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse.class,
+            com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse.Builder.class);
+  }
+
+  public static final int ACCESS_TOKEN_FIELD_NUMBER = 1;
+  private volatile java.lang.Object accessToken_;
+  /**
+   *
+   *
+   * <pre>
+   * The OAuth 2.0 access token.
+   * </pre>
+   *
+   * <code>string access_token = 1;</code>
+   */
+  public java.lang.String getAccessToken() {
+    java.lang.Object ref = accessToken_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      accessToken_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The OAuth 2.0 access token.
+   * </pre>
+   *
+   * <code>string access_token = 1;</code>
+   */
+  public com.google.protobuf.ByteString getAccessTokenBytes() {
+    java.lang.Object ref = accessToken_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      accessToken_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int EXPIRE_TIME_FIELD_NUMBER = 3;
+  private com.google.protobuf.Timestamp expireTime_;
+  /**
+   *
+   *
+   * <pre>
+   * Token expiration time.
+   * The expiration time is always set.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+   */
+  public boolean hasExpireTime() {
+    return expireTime_ != null;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Token expiration time.
+   * The expiration time is always set.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+   */
+  public com.google.protobuf.Timestamp getExpireTime() {
+    return expireTime_ == null ? com.google.protobuf.Timestamp.getDefaultInstance() : expireTime_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Token expiration time.
+   * The expiration time is always set.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+   */
+  public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+    return getExpireTime();
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getAccessTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, accessToken_);
+    }
+    if (expireTime_ != null) {
+      output.writeMessage(3, getExpireTime());
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getAccessTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, accessToken_);
+    }
+    if (expireTime_ != null) {
+      size += com.google.protobuf.CodedOutputStream.computeMessageSize(3, getExpireTime());
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse other =
+        (com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse) obj;
+
+    boolean result = true;
+    result = result && getAccessToken().equals(other.getAccessToken());
+    result = result && (hasExpireTime() == other.hasExpireTime());
+    if (hasExpireTime()) {
+      result = result && getExpireTime().equals(other.getExpireTime());
+    }
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + ACCESS_TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getAccessToken().hashCode();
+    if (hasExpireTime()) {
+      hash = (37 * hash) + EXPIRE_TIME_FIELD_NUMBER;
+      hash = (53 * hash) + getExpireTime().hashCode();
+    }
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.GenerateAccessTokenResponse} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.GenerateAccessTokenResponse)
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse.class,
+              com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      accessToken_ = "";
+
+      if (expireTimeBuilder_ == null) {
+        expireTime_ = null;
+      } else {
+        expireTime_ = null;
+        expireTimeBuilder_ = null;
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse
+        getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse build() {
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse buildPartial() {
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse result =
+          new com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse(this);
+      result.accessToken_ = accessToken_;
+      if (expireTimeBuilder_ == null) {
+        result.expireTime_ = expireTime_;
+      } else {
+        result.expireTime_ = expireTimeBuilder_.build();
+      }
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(
+        com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse other) {
+      if (other
+          == com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse.getDefaultInstance())
+        return this;
+      if (!other.getAccessToken().isEmpty()) {
+        accessToken_ = other.accessToken_;
+        onChanged();
+      }
+      if (other.hasExpireTime()) {
+        mergeExpireTime(other.getExpireTime());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse)
+                e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object accessToken_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The OAuth 2.0 access token.
+     * </pre>
+     *
+     * <code>string access_token = 1;</code>
+     */
+    public java.lang.String getAccessToken() {
+      java.lang.Object ref = accessToken_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        accessToken_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OAuth 2.0 access token.
+     * </pre>
+     *
+     * <code>string access_token = 1;</code>
+     */
+    public com.google.protobuf.ByteString getAccessTokenBytes() {
+      java.lang.Object ref = accessToken_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        accessToken_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OAuth 2.0 access token.
+     * </pre>
+     *
+     * <code>string access_token = 1;</code>
+     */
+    public Builder setAccessToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      accessToken_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OAuth 2.0 access token.
+     * </pre>
+     *
+     * <code>string access_token = 1;</code>
+     */
+    public Builder clearAccessToken() {
+
+      accessToken_ = getDefaultInstance().getAccessToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OAuth 2.0 access token.
+     * </pre>
+     *
+     * <code>string access_token = 1;</code>
+     */
+    public Builder setAccessTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      accessToken_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.Timestamp expireTime_ = null;
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        expireTimeBuilder_;
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public boolean hasExpireTime() {
+      return expireTimeBuilder_ != null || expireTime_ != null;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public com.google.protobuf.Timestamp getExpireTime() {
+      if (expireTimeBuilder_ == null) {
+        return expireTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : expireTime_;
+      } else {
+        return expireTimeBuilder_.getMessage();
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public Builder setExpireTime(com.google.protobuf.Timestamp value) {
+      if (expireTimeBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        expireTime_ = value;
+        onChanged();
+      } else {
+        expireTimeBuilder_.setMessage(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public Builder setExpireTime(com.google.protobuf.Timestamp.Builder builderForValue) {
+      if (expireTimeBuilder_ == null) {
+        expireTime_ = builderForValue.build();
+        onChanged();
+      } else {
+        expireTimeBuilder_.setMessage(builderForValue.build());
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public Builder mergeExpireTime(com.google.protobuf.Timestamp value) {
+      if (expireTimeBuilder_ == null) {
+        if (expireTime_ != null) {
+          expireTime_ =
+              com.google.protobuf.Timestamp.newBuilder(expireTime_).mergeFrom(value).buildPartial();
+        } else {
+          expireTime_ = value;
+        }
+        onChanged();
+      } else {
+        expireTimeBuilder_.mergeFrom(value);
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public Builder clearExpireTime() {
+      if (expireTimeBuilder_ == null) {
+        expireTime_ = null;
+        onChanged();
+      } else {
+        expireTime_ = null;
+        expireTimeBuilder_ = null;
+      }
+
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public com.google.protobuf.Timestamp.Builder getExpireTimeBuilder() {
+
+      onChanged();
+      return getExpireTimeFieldBuilder().getBuilder();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    public com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder() {
+      if (expireTimeBuilder_ != null) {
+        return expireTimeBuilder_.getMessageOrBuilder();
+      } else {
+        return expireTime_ == null
+            ? com.google.protobuf.Timestamp.getDefaultInstance()
+            : expireTime_;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Token expiration time.
+     * The expiration time is always set.
+     * </pre>
+     *
+     * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+     */
+    private com.google.protobuf.SingleFieldBuilderV3<
+            com.google.protobuf.Timestamp,
+            com.google.protobuf.Timestamp.Builder,
+            com.google.protobuf.TimestampOrBuilder>
+        getExpireTimeFieldBuilder() {
+      if (expireTimeBuilder_ == null) {
+        expireTimeBuilder_ =
+            new com.google.protobuf.SingleFieldBuilderV3<
+                com.google.protobuf.Timestamp,
+                com.google.protobuf.Timestamp.Builder,
+                com.google.protobuf.TimestampOrBuilder>(
+                getExpireTime(), getParentForChildren(), isClean());
+        expireTime_ = null;
+      }
+      return expireTimeBuilder_;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateAccessTokenResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateAccessTokenResponse)
+  private static final com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse
+      DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse
+      getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GenerateAccessTokenResponse> PARSER =
+      new com.google.protobuf.AbstractParser<GenerateAccessTokenResponse>() {
+        @java.lang.Override
+        public GenerateAccessTokenResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GenerateAccessTokenResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GenerateAccessTokenResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GenerateAccessTokenResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse
+      getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenResponseOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenResponseOrBuilder.java
new file mode 100644
index 000000000000..3b2433abfb4c
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateAccessTokenResponseOrBuilder.java
@@ -0,0 +1,65 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface GenerateAccessTokenResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.GenerateAccessTokenResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The OAuth 2.0 access token.
+   * </pre>
+   *
+   * <code>string access_token = 1;</code>
+   */
+  java.lang.String getAccessToken();
+  /**
+   *
+   *
+   * <pre>
+   * The OAuth 2.0 access token.
+   * </pre>
+   *
+   * <code>string access_token = 1;</code>
+   */
+  com.google.protobuf.ByteString getAccessTokenBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Token expiration time.
+   * The expiration time is always set.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+   */
+  boolean hasExpireTime();
+  /**
+   *
+   *
+   * <pre>
+   * Token expiration time.
+   * The expiration time is always set.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+   */
+  com.google.protobuf.Timestamp getExpireTime();
+  /**
+   *
+   *
+   * <pre>
+   * Token expiration time.
+   * The expiration time is always set.
+   * </pre>
+   *
+   * <code>.google.protobuf.Timestamp expire_time = 3;</code>
+   */
+  com.google.protobuf.TimestampOrBuilder getExpireTimeOrBuilder();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenRequest.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenRequest.java
new file mode 100644
index 000000000000..81ac3a6e9ccf
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenRequest.java
@@ -0,0 +1,1188 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenRequest} */
+public final class GenerateIdTokenRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateIdTokenRequest)
+    GenerateIdTokenRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GenerateIdTokenRequest.newBuilder() to construct.
+  private GenerateIdTokenRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GenerateIdTokenRequest() {
+    name_ = "";
+    delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    audience_ = "";
+    includeEmail_ = false;
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GenerateIdTokenRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+                delegates_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              delegates_.add(s);
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              audience_ = s;
+              break;
+            }
+          case 32:
+            {
+              includeEmail_ = input.readBool();
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest.class,
+            com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest.Builder.class);
+  }
+
+  private int bitField0_;
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int DELEGATES_FIELD_NUMBER = 2;
+  private com.google.protobuf.LazyStringList delegates_;
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public com.google.protobuf.ProtocolStringList getDelegatesList() {
+    return delegates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public int getDelegatesCount() {
+    return delegates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public java.lang.String getDelegates(int index) {
+    return delegates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+    return delegates_.getByteString(index);
+  }
+
+  public static final int AUDIENCE_FIELD_NUMBER = 3;
+  private volatile java.lang.Object audience_;
+  /**
+   *
+   *
+   * <pre>
+   * The audience for the token, such as the API or account that this token
+   * grants access to.
+   * </pre>
+   *
+   * <code>string audience = 3;</code>
+   */
+  public java.lang.String getAudience() {
+    java.lang.Object ref = audience_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      audience_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The audience for the token, such as the API or account that this token
+   * grants access to.
+   * </pre>
+   *
+   * <code>string audience = 3;</code>
+   */
+  public com.google.protobuf.ByteString getAudienceBytes() {
+    java.lang.Object ref = audience_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      audience_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int INCLUDE_EMAIL_FIELD_NUMBER = 4;
+  private boolean includeEmail_;
+  /**
+   *
+   *
+   * <pre>
+   * Include the service account email in the token. If set to `true`, the
+   * token will contain `email` and `email_verified` claims.
+   * </pre>
+   *
+   * <code>bool include_email = 4;</code>
+   */
+  public boolean getIncludeEmail() {
+    return includeEmail_;
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    for (int i = 0; i < delegates_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, delegates_.getRaw(i));
+    }
+    if (!getAudienceBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, audience_);
+    }
+    if (includeEmail_ != false) {
+      output.writeBool(4, includeEmail_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < delegates_.size(); i++) {
+        dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getDelegatesList().size();
+    }
+    if (!getAudienceBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(3, audience_);
+    }
+    if (includeEmail_ != false) {
+      size += com.google.protobuf.CodedOutputStream.computeBoolSize(4, includeEmail_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest other =
+        (com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest) obj;
+
+    boolean result = true;
+    result = result && getName().equals(other.getName());
+    result = result && getDelegatesList().equals(other.getDelegatesList());
+    result = result && getAudience().equals(other.getAudience());
+    result = result && (getIncludeEmail() == other.getIncludeEmail());
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    if (getDelegatesCount() > 0) {
+      hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+      hash = (53 * hash) + getDelegatesList().hashCode();
+    }
+    hash = (37 * hash) + AUDIENCE_FIELD_NUMBER;
+    hash = (53 * hash) + getAudience().hashCode();
+    hash = (37 * hash) + INCLUDE_EMAIL_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getIncludeEmail());
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenRequest} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.GenerateIdTokenRequest)
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest.class,
+              com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      audience_ = "";
+
+      includeEmail_ = false;
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest build() {
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest buildPartial() {
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest result =
+          new com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest(this);
+      int from_bitField0_ = bitField0_;
+      int to_bitField0_ = 0;
+      result.name_ = name_;
+      if (((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.delegates_ = delegates_;
+      result.audience_ = audience_;
+      result.includeEmail_ = includeEmail_;
+      result.bitField0_ = to_bitField0_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest other) {
+      if (other == com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.delegates_.isEmpty()) {
+        if (delegates_.isEmpty()) {
+          delegates_ = other.delegates_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureDelegatesIsMutable();
+          delegates_.addAll(other.delegates_);
+        }
+        onChanged();
+      }
+      if (!other.getAudience().isEmpty()) {
+        audience_ = other.audience_;
+        onChanged();
+      }
+      if (other.getIncludeEmail() != false) {
+        setIncludeEmail(other.getIncludeEmail());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList delegates_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureDelegatesIsMutable() {
+      if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public com.google.protobuf.ProtocolStringList getDelegatesList() {
+      return delegates_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public int getDelegatesCount() {
+      return delegates_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public java.lang.String getDelegates(int index) {
+      return delegates_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+      return delegates_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder setDelegates(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder addDelegates(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder addAllDelegates(java.lang.Iterable<java.lang.String> values) {
+      ensureDelegatesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, delegates_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder clearDelegates() {
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 2;</code>
+     */
+    public Builder addDelegatesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object audience_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The audience for the token, such as the API or account that this token
+     * grants access to.
+     * </pre>
+     *
+     * <code>string audience = 3;</code>
+     */
+    public java.lang.String getAudience() {
+      java.lang.Object ref = audience_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        audience_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The audience for the token, such as the API or account that this token
+     * grants access to.
+     * </pre>
+     *
+     * <code>string audience = 3;</code>
+     */
+    public com.google.protobuf.ByteString getAudienceBytes() {
+      java.lang.Object ref = audience_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        audience_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The audience for the token, such as the API or account that this token
+     * grants access to.
+     * </pre>
+     *
+     * <code>string audience = 3;</code>
+     */
+    public Builder setAudience(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      audience_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The audience for the token, such as the API or account that this token
+     * grants access to.
+     * </pre>
+     *
+     * <code>string audience = 3;</code>
+     */
+    public Builder clearAudience() {
+
+      audience_ = getDefaultInstance().getAudience();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The audience for the token, such as the API or account that this token
+     * grants access to.
+     * </pre>
+     *
+     * <code>string audience = 3;</code>
+     */
+    public Builder setAudienceBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      audience_ = value;
+      onChanged();
+      return this;
+    }
+
+    private boolean includeEmail_;
+    /**
+     *
+     *
+     * <pre>
+     * Include the service account email in the token. If set to `true`, the
+     * token will contain `email` and `email_verified` claims.
+     * </pre>
+     *
+     * <code>bool include_email = 4;</code>
+     */
+    public boolean getIncludeEmail() {
+      return includeEmail_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Include the service account email in the token. If set to `true`, the
+     * token will contain `email` and `email_verified` claims.
+     * </pre>
+     *
+     * <code>bool include_email = 4;</code>
+     */
+    public Builder setIncludeEmail(boolean value) {
+
+      includeEmail_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Include the service account email in the token. If set to `true`, the
+     * token will contain `email` and `email_verified` claims.
+     * </pre>
+     *
+     * <code>bool include_email = 4;</code>
+     */
+    public Builder clearIncludeEmail() {
+
+      includeEmail_ = false;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateIdTokenRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateIdTokenRequest)
+  private static final com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GenerateIdTokenRequest> PARSER =
+      new com.google.protobuf.AbstractParser<GenerateIdTokenRequest>() {
+        @java.lang.Override
+        public GenerateIdTokenRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GenerateIdTokenRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GenerateIdTokenRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GenerateIdTokenRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenRequestOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenRequestOrBuilder.java
new file mode 100644
index 000000000000..f7c91179ee30
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenRequestOrBuilder.java
@@ -0,0 +1,139 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface GenerateIdTokenRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.GenerateIdTokenRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  java.util.List<java.lang.String> getDelegatesList();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  int getDelegatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  java.lang.String getDelegates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 2;</code>
+   */
+  com.google.protobuf.ByteString getDelegatesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * The audience for the token, such as the API or account that this token
+   * grants access to.
+   * </pre>
+   *
+   * <code>string audience = 3;</code>
+   */
+  java.lang.String getAudience();
+  /**
+   *
+   *
+   * <pre>
+   * The audience for the token, such as the API or account that this token
+   * grants access to.
+   * </pre>
+   *
+   * <code>string audience = 3;</code>
+   */
+  com.google.protobuf.ByteString getAudienceBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * Include the service account email in the token. If set to `true`, the
+   * token will contain `email` and `email_verified` claims.
+   * </pre>
+   *
+   * <code>bool include_email = 4;</code>
+   */
+  boolean getIncludeEmail();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenResponse.java
new file mode 100644
index 000000000000..bd1eea3ff1cf
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenResponse.java
@@ -0,0 +1,584 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenResponse} */
+public final class GenerateIdTokenResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.GenerateIdTokenResponse)
+    GenerateIdTokenResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use GenerateIdTokenResponse.newBuilder() to construct.
+  private GenerateIdTokenResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private GenerateIdTokenResponse() {
+    token_ = "";
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private GenerateIdTokenResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              token_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse.class,
+            com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse.Builder.class);
+  }
+
+  public static final int TOKEN_FIELD_NUMBER = 1;
+  private volatile java.lang.Object token_;
+  /**
+   *
+   *
+   * <pre>
+   * The OpenId Connect ID token.
+   * </pre>
+   *
+   * <code>string token = 1;</code>
+   */
+  public java.lang.String getToken() {
+    java.lang.Object ref = token_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      token_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The OpenId Connect ID token.
+   * </pre>
+   *
+   * <code>string token = 1;</code>
+   */
+  public com.google.protobuf.ByteString getTokenBytes() {
+    java.lang.Object ref = token_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      token_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getTokenBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, token_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getTokenBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, token_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse other =
+        (com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse) obj;
+
+    boolean result = true;
+    result = result && getToken().equals(other.getToken());
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + TOKEN_FIELD_NUMBER;
+    hash = (53 * hash) + getToken().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.GenerateIdTokenResponse} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.GenerateIdTokenResponse)
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse.class,
+              com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      token_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse build() {
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse buildPartial() {
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse result =
+          new com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse(this);
+      result.token_ = token_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse other) {
+      if (other == com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse.getDefaultInstance())
+        return this;
+      if (!other.getToken().isEmpty()) {
+        token_ = other.token_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object token_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The OpenId Connect ID token.
+     * </pre>
+     *
+     * <code>string token = 1;</code>
+     */
+    public java.lang.String getToken() {
+      java.lang.Object ref = token_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        token_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OpenId Connect ID token.
+     * </pre>
+     *
+     * <code>string token = 1;</code>
+     */
+    public com.google.protobuf.ByteString getTokenBytes() {
+      java.lang.Object ref = token_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        token_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OpenId Connect ID token.
+     * </pre>
+     *
+     * <code>string token = 1;</code>
+     */
+    public Builder setToken(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      token_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OpenId Connect ID token.
+     * </pre>
+     *
+     * <code>string token = 1;</code>
+     */
+    public Builder clearToken() {
+
+      token_ = getDefaultInstance().getToken();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The OpenId Connect ID token.
+     * </pre>
+     *
+     * <code>string token = 1;</code>
+     */
+    public Builder setTokenBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      token_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.GenerateIdTokenResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.GenerateIdTokenResponse)
+  private static final com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<GenerateIdTokenResponse> PARSER =
+      new com.google.protobuf.AbstractParser<GenerateIdTokenResponse>() {
+        @java.lang.Override
+        public GenerateIdTokenResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new GenerateIdTokenResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<GenerateIdTokenResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<GenerateIdTokenResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenResponseOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenResponseOrBuilder.java
new file mode 100644
index 000000000000..0d06646f3707
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/GenerateIdTokenResponseOrBuilder.java
@@ -0,0 +1,31 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface GenerateIdTokenResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.GenerateIdTokenResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The OpenId Connect ID token.
+   * </pre>
+   *
+   * <code>string token = 1;</code>
+   */
+  java.lang.String getToken();
+  /**
+   *
+   *
+   * <pre>
+   * The OpenId Connect ID token.
+   * </pre>
+   *
+   * <code>string token = 1;</code>
+   */
+  com.google.protobuf.ByteString getTokenBytes();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsCommonProto.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsCommonProto.java
new file mode 100644
index 000000000000..1913fb615541
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsCommonProto.java
@@ -0,0 +1,164 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public final class IAMCredentialsCommonProto {
+  private IAMCredentialsCommonProto() {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
+  }
+
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_SignBlobRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_SignBlobResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_SignJwtRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_SignJwtResponse_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+      internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor;
+  static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_fieldAccessorTable;
+
+  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+    return descriptor;
+  }
+
+  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
+
+  static {
+    java.lang.String[] descriptorData = {
+      "\n&google/iam/credentials/v1/common.proto"
+          + "\022\031google.iam.credentials.v1\032\036google/prot"
+          + "obuf/duration.proto\032\037google/protobuf/tim"
+          + "estamp.proto\"y\n\032GenerateAccessTokenReque"
+          + "st\022\014\n\004name\030\001 \001(\t\022\021\n\tdelegates\030\002 \003(\t\022\r\n\005s"
+          + "cope\030\004 \003(\t\022+\n\010lifetime\030\007 \001(\0132\031.google.pr"
+          + "otobuf.Duration\"d\n\033GenerateAccessTokenRe"
+          + "sponse\022\024\n\014access_token\030\001 \001(\t\022/\n\013expire_t"
+          + "ime\030\003 \001(\0132\032.google.protobuf.Timestamp\"C\n"
+          + "\017SignBlobRequest\022\014\n\004name\030\001 \001(\t\022\021\n\tdelega"
+          + "tes\030\003 \003(\t\022\017\n\007payload\030\005 \001(\014\"7\n\020SignBlobRe"
+          + "sponse\022\016\n\006key_id\030\001 \001(\t\022\023\n\013signed_blob\030\004 "
+          + "\001(\014\"B\n\016SignJwtRequest\022\014\n\004name\030\001 \001(\t\022\021\n\td"
+          + "elegates\030\003 \003(\t\022\017\n\007payload\030\005 \001(\t\"5\n\017SignJ"
+          + "wtResponse\022\016\n\006key_id\030\001 \001(\t\022\022\n\nsigned_jwt"
+          + "\030\002 \001(\t\"b\n\026GenerateIdTokenRequest\022\014\n\004name"
+          + "\030\001 \001(\t\022\021\n\tdelegates\030\002 \003(\t\022\020\n\010audience\030\003 "
+          + "\001(\t\022\025\n\rinclude_email\030\004 \001(\010\"(\n\027GenerateId"
+          + "TokenResponse\022\r\n\005token\030\001 \001(\tB\213\001\n#com.goo"
+          + "gle.cloud.iam.credentials.v1B\031IAMCredent"
+          + "ialsCommonProtoP\001ZDgoogle.golang.org/gen"
+          + "proto/googleapis/iam/credentials/v1;cred"
+          + "entials\370\001\001b\006proto3"
+    };
+    com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner assigner =
+        new com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner() {
+          public com.google.protobuf.ExtensionRegistry assignDescriptors(
+              com.google.protobuf.Descriptors.FileDescriptor root) {
+            descriptor = root;
+            return null;
+          }
+        };
+    com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
+        descriptorData,
+        new com.google.protobuf.Descriptors.FileDescriptor[] {
+          com.google.protobuf.DurationProto.getDescriptor(),
+          com.google.protobuf.TimestampProto.getDescriptor(),
+        },
+        assigner);
+    internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor =
+        getDescriptor().getMessageTypes().get(0);
+    internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_GenerateAccessTokenRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "Delegates", "Scope", "Lifetime",
+            });
+    internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor =
+        getDescriptor().getMessageTypes().get(1);
+    internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_GenerateAccessTokenResponse_descriptor,
+            new java.lang.String[] {
+              "AccessToken", "ExpireTime",
+            });
+    internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor =
+        getDescriptor().getMessageTypes().get(2);
+    internal_static_google_iam_credentials_v1_SignBlobRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "Delegates", "Payload",
+            });
+    internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor =
+        getDescriptor().getMessageTypes().get(3);
+    internal_static_google_iam_credentials_v1_SignBlobResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor,
+            new java.lang.String[] {
+              "KeyId", "SignedBlob",
+            });
+    internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor =
+        getDescriptor().getMessageTypes().get(4);
+    internal_static_google_iam_credentials_v1_SignJwtRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "Delegates", "Payload",
+            });
+    internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor =
+        getDescriptor().getMessageTypes().get(5);
+    internal_static_google_iam_credentials_v1_SignJwtResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor,
+            new java.lang.String[] {
+              "KeyId", "SignedJwt",
+            });
+    internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor =
+        getDescriptor().getMessageTypes().get(6);
+    internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_GenerateIdTokenRequest_descriptor,
+            new java.lang.String[] {
+              "Name", "Delegates", "Audience", "IncludeEmail",
+            });
+    internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor =
+        getDescriptor().getMessageTypes().get(7);
+    internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
+            internal_static_google_iam_credentials_v1_GenerateIdTokenResponse_descriptor,
+            new java.lang.String[] {
+              "Token",
+            });
+    com.google.protobuf.DurationProto.getDescriptor();
+    com.google.protobuf.TimestampProto.getDescriptor();
+  }
+
+  // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsProto.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsProto.java
new file mode 100644
index 000000000000..6bd5863e9bb7
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/IAMCredentialsProto.java
@@ -0,0 +1,75 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/iamcredentials.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public final class IAMCredentialsProto {
+  private IAMCredentialsProto() {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
+  }
+
+  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+    return descriptor;
+  }
+
+  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
+
+  static {
+    java.lang.String[] descriptorData = {
+      "\n.google/iam/credentials/v1/iamcredentia"
+          + "ls.proto\022\031google.iam.credentials.v1\032\034goo"
+          + "gle/api/annotations.proto\032&google/iam/cr"
+          + "edentials/v1/common.proto2\340\005\n\016IAMCredent"
+          + "ials\022\314\001\n\023GenerateAccessToken\0225.google.ia"
+          + "m.credentials.v1.GenerateAccessTokenRequ"
+          + "est\0326.google.iam.credentials.v1.Generate"
+          + "AccessTokenResponse\"F\202\323\344\223\002@\";/v1/{name=p"
+          + "rojects/*/serviceAccounts/*}:generateAcc"
+          + "essToken:\001*\022\274\001\n\017GenerateIdToken\0221.google"
+          + ".iam.credentials.v1.GenerateIdTokenReque"
+          + "st\0322.google.iam.credentials.v1.GenerateI"
+          + "dTokenResponse\"B\202\323\344\223\002<\"7/v1/{name=projec"
+          + "ts/*/serviceAccounts/*}:generateIdToken:"
+          + "\001*\022\240\001\n\010SignBlob\022*.google.iam.credentials"
+          + ".v1.SignBlobRequest\032+.google.iam.credent"
+          + "ials.v1.SignBlobResponse\";\202\323\344\223\0025\"0/v1/{n"
+          + "ame=projects/*/serviceAccounts/*}:signBl"
+          + "ob:\001*\022\234\001\n\007SignJwt\022).google.iam.credentia"
+          + "ls.v1.SignJwtRequest\032*.google.iam.creden"
+          + "tials.v1.SignJwtResponse\":\202\323\344\223\0024\"//v1/{n"
+          + "ame=projects/*/serviceAccounts/*}:signJw"
+          + "t:\001*B\205\001\n#com.google.cloud.iam.credential"
+          + "s.v1B\023IAMCredentialsProtoP\001ZDgoogle.gola"
+          + "ng.org/genproto/googleapis/iam/credentia"
+          + "ls/v1;credentials\370\001\001b\006proto3"
+    };
+    com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner assigner =
+        new com.google.protobuf.Descriptors.FileDescriptor.InternalDescriptorAssigner() {
+          public com.google.protobuf.ExtensionRegistry assignDescriptors(
+              com.google.protobuf.Descriptors.FileDescriptor root) {
+            descriptor = root;
+            return null;
+          }
+        };
+    com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
+        descriptorData,
+        new com.google.protobuf.Descriptors.FileDescriptor[] {
+          com.google.api.AnnotationsProto.getDescriptor(),
+          com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto.getDescriptor(),
+        },
+        assigner);
+    com.google.protobuf.ExtensionRegistry registry =
+        com.google.protobuf.ExtensionRegistry.newInstance();
+    registry.add(com.google.api.AnnotationsProto.http);
+    com.google.protobuf.Descriptors.FileDescriptor.internalUpdateFileDescriptor(
+        descriptor, registry);
+    com.google.api.AnnotationsProto.getDescriptor();
+    com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto.getDescriptor();
+  }
+
+  // @@protoc_insertion_point(outer_class_scope)
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/ServiceAccountName.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/ServiceAccountName.java
new file mode 100644
index 000000000000..48d938e793a0
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/ServiceAccountName.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.google.cloud.iam.credentials.v1;
+
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.api.resourcenames.ResourceName;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableMap;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+@javax.annotation.Generated("by GAPIC protoc plugin")
+public class ServiceAccountName implements ResourceName {
+
+  private static final PathTemplate PATH_TEMPLATE =
+      PathTemplate.createWithoutUrlEncoding("projects/{project}/serviceAccounts/{service_account}");
+
+  private volatile Map<String, String> fieldValuesMap;
+
+  private final String project;
+  private final String serviceAccount;
+
+  public String getProject() {
+    return project;
+  }
+
+  public String getServiceAccount() {
+    return serviceAccount;
+  }
+
+  public static Builder newBuilder() {
+    return new Builder();
+  }
+
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  private ServiceAccountName(Builder builder) {
+    project = Preconditions.checkNotNull(builder.getProject());
+    serviceAccount = Preconditions.checkNotNull(builder.getServiceAccount());
+  }
+
+  public static ServiceAccountName of(String project, String serviceAccount) {
+    return newBuilder().setProject(project).setServiceAccount(serviceAccount).build();
+  }
+
+  public static String format(String project, String serviceAccount) {
+    return newBuilder().setProject(project).setServiceAccount(serviceAccount).build().toString();
+  }
+
+  public static ServiceAccountName parse(String formattedString) {
+    if (formattedString.isEmpty()) {
+      return null;
+    }
+    Map<String, String> matchMap =
+        PATH_TEMPLATE.validatedMatch(
+            formattedString, "ServiceAccountName.parse: formattedString not in valid format");
+    return of(matchMap.get("project"), matchMap.get("service_account"));
+  }
+
+  public static List<ServiceAccountName> parseList(List<String> formattedStrings) {
+    List<ServiceAccountName> list = new ArrayList<>(formattedStrings.size());
+    for (String formattedString : formattedStrings) {
+      list.add(parse(formattedString));
+    }
+    return list;
+  }
+
+  public static List<String> toStringList(List<ServiceAccountName> values) {
+    List<String> list = new ArrayList<String>(values.size());
+    for (ServiceAccountName value : values) {
+      if (value == null) {
+        list.add("");
+      } else {
+        list.add(value.toString());
+      }
+    }
+    return list;
+  }
+
+  public static boolean isParsableFrom(String formattedString) {
+    return PATH_TEMPLATE.matches(formattedString);
+  }
+
+  public Map<String, String> getFieldValuesMap() {
+    if (fieldValuesMap == null) {
+      synchronized (this) {
+        if (fieldValuesMap == null) {
+          ImmutableMap.Builder<String, String> fieldMapBuilder = ImmutableMap.builder();
+          fieldMapBuilder.put("project", project);
+          fieldMapBuilder.put("serviceAccount", serviceAccount);
+          fieldValuesMap = fieldMapBuilder.build();
+        }
+      }
+    }
+    return fieldValuesMap;
+  }
+
+  public String getFieldValue(String fieldName) {
+    return getFieldValuesMap().get(fieldName);
+  }
+
+  @Override
+  public String toString() {
+    return PATH_TEMPLATE.instantiate("project", project, "service_account", serviceAccount);
+  }
+
+  /** Builder for ServiceAccountName. */
+  public static class Builder {
+
+    private String project;
+    private String serviceAccount;
+
+    public String getProject() {
+      return project;
+    }
+
+    public String getServiceAccount() {
+      return serviceAccount;
+    }
+
+    public Builder setProject(String project) {
+      this.project = project;
+      return this;
+    }
+
+    public Builder setServiceAccount(String serviceAccount) {
+      this.serviceAccount = serviceAccount;
+      return this;
+    }
+
+    private Builder() {}
+
+    private Builder(ServiceAccountName serviceAccountName) {
+      project = serviceAccountName.project;
+      serviceAccount = serviceAccountName.serviceAccount;
+    }
+
+    public ServiceAccountName build() {
+      return new ServiceAccountName(this);
+    }
+  }
+
+  @Override
+  public boolean equals(Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (o instanceof ServiceAccountName) {
+      ServiceAccountName that = (ServiceAccountName) o;
+      return (this.project.equals(that.project))
+          && (this.serviceAccount.equals(that.serviceAccount));
+    }
+    return false;
+  }
+
+  @Override
+  public int hashCode() {
+    int h = 1;
+    h *= 1000003;
+    h ^= project.hashCode();
+    h *= 1000003;
+    h ^= serviceAccount.hashCode();
+    return h;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobRequest.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobRequest.java
new file mode 100644
index 000000000000..990a45ee8d27
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobRequest.java
@@ -0,0 +1,1018 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.SignBlobRequest} */
+public final class SignBlobRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.SignBlobRequest)
+    SignBlobRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use SignBlobRequest.newBuilder() to construct.
+  private SignBlobRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private SignBlobRequest() {
+    name_ = "";
+    delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    payload_ = com.google.protobuf.ByteString.EMPTY;
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private SignBlobRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+                delegates_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              delegates_.add(s);
+              break;
+            }
+          case 42:
+            {
+              payload_ = input.readBytes();
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignBlobRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.SignBlobRequest.class,
+            com.google.cloud.iam.credentials.v1.SignBlobRequest.Builder.class);
+  }
+
+  private int bitField0_;
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int DELEGATES_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList delegates_;
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public com.google.protobuf.ProtocolStringList getDelegatesList() {
+    return delegates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public int getDelegatesCount() {
+    return delegates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public java.lang.String getDelegates(int index) {
+    return delegates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+    return delegates_.getByteString(index);
+  }
+
+  public static final int PAYLOAD_FIELD_NUMBER = 5;
+  private com.google.protobuf.ByteString payload_;
+  /**
+   *
+   *
+   * <pre>
+   * The bytes to sign.
+   * </pre>
+   *
+   * <code>bytes payload = 5;</code>
+   */
+  public com.google.protobuf.ByteString getPayload() {
+    return payload_;
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    for (int i = 0; i < delegates_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, delegates_.getRaw(i));
+    }
+    if (!payload_.isEmpty()) {
+      output.writeBytes(5, payload_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < delegates_.size(); i++) {
+        dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getDelegatesList().size();
+    }
+    if (!payload_.isEmpty()) {
+      size += com.google.protobuf.CodedOutputStream.computeBytesSize(5, payload_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.SignBlobRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.SignBlobRequest other =
+        (com.google.cloud.iam.credentials.v1.SignBlobRequest) obj;
+
+    boolean result = true;
+    result = result && getName().equals(other.getName());
+    result = result && getDelegatesList().equals(other.getDelegatesList());
+    result = result && getPayload().equals(other.getPayload());
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    if (getDelegatesCount() > 0) {
+      hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+      hash = (53 * hash) + getDelegatesList().hashCode();
+    }
+    hash = (37 * hash) + PAYLOAD_FIELD_NUMBER;
+    hash = (53 * hash) + getPayload().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.iam.credentials.v1.SignBlobRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.SignBlobRequest} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.SignBlobRequest)
+      com.google.cloud.iam.credentials.v1.SignBlobRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignBlobRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.SignBlobRequest.class,
+              com.google.cloud.iam.credentials.v1.SignBlobRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.SignBlobRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      payload_ = com.google.protobuf.ByteString.EMPTY;
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignBlobRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignBlobRequest getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.SignBlobRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignBlobRequest build() {
+      com.google.cloud.iam.credentials.v1.SignBlobRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignBlobRequest buildPartial() {
+      com.google.cloud.iam.credentials.v1.SignBlobRequest result =
+          new com.google.cloud.iam.credentials.v1.SignBlobRequest(this);
+      int from_bitField0_ = bitField0_;
+      int to_bitField0_ = 0;
+      result.name_ = name_;
+      if (((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.delegates_ = delegates_;
+      result.payload_ = payload_;
+      result.bitField0_ = to_bitField0_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.SignBlobRequest) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.SignBlobRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.iam.credentials.v1.SignBlobRequest other) {
+      if (other == com.google.cloud.iam.credentials.v1.SignBlobRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.delegates_.isEmpty()) {
+        if (delegates_.isEmpty()) {
+          delegates_ = other.delegates_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureDelegatesIsMutable();
+          delegates_.addAll(other.delegates_);
+        }
+        onChanged();
+      }
+      if (other.getPayload() != com.google.protobuf.ByteString.EMPTY) {
+        setPayload(other.getPayload());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.SignBlobRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.SignBlobRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList delegates_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureDelegatesIsMutable() {
+      if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public com.google.protobuf.ProtocolStringList getDelegatesList() {
+      return delegates_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public int getDelegatesCount() {
+      return delegates_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public java.lang.String getDelegates(int index) {
+      return delegates_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+      return delegates_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder setDelegates(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder addDelegates(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder addAllDelegates(java.lang.Iterable<java.lang.String> values) {
+      ensureDelegatesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, delegates_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder clearDelegates() {
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder addDelegatesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.ByteString payload_ = com.google.protobuf.ByteString.EMPTY;
+    /**
+     *
+     *
+     * <pre>
+     * The bytes to sign.
+     * </pre>
+     *
+     * <code>bytes payload = 5;</code>
+     */
+    public com.google.protobuf.ByteString getPayload() {
+      return payload_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The bytes to sign.
+     * </pre>
+     *
+     * <code>bytes payload = 5;</code>
+     */
+    public Builder setPayload(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      payload_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The bytes to sign.
+     * </pre>
+     *
+     * <code>bytes payload = 5;</code>
+     */
+    public Builder clearPayload() {
+
+      payload_ = getDefaultInstance().getPayload();
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignBlobRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignBlobRequest)
+  private static final com.google.cloud.iam.credentials.v1.SignBlobRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.SignBlobRequest();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<SignBlobRequest> PARSER =
+      new com.google.protobuf.AbstractParser<SignBlobRequest>() {
+        @java.lang.Override
+        public SignBlobRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new SignBlobRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<SignBlobRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<SignBlobRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.SignBlobRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobRequestOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobRequestOrBuilder.java
new file mode 100644
index 000000000000..ffa3b0367fcf
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobRequestOrBuilder.java
@@ -0,0 +1,115 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface SignBlobRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.SignBlobRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  java.util.List<java.lang.String> getDelegatesList();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  int getDelegatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  java.lang.String getDelegates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  com.google.protobuf.ByteString getDelegatesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * The bytes to sign.
+   * </pre>
+   *
+   * <code>bytes payload = 5;</code>
+   */
+  com.google.protobuf.ByteString getPayload();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobResponse.java
new file mode 100644
index 000000000000..2ff537ecab37
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobResponse.java
@@ -0,0 +1,666 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.SignBlobResponse} */
+public final class SignBlobResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.SignBlobResponse)
+    SignBlobResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use SignBlobResponse.newBuilder() to construct.
+  private SignBlobResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private SignBlobResponse() {
+    keyId_ = "";
+    signedBlob_ = com.google.protobuf.ByteString.EMPTY;
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private SignBlobResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              keyId_ = s;
+              break;
+            }
+          case 34:
+            {
+              signedBlob_ = input.readBytes();
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignBlobResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.SignBlobResponse.class,
+            com.google.cloud.iam.credentials.v1.SignBlobResponse.Builder.class);
+  }
+
+  public static final int KEY_ID_FIELD_NUMBER = 1;
+  private volatile java.lang.Object keyId_;
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the blob.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  public java.lang.String getKeyId() {
+    java.lang.Object ref = keyId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      keyId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the blob.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  public com.google.protobuf.ByteString getKeyIdBytes() {
+    java.lang.Object ref = keyId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      keyId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int SIGNED_BLOB_FIELD_NUMBER = 4;
+  private com.google.protobuf.ByteString signedBlob_;
+  /**
+   *
+   *
+   * <pre>
+   * The signed blob.
+   * </pre>
+   *
+   * <code>bytes signed_blob = 4;</code>
+   */
+  public com.google.protobuf.ByteString getSignedBlob() {
+    return signedBlob_;
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getKeyIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, keyId_);
+    }
+    if (!signedBlob_.isEmpty()) {
+      output.writeBytes(4, signedBlob_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getKeyIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, keyId_);
+    }
+    if (!signedBlob_.isEmpty()) {
+      size += com.google.protobuf.CodedOutputStream.computeBytesSize(4, signedBlob_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.SignBlobResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.SignBlobResponse other =
+        (com.google.cloud.iam.credentials.v1.SignBlobResponse) obj;
+
+    boolean result = true;
+    result = result && getKeyId().equals(other.getKeyId());
+    result = result && getSignedBlob().equals(other.getSignedBlob());
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + KEY_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getKeyId().hashCode();
+    hash = (37 * hash) + SIGNED_BLOB_FIELD_NUMBER;
+    hash = (53 * hash) + getSignedBlob().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.iam.credentials.v1.SignBlobResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.SignBlobResponse} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.SignBlobResponse)
+      com.google.cloud.iam.credentials.v1.SignBlobResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignBlobResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.SignBlobResponse.class,
+              com.google.cloud.iam.credentials.v1.SignBlobResponse.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.SignBlobResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      keyId_ = "";
+
+      signedBlob_ = com.google.protobuf.ByteString.EMPTY;
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignBlobResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignBlobResponse getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.SignBlobResponse.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignBlobResponse build() {
+      com.google.cloud.iam.credentials.v1.SignBlobResponse result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignBlobResponse buildPartial() {
+      com.google.cloud.iam.credentials.v1.SignBlobResponse result =
+          new com.google.cloud.iam.credentials.v1.SignBlobResponse(this);
+      result.keyId_ = keyId_;
+      result.signedBlob_ = signedBlob_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.SignBlobResponse) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.SignBlobResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.iam.credentials.v1.SignBlobResponse other) {
+      if (other == com.google.cloud.iam.credentials.v1.SignBlobResponse.getDefaultInstance())
+        return this;
+      if (!other.getKeyId().isEmpty()) {
+        keyId_ = other.keyId_;
+        onChanged();
+      }
+      if (other.getSignedBlob() != com.google.protobuf.ByteString.EMPTY) {
+        setSignedBlob(other.getSignedBlob());
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.SignBlobResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.SignBlobResponse) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object keyId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the blob.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public java.lang.String getKeyId() {
+      java.lang.Object ref = keyId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        keyId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the blob.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public com.google.protobuf.ByteString getKeyIdBytes() {
+      java.lang.Object ref = keyId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        keyId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the blob.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public Builder setKeyId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      keyId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the blob.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public Builder clearKeyId() {
+
+      keyId_ = getDefaultInstance().getKeyId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the blob.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public Builder setKeyIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      keyId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.ByteString signedBlob_ = com.google.protobuf.ByteString.EMPTY;
+    /**
+     *
+     *
+     * <pre>
+     * The signed blob.
+     * </pre>
+     *
+     * <code>bytes signed_blob = 4;</code>
+     */
+    public com.google.protobuf.ByteString getSignedBlob() {
+      return signedBlob_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The signed blob.
+     * </pre>
+     *
+     * <code>bytes signed_blob = 4;</code>
+     */
+    public Builder setSignedBlob(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      signedBlob_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The signed blob.
+     * </pre>
+     *
+     * <code>bytes signed_blob = 4;</code>
+     */
+    public Builder clearSignedBlob() {
+
+      signedBlob_ = getDefaultInstance().getSignedBlob();
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignBlobResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignBlobResponse)
+  private static final com.google.cloud.iam.credentials.v1.SignBlobResponse DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.SignBlobResponse();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignBlobResponse getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<SignBlobResponse> PARSER =
+      new com.google.protobuf.AbstractParser<SignBlobResponse>() {
+        @java.lang.Override
+        public SignBlobResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new SignBlobResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<SignBlobResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<SignBlobResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.SignBlobResponse getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobResponseOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobResponseOrBuilder.java
new file mode 100644
index 000000000000..e4d9b0663d4f
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignBlobResponseOrBuilder.java
@@ -0,0 +1,42 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface SignBlobResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.SignBlobResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the blob.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  java.lang.String getKeyId();
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the blob.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  com.google.protobuf.ByteString getKeyIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The signed blob.
+   * </pre>
+   *
+   * <code>bytes signed_blob = 4;</code>
+   */
+  com.google.protobuf.ByteString getSignedBlob();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtRequest.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtRequest.java
new file mode 100644
index 000000000000..da331a6e73d8
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtRequest.java
@@ -0,0 +1,1096 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.SignJwtRequest} */
+public final class SignJwtRequest extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.SignJwtRequest)
+    SignJwtRequestOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use SignJwtRequest.newBuilder() to construct.
+  private SignJwtRequest(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private SignJwtRequest() {
+    name_ = "";
+    delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+    payload_ = "";
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private SignJwtRequest(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              name_ = s;
+              break;
+            }
+          case 26:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+              if (!((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+                delegates_ = new com.google.protobuf.LazyStringArrayList();
+                mutable_bitField0_ |= 0x00000002;
+              }
+              delegates_.add(s);
+              break;
+            }
+          case 42:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              payload_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      if (((mutable_bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+      }
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignJwtRequest_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.SignJwtRequest.class,
+            com.google.cloud.iam.credentials.v1.SignJwtRequest.Builder.class);
+  }
+
+  private int bitField0_;
+  public static final int NAME_FIELD_NUMBER = 1;
+  private volatile java.lang.Object name_;
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public java.lang.String getName() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      name_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  public com.google.protobuf.ByteString getNameBytes() {
+    java.lang.Object ref = name_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      name_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int DELEGATES_FIELD_NUMBER = 3;
+  private com.google.protobuf.LazyStringList delegates_;
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public com.google.protobuf.ProtocolStringList getDelegatesList() {
+    return delegates_;
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public int getDelegatesCount() {
+    return delegates_.size();
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public java.lang.String getDelegates(int index) {
+    return delegates_.get(index);
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+    return delegates_.getByteString(index);
+  }
+
+  public static final int PAYLOAD_FIELD_NUMBER = 5;
+  private volatile java.lang.Object payload_;
+  /**
+   *
+   *
+   * <pre>
+   * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+   * </pre>
+   *
+   * <code>string payload = 5;</code>
+   */
+  public java.lang.String getPayload() {
+    java.lang.Object ref = payload_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      payload_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+   * </pre>
+   *
+   * <code>string payload = 5;</code>
+   */
+  public com.google.protobuf.ByteString getPayloadBytes() {
+    java.lang.Object ref = payload_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      payload_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getNameBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, name_);
+    }
+    for (int i = 0; i < delegates_.size(); i++) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 3, delegates_.getRaw(i));
+    }
+    if (!getPayloadBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 5, payload_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getNameBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, name_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < delegates_.size(); i++) {
+        dataSize += computeStringSizeNoTag(delegates_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getDelegatesList().size();
+    }
+    if (!getPayloadBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(5, payload_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.SignJwtRequest)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.SignJwtRequest other =
+        (com.google.cloud.iam.credentials.v1.SignJwtRequest) obj;
+
+    boolean result = true;
+    result = result && getName().equals(other.getName());
+    result = result && getDelegatesList().equals(other.getDelegatesList());
+    result = result && getPayload().equals(other.getPayload());
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + NAME_FIELD_NUMBER;
+    hash = (53 * hash) + getName().hashCode();
+    if (getDelegatesCount() > 0) {
+      hash = (37 * hash) + DELEGATES_FIELD_NUMBER;
+      hash = (53 * hash) + getDelegatesList().hashCode();
+    }
+    hash = (37 * hash) + PAYLOAD_FIELD_NUMBER;
+    hash = (53 * hash) + getPayload().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.iam.credentials.v1.SignJwtRequest prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.SignJwtRequest} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.SignJwtRequest)
+      com.google.cloud.iam.credentials.v1.SignJwtRequestOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignJwtRequest_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.SignJwtRequest.class,
+              com.google.cloud.iam.credentials.v1.SignJwtRequest.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.SignJwtRequest.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      name_ = "";
+
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      payload_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignJwtRequest_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignJwtRequest getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.SignJwtRequest.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignJwtRequest build() {
+      com.google.cloud.iam.credentials.v1.SignJwtRequest result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignJwtRequest buildPartial() {
+      com.google.cloud.iam.credentials.v1.SignJwtRequest result =
+          new com.google.cloud.iam.credentials.v1.SignJwtRequest(this);
+      int from_bitField0_ = bitField0_;
+      int to_bitField0_ = 0;
+      result.name_ = name_;
+      if (((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = delegates_.getUnmodifiableView();
+        bitField0_ = (bitField0_ & ~0x00000002);
+      }
+      result.delegates_ = delegates_;
+      result.payload_ = payload_;
+      result.bitField0_ = to_bitField0_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.SignJwtRequest) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.SignJwtRequest) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.iam.credentials.v1.SignJwtRequest other) {
+      if (other == com.google.cloud.iam.credentials.v1.SignJwtRequest.getDefaultInstance())
+        return this;
+      if (!other.getName().isEmpty()) {
+        name_ = other.name_;
+        onChanged();
+      }
+      if (!other.delegates_.isEmpty()) {
+        if (delegates_.isEmpty()) {
+          delegates_ = other.delegates_;
+          bitField0_ = (bitField0_ & ~0x00000002);
+        } else {
+          ensureDelegatesIsMutable();
+          delegates_.addAll(other.delegates_);
+        }
+        onChanged();
+      }
+      if (!other.getPayload().isEmpty()) {
+        payload_ = other.payload_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.SignJwtRequest parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.SignJwtRequest) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private int bitField0_;
+
+    private java.lang.Object name_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public java.lang.String getName() {
+      java.lang.Object ref = name_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        name_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public com.google.protobuf.ByteString getNameBytes() {
+      java.lang.Object ref = name_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        name_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setName(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder clearName() {
+
+      name_ = getDefaultInstance().getName();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The resource name of the service account for which the credentials
+     * are requested, in the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+     * </pre>
+     *
+     * <code>string name = 1;</code>
+     */
+    public Builder setNameBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      name_ = value;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringList delegates_ =
+        com.google.protobuf.LazyStringArrayList.EMPTY;
+
+    private void ensureDelegatesIsMutable() {
+      if (!((bitField0_ & 0x00000002) == 0x00000002)) {
+        delegates_ = new com.google.protobuf.LazyStringArrayList(delegates_);
+        bitField0_ |= 0x00000002;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public com.google.protobuf.ProtocolStringList getDelegatesList() {
+      return delegates_.getUnmodifiableView();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public int getDelegatesCount() {
+      return delegates_.size();
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public java.lang.String getDelegates(int index) {
+      return delegates_.get(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public com.google.protobuf.ByteString getDelegatesBytes(int index) {
+      return delegates_.getByteString(index);
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder setDelegates(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.set(index, value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder addDelegates(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder addAllDelegates(java.lang.Iterable<java.lang.String> values) {
+      ensureDelegatesIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, delegates_);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder clearDelegates() {
+      delegates_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+      bitField0_ = (bitField0_ & ~0x00000002);
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The sequence of service accounts in a delegation chain. Each service
+     * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on its next service account in the chain. The last service account in the
+     * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+     * on the service account that is specified in the `name` field of the
+     * request.
+     * The delegates must have the following format:
+     * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+     * </pre>
+     *
+     * <code>repeated string delegates = 3;</code>
+     */
+    public Builder addDelegatesBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+      ensureDelegatesIsMutable();
+      delegates_.add(value);
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object payload_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+     * </pre>
+     *
+     * <code>string payload = 5;</code>
+     */
+    public java.lang.String getPayload() {
+      java.lang.Object ref = payload_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        payload_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+     * </pre>
+     *
+     * <code>string payload = 5;</code>
+     */
+    public com.google.protobuf.ByteString getPayloadBytes() {
+      java.lang.Object ref = payload_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        payload_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+     * </pre>
+     *
+     * <code>string payload = 5;</code>
+     */
+    public Builder setPayload(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      payload_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+     * </pre>
+     *
+     * <code>string payload = 5;</code>
+     */
+    public Builder clearPayload() {
+
+      payload_ = getDefaultInstance().getPayload();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+     * </pre>
+     *
+     * <code>string payload = 5;</code>
+     */
+    public Builder setPayloadBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      payload_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignJwtRequest)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignJwtRequest)
+  private static final com.google.cloud.iam.credentials.v1.SignJwtRequest DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.SignJwtRequest();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtRequest getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<SignJwtRequest> PARSER =
+      new com.google.protobuf.AbstractParser<SignJwtRequest>() {
+        @java.lang.Override
+        public SignJwtRequest parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new SignJwtRequest(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<SignJwtRequest> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<SignJwtRequest> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.SignJwtRequest getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtRequestOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtRequestOrBuilder.java
new file mode 100644
index 000000000000..c04df36fe87f
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtRequestOrBuilder.java
@@ -0,0 +1,125 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface SignJwtRequestOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.SignJwtRequest)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  java.lang.String getName();
+  /**
+   *
+   *
+   * <pre>
+   * The resource name of the service account for which the credentials
+   * are requested, in the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * </pre>
+   *
+   * <code>string name = 1;</code>
+   */
+  com.google.protobuf.ByteString getNameBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  java.util.List<java.lang.String> getDelegatesList();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  int getDelegatesCount();
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  java.lang.String getDelegates(int index);
+  /**
+   *
+   *
+   * <pre>
+   * The sequence of service accounts in a delegation chain. Each service
+   * account must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on its next service account in the chain. The last service account in the
+   * chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+   * on the service account that is specified in the `name` field of the
+   * request.
+   * The delegates must have the following format:
+   * `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * </pre>
+   *
+   * <code>repeated string delegates = 3;</code>
+   */
+  com.google.protobuf.ByteString getDelegatesBytes(int index);
+
+  /**
+   *
+   *
+   * <pre>
+   * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+   * </pre>
+   *
+   * <code>string payload = 5;</code>
+   */
+  java.lang.String getPayload();
+  /**
+   *
+   *
+   * <pre>
+   * The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+   * </pre>
+   *
+   * <code>string payload = 5;</code>
+   */
+  com.google.protobuf.ByteString getPayloadBytes();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtResponse.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtResponse.java
new file mode 100644
index 000000000000..d718f98ec54c
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtResponse.java
@@ -0,0 +1,744 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+/** Protobuf type {@code google.iam.credentials.v1.SignJwtResponse} */
+public final class SignJwtResponse extends com.google.protobuf.GeneratedMessageV3
+    implements
+    // @@protoc_insertion_point(message_implements:google.iam.credentials.v1.SignJwtResponse)
+    SignJwtResponseOrBuilder {
+  private static final long serialVersionUID = 0L;
+  // Use SignJwtResponse.newBuilder() to construct.
+  private SignJwtResponse(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
+    super(builder);
+  }
+
+  private SignJwtResponse() {
+    keyId_ = "";
+    signedJwt_ = "";
+  }
+
+  @java.lang.Override
+  public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
+    return this.unknownFields;
+  }
+
+  private SignJwtResponse(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    this();
+    if (extensionRegistry == null) {
+      throw new java.lang.NullPointerException();
+    }
+    int mutable_bitField0_ = 0;
+    com.google.protobuf.UnknownFieldSet.Builder unknownFields =
+        com.google.protobuf.UnknownFieldSet.newBuilder();
+    try {
+      boolean done = false;
+      while (!done) {
+        int tag = input.readTag();
+        switch (tag) {
+          case 0:
+            done = true;
+            break;
+          case 10:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              keyId_ = s;
+              break;
+            }
+          case 18:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              signedJwt_ = s;
+              break;
+            }
+          default:
+            {
+              if (!parseUnknownFieldProto3(input, unknownFields, extensionRegistry, tag)) {
+                done = true;
+              }
+              break;
+            }
+        }
+      }
+    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+      throw e.setUnfinishedMessage(this);
+    } catch (java.io.IOException e) {
+      throw new com.google.protobuf.InvalidProtocolBufferException(e).setUnfinishedMessage(this);
+    } finally {
+      this.unknownFields = unknownFields.build();
+      makeExtensionsImmutable();
+    }
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+        .internal_static_google_iam_credentials_v1_SignJwtResponse_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.cloud.iam.credentials.v1.SignJwtResponse.class,
+            com.google.cloud.iam.credentials.v1.SignJwtResponse.Builder.class);
+  }
+
+  public static final int KEY_ID_FIELD_NUMBER = 1;
+  private volatile java.lang.Object keyId_;
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the JWT.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  public java.lang.String getKeyId() {
+    java.lang.Object ref = keyId_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      keyId_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the JWT.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  public com.google.protobuf.ByteString getKeyIdBytes() {
+    java.lang.Object ref = keyId_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      keyId_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int SIGNED_JWT_FIELD_NUMBER = 2;
+  private volatile java.lang.Object signedJwt_;
+  /**
+   *
+   *
+   * <pre>
+   * The signed JWT.
+   * </pre>
+   *
+   * <code>string signed_jwt = 2;</code>
+   */
+  public java.lang.String getSignedJwt() {
+    java.lang.Object ref = signedJwt_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      signedJwt_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * The signed JWT.
+   * </pre>
+   *
+   * <code>string signed_jwt = 2;</code>
+   */
+  public com.google.protobuf.ByteString getSignedJwtBytes() {
+    java.lang.Object ref = signedJwt_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      signedJwt_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  private byte memoizedIsInitialized = -1;
+
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
+    if (!getKeyIdBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 1, keyId_);
+    }
+    if (!getSignedJwtBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 2, signedJwt_);
+    }
+    unknownFields.writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!getKeyIdBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, keyId_);
+    }
+    if (!getSignedJwtBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(2, signedJwt_);
+    }
+    size += unknownFields.getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+      return true;
+    }
+    if (!(obj instanceof com.google.cloud.iam.credentials.v1.SignJwtResponse)) {
+      return super.equals(obj);
+    }
+    com.google.cloud.iam.credentials.v1.SignJwtResponse other =
+        (com.google.cloud.iam.credentials.v1.SignJwtResponse) obj;
+
+    boolean result = true;
+    result = result && getKeyId().equals(other.getKeyId());
+    result = result && getSignedJwt().equals(other.getSignedJwt());
+    result = result && unknownFields.equals(other.unknownFields);
+    return result;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + KEY_ID_FIELD_NUMBER;
+    hash = (53 * hash) + getKeyId().hashCode();
+    hash = (37 * hash) + SIGNED_JWT_FIELD_NUMBER;
+    hash = (53 * hash) + getSignedJwt().hashCode();
+    hash = (29 * hash) + unknownFields.hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      java.nio.ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseDelimitedFrom(
+      java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseDelimitedFrom(
+      java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
+        PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+
+  public static Builder newBuilder(com.google.cloud.iam.credentials.v1.SignJwtResponse prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /** Protobuf type {@code google.iam.credentials.v1.SignJwtResponse} */
+  public static final class Builder extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
+      implements
+      // @@protoc_insertion_point(builder_implements:google.iam.credentials.v1.SignJwtResponse)
+      com.google.cloud.iam.credentials.v1.SignJwtResponseOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignJwtResponse_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.cloud.iam.credentials.v1.SignJwtResponse.class,
+              com.google.cloud.iam.credentials.v1.SignJwtResponse.Builder.class);
+    }
+
+    // Construct using com.google.cloud.iam.credentials.v1.SignJwtResponse.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {}
+    }
+
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      keyId_ = "";
+
+      signedJwt_ = "";
+
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.cloud.iam.credentials.v1.IAMCredentialsCommonProto
+          .internal_static_google_iam_credentials_v1_SignJwtResponse_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignJwtResponse getDefaultInstanceForType() {
+      return com.google.cloud.iam.credentials.v1.SignJwtResponse.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignJwtResponse build() {
+      com.google.cloud.iam.credentials.v1.SignJwtResponse result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.cloud.iam.credentials.v1.SignJwtResponse buildPartial() {
+      com.google.cloud.iam.credentials.v1.SignJwtResponse result =
+          new com.google.cloud.iam.credentials.v1.SignJwtResponse(this);
+      result.keyId_ = keyId_;
+      result.signedJwt_ = signedJwt_;
+      onBuilt();
+      return result;
+    }
+
+    @java.lang.Override
+    public Builder clone() {
+      return (Builder) super.clone();
+    }
+
+    @java.lang.Override
+    public Builder setField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.setField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
+      return (Builder) super.clearField(field);
+    }
+
+    @java.lang.Override
+    public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
+      return (Builder) super.clearOneof(oneof);
+    }
+
+    @java.lang.Override
+    public Builder setRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, int index, java.lang.Object value) {
+      return (Builder) super.setRepeatedField(field, index, value);
+    }
+
+    @java.lang.Override
+    public Builder addRepeatedField(
+        com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
+      return (Builder) super.addRepeatedField(field, value);
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.cloud.iam.credentials.v1.SignJwtResponse) {
+        return mergeFrom((com.google.cloud.iam.credentials.v1.SignJwtResponse) other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.cloud.iam.credentials.v1.SignJwtResponse other) {
+      if (other == com.google.cloud.iam.credentials.v1.SignJwtResponse.getDefaultInstance())
+        return this;
+      if (!other.getKeyId().isEmpty()) {
+        keyId_ = other.keyId_;
+        onChanged();
+      }
+      if (!other.getSignedJwt().isEmpty()) {
+        signedJwt_ = other.signedJwt_;
+        onChanged();
+      }
+      this.mergeUnknownFields(other.unknownFields);
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      com.google.cloud.iam.credentials.v1.SignJwtResponse parsedMessage = null;
+      try {
+        parsedMessage = PARSER.parsePartialFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        parsedMessage =
+            (com.google.cloud.iam.credentials.v1.SignJwtResponse) e.getUnfinishedMessage();
+        throw e.unwrapIOException();
+      } finally {
+        if (parsedMessage != null) {
+          mergeFrom(parsedMessage);
+        }
+      }
+      return this;
+    }
+
+    private java.lang.Object keyId_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the JWT.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public java.lang.String getKeyId() {
+      java.lang.Object ref = keyId_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        keyId_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the JWT.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public com.google.protobuf.ByteString getKeyIdBytes() {
+      java.lang.Object ref = keyId_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        keyId_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the JWT.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public Builder setKeyId(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      keyId_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the JWT.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public Builder clearKeyId() {
+
+      keyId_ = getDefaultInstance().getKeyId();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The ID of the key used to sign the JWT.
+     * </pre>
+     *
+     * <code>string key_id = 1;</code>
+     */
+    public Builder setKeyIdBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      keyId_ = value;
+      onChanged();
+      return this;
+    }
+
+    private java.lang.Object signedJwt_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * The signed JWT.
+     * </pre>
+     *
+     * <code>string signed_jwt = 2;</code>
+     */
+    public java.lang.String getSignedJwt() {
+      java.lang.Object ref = signedJwt_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        signedJwt_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The signed JWT.
+     * </pre>
+     *
+     * <code>string signed_jwt = 2;</code>
+     */
+    public com.google.protobuf.ByteString getSignedJwtBytes() {
+      java.lang.Object ref = signedJwt_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        signedJwt_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The signed JWT.
+     * </pre>
+     *
+     * <code>string signed_jwt = 2;</code>
+     */
+    public Builder setSignedJwt(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      signedJwt_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The signed JWT.
+     * </pre>
+     *
+     * <code>string signed_jwt = 2;</code>
+     */
+    public Builder clearSignedJwt() {
+
+      signedJwt_ = getDefaultInstance().getSignedJwt();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * The signed JWT.
+     * </pre>
+     *
+     * <code>string signed_jwt = 2;</code>
+     */
+    public Builder setSignedJwtBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      signedJwt_ = value;
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.setUnknownFieldsProto3(unknownFields);
+    }
+
+    @java.lang.Override
+    public final Builder mergeUnknownFields(
+        final com.google.protobuf.UnknownFieldSet unknownFields) {
+      return super.mergeUnknownFields(unknownFields);
+    }
+
+    // @@protoc_insertion_point(builder_scope:google.iam.credentials.v1.SignJwtResponse)
+  }
+
+  // @@protoc_insertion_point(class_scope:google.iam.credentials.v1.SignJwtResponse)
+  private static final com.google.cloud.iam.credentials.v1.SignJwtResponse DEFAULT_INSTANCE;
+
+  static {
+    DEFAULT_INSTANCE = new com.google.cloud.iam.credentials.v1.SignJwtResponse();
+  }
+
+  public static com.google.cloud.iam.credentials.v1.SignJwtResponse getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<SignJwtResponse> PARSER =
+      new com.google.protobuf.AbstractParser<SignJwtResponse>() {
+        @java.lang.Override
+        public SignJwtResponse parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          return new SignJwtResponse(input, extensionRegistry);
+        }
+      };
+
+  public static com.google.protobuf.Parser<SignJwtResponse> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<SignJwtResponse> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.cloud.iam.credentials.v1.SignJwtResponse getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtResponseOrBuilder.java b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtResponseOrBuilder.java
new file mode 100644
index 000000000000..b888adf5f2e3
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/java/com/google/cloud/iam/credentials/v1/SignJwtResponseOrBuilder.java
@@ -0,0 +1,52 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// source: google/iam/credentials/v1/common.proto
+
+package com.google.cloud.iam.credentials.v1;
+
+public interface SignJwtResponseOrBuilder
+    extends
+    // @@protoc_insertion_point(interface_extends:google.iam.credentials.v1.SignJwtResponse)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the JWT.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  java.lang.String getKeyId();
+  /**
+   *
+   *
+   * <pre>
+   * The ID of the key used to sign the JWT.
+   * </pre>
+   *
+   * <code>string key_id = 1;</code>
+   */
+  com.google.protobuf.ByteString getKeyIdBytes();
+
+  /**
+   *
+   *
+   * <pre>
+   * The signed JWT.
+   * </pre>
+   *
+   * <code>string signed_jwt = 2;</code>
+   */
+  java.lang.String getSignedJwt();
+  /**
+   *
+   *
+   * <pre>
+   * The signed JWT.
+   * </pre>
+   *
+   * <code>string signed_jwt = 2;</code>
+   */
+  com.google.protobuf.ByteString getSignedJwtBytes();
+}
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/common.proto b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/common.proto
new file mode 100644
index 000000000000..4fb12530ce00
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/common.proto
@@ -0,0 +1,156 @@
+// Copyright 2018 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.credentials.v1;
+
+import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
+option java_multiple_files = true;
+option java_outer_classname = "IAMCredentialsCommonProto";
+option java_package = "com.google.cloud.iam.credentials.v1";
+
+
+message GenerateAccessTokenRequest {
+  // The resource name of the service account for which the credentials
+  // are requested, in the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+  string name = 1;
+
+  // The sequence of service accounts in a delegation chain. Each service
+  // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on its next service account in the chain. The last service account in the
+  // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on the service account that is specified in the `name` field of the
+  // request.
+  //
+  // The delegates must have the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+  repeated string delegates = 2;
+
+  // Code to identify the scopes to be included in the OAuth 2.0 access token.
+  // See https://developers.google.com/identity/protocols/googlescopes for more
+  // information.
+  // At least one value required.
+  repeated string scope = 4;
+
+  // The desired lifetime duration of the access token in seconds.
+  // Must be set to a value less than or equal to 3600 (1 hour). If a value is
+  // not specified, the token's lifetime will be set to a default value of one
+  // hour.
+  google.protobuf.Duration lifetime = 7;
+}
+
+message GenerateAccessTokenResponse {
+  // The OAuth 2.0 access token.
+  string access_token = 1;
+
+  // Token expiration time.
+  // The expiration time is always set.
+  google.protobuf.Timestamp expire_time = 3;
+}
+
+message SignBlobRequest {
+  // The resource name of the service account for which the credentials
+  // are requested, in the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+  string name = 1;
+
+  // The sequence of service accounts in a delegation chain. Each service
+  // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on its next service account in the chain. The last service account in the
+  // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on the service account that is specified in the `name` field of the
+  // request.
+  //
+  // The delegates must have the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+  repeated string delegates = 3;
+
+  // The bytes to sign.
+  bytes payload = 5;
+}
+
+message SignBlobResponse {
+  // The ID of the key used to sign the blob.
+  string key_id = 1;
+
+  // The signed blob.
+  bytes signed_blob = 4;
+}
+
+message SignJwtRequest {
+  // The resource name of the service account for which the credentials
+  // are requested, in the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+  string name = 1;
+
+  // The sequence of service accounts in a delegation chain. Each service
+  // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on its next service account in the chain. The last service account in the
+  // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on the service account that is specified in the `name` field of the
+  // request.
+  //
+  // The delegates must have the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+  repeated string delegates = 3;
+
+  // The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+  string payload = 5;
+}
+
+message SignJwtResponse {
+  // The ID of the key used to sign the JWT.
+  string key_id = 1;
+
+  // The signed JWT.
+  string signed_jwt = 2;
+}
+
+message GenerateIdTokenRequest {
+  // The resource name of the service account for which the credentials
+  // are requested, in the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+  string name = 1;
+
+  // The sequence of service accounts in a delegation chain. Each service
+  // account must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on its next service account in the chain. The last service account in the
+  // chain must be granted the `roles/iam.serviceAccountTokenCreator` role
+  // on the service account that is specified in the `name` field of the
+  // request.
+  //
+  // The delegates must have the following format:
+  // `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+  repeated string delegates = 2;
+
+  // The audience for the token, such as the API or account that this token
+  // grants access to.
+  string audience = 3;
+
+  // Include the service account email in the token. If set to `true`, the
+  // token will contain `email` and `email_verified` claims.
+  bool include_email = 4;
+}
+
+message GenerateIdTokenResponse {
+  // The OpenId Connect ID token.
+  string token = 1;
+}
+
diff --git a/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/iamcredentials.proto b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/iamcredentials.proto
new file mode 100644
index 000000000000..9ab1c3240c19
--- /dev/null
+++ b/google-api-grpc/proto-google-cloud-iamcredentials-v1/src/main/proto/google/iam/credentials/v1/iamcredentials.proto
@@ -0,0 +1,70 @@
+// Copyright 2018 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.iam.credentials.v1;
+
+import "google/api/annotations.proto";
+import "google/iam/credentials/v1/common.proto";
+
+option cc_enable_arenas = true;
+option go_package = "google.golang.org/genproto/googleapis/iam/credentials/v1;credentials";
+option java_multiple_files = true;
+option java_outer_classname = "IAMCredentialsProto";
+option java_package = "com.google.cloud.iam.credentials.v1";
+
+
+// A service account is a special type of Google account that belongs to your
+// application or a virtual machine (VM), instead of to an individual end user.
+// Your application assumes the identity of the service account to call Google
+// APIs, so that the users aren't directly involved.
+//
+// Service account credentials are used to temporarily assume the identity
+// of the service account. Supported credential types include OAuth 2.0 access
+// tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and
+// more.
+service IAMCredentials {
+  // Generates an OAuth 2.0 access token for a service account.
+  rpc GenerateAccessToken(GenerateAccessTokenRequest) returns (GenerateAccessTokenResponse) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/serviceAccounts/*}:generateAccessToken"
+      body: "*"
+    };
+  }
+
+  // Generates an OpenID Connect ID token for a service account.
+  rpc GenerateIdToken(GenerateIdTokenRequest) returns (GenerateIdTokenResponse) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/serviceAccounts/*}:generateIdToken"
+      body: "*"
+    };
+  }
+
+  // Signs a blob using a service account's system-managed private key.
+  rpc SignBlob(SignBlobRequest) returns (SignBlobResponse) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/serviceAccounts/*}:signBlob"
+      body: "*"
+    };
+  }
+
+  // Signs a JWT using a service account's system-managed private key.
+  rpc SignJwt(SignJwtRequest) returns (SignJwtResponse) {
+    option (google.api.http) = {
+      post: "/v1/{name=projects/*/serviceAccounts/*}:signJwt"
+      body: "*"
+    };
+  }
+}
diff --git a/google-cloud-bom/pom.xml b/google-cloud-bom/pom.xml
index c79e1c4a0097..f22f8ae2ab1d 100644
--- a/google-cloud-bom/pom.xml
+++ b/google-cloud-bom/pom.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0"?>
+<?xml version='1.0' encoding='UTF-8'?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.google.cloud</groupId>
@@ -890,6 +890,21 @@
         <artifactId>grpc-google-cloud-websecurityscanner-v1alpha</artifactId>
         <version>0.38.1-SNAPSHOT</version><!-- {x-version-update:grpc-google-cloud-websecurityscanner-v1alpha:current} -->
       </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>proto-google-cloud-iamcredentials-v1</artifactId>
+        <version>0.0.1-alpha-SNAPSHOT</version><!--{x-version-update:proto-google-cloud-iamcredentials-v1:current}-->
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-iamcredentials-v1</artifactId>
+        <version>0.0.1-alpha-SNAPSHOT</version><!--{x-version-update:grpc-google-cloud-iamcredentials-v1:current}-->
+      </dependency>
+      <dependency>
+        <groupId>com.google.cloud</groupId>
+        <artifactId>google-cloud-iamcredentials</artifactId>
+        <version>0.0.1-alpha-SNAPSHOT</version><!--{x-version-update:google-cloud-iamcredentials:current}-->
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
diff --git a/google-cloud-clients/google-cloud-iamcredentials/README.md b/google-cloud-clients/google-cloud-iamcredentials/README.md
new file mode 100644
index 000000000000..41d7f7a63956
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/README.md
@@ -0,0 +1,100 @@
+Google Cloud Java Client for IAM Service Account Credentials API
+===================================================
+
+Java idiomatic client for [IAM Service Account Credentials API][product-overview].
+
+[![Kokoro CI](http://storage.googleapis.com/cloud-devrel-public/java/badges/google-cloud-java/master.svg)](http://storage.googleapis.com/cloud-devrel-public/java/badges/google-cloud-java/master.html)
+[![Maven](https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-iamcredentials.svg)](https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-iamcredentials.svg)
+[![Codacy Badge](https://api.codacy.com/project/badge/grade/9da006ad7c3a4fe1abd142e77c003917)](https://www.codacy.com/app/mziccard/google-cloud-java)
+
+- [Product Documentation][product-docs]
+- [Client Library Documentation][lib-docs]
+
+> Note: This client is a work-in-progress, and may occasionally
+> make backwards-incompatible changes.
+
+Quickstart
+----------
+
+[//]: # ({x-version-update-start:google-cloud-iamcredentials:released})
+If you are using Maven, add this to your pom.xml file
+```xml
+<dependency>
+  <groupId>com.google.cloud</groupId>
+  <artifactId>google-cloud-iamcredentials</artifactId>
+  <version>0.71.0-beta</version>
+</dependency>
+```
+If you are using Gradle, add this to your dependencies
+```Groovy
+compile 'com.google.cloud:google-cloud-iamcredentials:0.71.0-beta'
+```
+If you are using SBT, add this to your dependencies
+```Scala
+libraryDependencies += "com.google.cloud" % "google-cloud-iamcredentials" % "0.71.0-beta"
+```
+[//]: # ({x-version-update-end})
+
+Authentication
+--------------
+
+See the [Authentication](https://github.com/GoogleCloudPlatform/google-cloud-java#authentication) section in the base directory's README.
+
+About IAM Service Account Credentials API
+----------------------------
+
+Creates short-lived, limited-privilege credentials for IAM service accounts.
+
+See the [IAM Service Account Credentials API client library docs][lib-docs] to learn how to use this IAM Service Account Credentials Client Library.
+
+Getting Started
+---------------
+#### Prerequisites
+You will need a [Google Developers Console](https://console.developers.google.com/) project with the IAM Service Account Credentials API enabled. [Follow these instructions](https://cloud.google.com/resource-manager/docs/creating-managing-projects) to get your project set up. You will also need to set up the local development environment by [installing the Google Cloud SDK](https://cloud.google.com/sdk/) and running the following commands in command line: `gcloud auth login` and `gcloud config set project [YOUR PROJECT ID]`.
+
+#### Installation and setup
+You'll need to obtain the `google-cloud-iamcredentials` library.  See the [Quickstart](#quickstart) section to add `google-cloud-iamcredentials` as a dependency in your code.
+
+Troubleshooting
+---------------
+
+To get help, follow the instructions in the [shared Troubleshooting document](https://github.com/googleapis/google-cloud-common/blob/master/troubleshooting/readme.md#troubleshooting).
+
+Transport
+---------
+IAM Service Account Credentials Client uses gRPC for the transport layer.
+
+Java Versions
+-------------
+
+Java 7 or above is required for using this client.
+
+Versioning
+----------
+
+This library follows [Semantic Versioning](http://semver.org/).
+
+It is currently in major version zero (``0.y.z``), which means that anything may change at any time and the public API should not be considered stable.
+
+Contributing
+------------
+
+Contributions to this library are always welcome and highly encouraged.
+
+See `google-cloud`'s [CONTRIBUTING] documentation and the [shared documentation](https://github.com/googleapis/google-cloud-common/blob/master/contributing/readme.md#how-to-contribute-to-gcloud) for more information on how to get started.
+
+Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. See [Code of Conduct][code-of-conduct] for more information.
+
+License
+-------
+
+Apache 2.0 - See [LICENSE] for more information.
+
+
+[CONTRIBUTING]:https://github.com/GoogleCloudPlatform/google-cloud-java/blob/master/CONTRIBUTING.md
+[code-of-conduct]:https://github.com/GoogleCloudPlatform/google-cloud-java/blob/master/CODE_OF_CONDUCT.md#contributor-code-of-conduct
+[LICENSE]: https://github.com/GoogleCloudPlatform/google-cloud-java/blob/master/LICENSE
+[cloud-platform]: https://cloud.google.com/
+[product-overview]: https://cloud.google.com/iam/credentials/reference/rest/
+[product-docs]: https://cloud.google.com/iam/credentials/reference/rest/
+[lib-docs]: https://googleapis.github.io/google-cloud-java/google-cloud-clients/apidocs/index.html?com/google/cloud/iamcredentials/v1/package-summary.html
diff --git a/google-cloud-clients/google-cloud-iamcredentials/pom.xml b/google-cloud-clients/google-cloud-iamcredentials/pom.xml
new file mode 100644
index 000000000000..154330cb2870
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/pom.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>google-cloud-iamcredentials</artifactId>
+  <version>0.0.1-alpha-SNAPSHOT</version><!-- {x-version-update:google-cloud-iamcredentials:current} -->
+  <packaging>jar</packaging>
+  <name>FIXME</name>
+  <url>https://github.com/googleapis/google-cloud-java/tree/master/google-cloud-clients/google-cloud-iamcredentials</url>
+  <description>
+    FIXME
+  </description>
+  <parent>
+    <groupId>com.google.cloud</groupId>
+    <artifactId>google-cloud-clients</artifactId>
+    <version>0.73.1-alpha-SNAPSHOT</version><!-- {x-version-update:google-cloud-clients:current} -->
+  </parent>
+  <properties>
+    <site.installationModule>google-cloud-iamcredentials</site.installationModule>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>google-cloud-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>google-cloud-core-grpc</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>proto-google-cloud-iamcredentials-v1</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>grpc-google-cloud-iamcredentials-v1</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-netty-shaded</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-stub</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.grpc</groupId>
+      <artifactId>grpc-auth</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>google-cloud-core</artifactId>
+      <type>test-jar</type>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.easymock</groupId>
+      <artifactId>easymock</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.objenesis</groupId>
+      <artifactId>objenesis</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.truth</groupId>
+      <artifactId>truth</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api.grpc</groupId>
+      <artifactId>grpc-google-iam-v1</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.google.api</groupId>
+      <artifactId>gax-grpc</artifactId>
+      <classifier>testlib</classifier>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsClient.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsClient.java
new file mode 100644
index 000000000000..9886cba6df55
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsClient.java
@@ -0,0 +1,582 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.api.pathtemplate.PathTemplate;
+import com.google.cloud.iam.credentials.v1.stub.IamCredentialsStub;
+import com.google.cloud.iam.credentials.v1.stub.IamCredentialsStubSettings;
+import com.google.protobuf.ByteString;
+import com.google.protobuf.Duration;
+import java.io.IOException;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND SERVICE
+/**
+ * Service Description: A service account is a special type of Google account that belongs to your
+ * application or a virtual machine (VM), instead of to an individual end user. Your application
+ * assumes the identity of the service account to call Google APIs, so that the users aren't
+ * directly involved.
+ *
+ * <p>Service account credentials are used to temporarily assume the identity of the service
+ * account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens,
+ * self-signed JSON Web Tokens (JWTs), and more.
+ *
+ * <p>This class provides the ability to make remote calls to the backing service through method
+ * calls that map to API methods. Sample code to get started:
+ *
+ * <pre>
+ * <code>
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ *   List&lt;String&gt; delegates = new ArrayList&lt;&gt;();
+ *   List&lt;String&gt; scope = new ArrayList&lt;&gt;();
+ *   Duration lifetime = Duration.newBuilder().build();
+ *   GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(formattedName, delegates, scope, lifetime);
+ * }
+ * </code>
+ * </pre>
+ *
+ * <p>Note: close() needs to be called on the iamCredentialsClient object to clean up resources such
+ * as threads. In the example above, try-with-resources is used, which automatically calls close().
+ *
+ * <p>The surface of this class includes several types of Java methods for each of the API's
+ * methods:
+ *
+ * <ol>
+ *   <li>A "flattened" method. With this type of method, the fields of the request type have been
+ *       converted into function parameters. It may be the case that not all fields are available as
+ *       parameters, and not every API method will have a flattened method entry point.
+ *   <li>A "request object" method. This type of method only takes one parameter, a request object,
+ *       which must be constructed before the call. Not every API method will have a request object
+ *       method.
+ *   <li>A "callable" method. This type of method takes no parameters and returns an immutable API
+ *       callable object, which can be used to initiate calls to the service.
+ * </ol>
+ *
+ * <p>See the individual methods for example code.
+ *
+ * <p>Many parameters require resource names to be formatted in a particular way. To assist with
+ * these names, this class includes a format method for each type of name, and additionally a parse
+ * method to extract the individual identifiers contained within names that are returned.
+ *
+ * <p>This class can be customized by passing in a custom instance of IamCredentialsSettings to
+ * create(). For example:
+ *
+ * <p>To customize credentials:
+ *
+ * <pre>
+ * <code>
+ * IamCredentialsSettings iamCredentialsSettings =
+ *     IamCredentialsSettings.newBuilder()
+ *         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
+ *         .build();
+ * IamCredentialsClient iamCredentialsClient =
+ *     IamCredentialsClient.create(iamCredentialsSettings);
+ * </code>
+ * </pre>
+ *
+ * To customize the endpoint:
+ *
+ * <pre>
+ * <code>
+ * IamCredentialsSettings iamCredentialsSettings =
+ *     IamCredentialsSettings.newBuilder().setEndpoint(myEndpoint).build();
+ * IamCredentialsClient iamCredentialsClient =
+ *     IamCredentialsClient.create(iamCredentialsSettings);
+ * </code>
+ * </pre>
+ */
+@Generated("by gapic-generator")
+@BetaApi
+public class IamCredentialsClient implements BackgroundResource {
+  private final IamCredentialsSettings settings;
+  private final IamCredentialsStub stub;
+
+  private static final PathTemplate SERVICE_ACCOUNT_PATH_TEMPLATE =
+      PathTemplate.createWithoutUrlEncoding("projects/{project}/serviceAccounts/{service_account}");
+
+  /**
+   * Formats a string containing the fully-qualified path to represent a service_account resource.
+   */
+  public static final String formatServiceAccountName(String project, String serviceAccount) {
+    return SERVICE_ACCOUNT_PATH_TEMPLATE.instantiate(
+        "project", project,
+        "service_account", serviceAccount);
+  }
+
+  /**
+   * Parses the project from the given fully-qualified path which represents a service_account
+   * resource.
+   */
+  public static final String parseProjectFromServiceAccountName(String serviceAccountName) {
+    return SERVICE_ACCOUNT_PATH_TEMPLATE.parse(serviceAccountName).get("project");
+  }
+
+  /**
+   * Parses the service_account from the given fully-qualified path which represents a
+   * service_account resource.
+   */
+  public static final String parseServiceAccountFromServiceAccountName(String serviceAccountName) {
+    return SERVICE_ACCOUNT_PATH_TEMPLATE.parse(serviceAccountName).get("service_account");
+  }
+
+  /** Constructs an instance of IamCredentialsClient with default settings. */
+  public static final IamCredentialsClient create() throws IOException {
+    return create(IamCredentialsSettings.newBuilder().build());
+  }
+
+  /**
+   * Constructs an instance of IamCredentialsClient, using the given settings. The channels are
+   * created based on the settings passed in, or defaults for any settings that are not set.
+   */
+  public static final IamCredentialsClient create(IamCredentialsSettings settings)
+      throws IOException {
+    return new IamCredentialsClient(settings);
+  }
+
+  /**
+   * Constructs an instance of IamCredentialsClient, using the given stub for making calls. This is
+   * for advanced usage - prefer to use IamCredentialsSettings}.
+   */
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public static final IamCredentialsClient create(IamCredentialsStub stub) {
+    return new IamCredentialsClient(stub);
+  }
+
+  /**
+   * Constructs an instance of IamCredentialsClient, using the given settings. This is protected so
+   * that it is easy to make a subclass, but otherwise, the static factory methods should be
+   * preferred.
+   */
+  protected IamCredentialsClient(IamCredentialsSettings settings) throws IOException {
+    this.settings = settings;
+    this.stub = ((IamCredentialsStubSettings) settings.getStubSettings()).createStub();
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  protected IamCredentialsClient(IamCredentialsStub stub) {
+    this.settings = null;
+    this.stub = stub;
+  }
+
+  public final IamCredentialsSettings getSettings() {
+    return settings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public IamCredentialsStub getStub() {
+    return stub;
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Generates an OAuth 2.0 access token for a service account.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   List&lt;String&gt; delegates = new ArrayList&lt;&gt;();
+   *   List&lt;String&gt; scope = new ArrayList&lt;&gt;();
+   *   Duration lifetime = Duration.newBuilder().build();
+   *   GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(formattedName, delegates, scope, lifetime);
+   * }
+   * </code></pre>
+   *
+   * @param name The resource name of the service account for which the credentials are requested,
+   *     in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * @param delegates The sequence of service accounts in a delegation chain. Each service account
+   *     must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account
+   *     in the chain. The last service account in the chain must be granted the
+   *     `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the
+   *     `name` field of the request.
+   *     <p>The delegates must have the following format:
+   *     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * @param scope Code to identify the scopes to be included in the OAuth 2.0 access token. See
+   *     https://developers.google.com/identity/protocols/googlescopes for more information. At
+   *     least one value required.
+   * @param lifetime The desired lifetime duration of the access token in seconds. Must be set to a
+   *     value less than or equal to 3600 (1 hour). If a value is not specified, the token's
+   *     lifetime will be set to a default value of one hour.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final GenerateAccessTokenResponse generateAccessToken(
+      String name, List<String> delegates, List<String> scope, Duration lifetime) {
+    SERVICE_ACCOUNT_PATH_TEMPLATE.validate(name, "generateAccessToken");
+    GenerateAccessTokenRequest request =
+        GenerateAccessTokenRequest.newBuilder()
+            .setName(name)
+            .addAllDelegates(delegates)
+            .addAllScope(scope)
+            .setLifetime(lifetime)
+            .build();
+    return generateAccessToken(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Generates an OAuth 2.0 access token for a service account.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   List&lt;String&gt; scope = new ArrayList&lt;&gt;();
+   *   GenerateAccessTokenRequest request = GenerateAccessTokenRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .addAllScope(scope)
+   *     .build();
+   *   GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(request);
+   * }
+   * </code></pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final GenerateAccessTokenResponse generateAccessToken(GenerateAccessTokenRequest request) {
+    return generateAccessTokenCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Generates an OAuth 2.0 access token for a service account.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   List&lt;String&gt; scope = new ArrayList&lt;&gt;();
+   *   GenerateAccessTokenRequest request = GenerateAccessTokenRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .addAllScope(scope)
+   *     .build();
+   *   ApiFuture&lt;GenerateAccessTokenResponse&gt; future = iamCredentialsClient.generateAccessTokenCallable().futureCall(request);
+   *   // Do something
+   *   GenerateAccessTokenResponse response = future.get();
+   * }
+   * </code></pre>
+   */
+  public final UnaryCallable<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenCallable() {
+    return stub.generateAccessTokenCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Generates an OpenID Connect ID token for a service account.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   List&lt;String&gt; delegates = new ArrayList&lt;&gt;();
+   *   String audience = "";
+   *   boolean includeEmail = false;
+   *   GenerateIdTokenResponse response = iamCredentialsClient.generateIdToken(formattedName, delegates, audience, includeEmail);
+   * }
+   * </code></pre>
+   *
+   * @param name The resource name of the service account for which the credentials are requested,
+   *     in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * @param delegates The sequence of service accounts in a delegation chain. Each service account
+   *     must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account
+   *     in the chain. The last service account in the chain must be granted the
+   *     `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the
+   *     `name` field of the request.
+   *     <p>The delegates must have the following format:
+   *     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * @param audience The audience for the token, such as the API or account that this token grants
+   *     access to.
+   * @param includeEmail Include the service account email in the token. If set to `true`, the token
+   *     will contain `email` and `email_verified` claims.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final GenerateIdTokenResponse generateIdToken(
+      String name, List<String> delegates, String audience, boolean includeEmail) {
+    SERVICE_ACCOUNT_PATH_TEMPLATE.validate(name, "generateIdToken");
+    GenerateIdTokenRequest request =
+        GenerateIdTokenRequest.newBuilder()
+            .setName(name)
+            .addAllDelegates(delegates)
+            .setAudience(audience)
+            .setIncludeEmail(includeEmail)
+            .build();
+    return generateIdToken(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Generates an OpenID Connect ID token for a service account.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   String audience = "";
+   *   GenerateIdTokenRequest request = GenerateIdTokenRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .setAudience(audience)
+   *     .build();
+   *   GenerateIdTokenResponse response = iamCredentialsClient.generateIdToken(request);
+   * }
+   * </code></pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final GenerateIdTokenResponse generateIdToken(GenerateIdTokenRequest request) {
+    return generateIdTokenCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Generates an OpenID Connect ID token for a service account.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   String audience = "";
+   *   GenerateIdTokenRequest request = GenerateIdTokenRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .setAudience(audience)
+   *     .build();
+   *   ApiFuture&lt;GenerateIdTokenResponse&gt; future = iamCredentialsClient.generateIdTokenCallable().futureCall(request);
+   *   // Do something
+   *   GenerateIdTokenResponse response = future.get();
+   * }
+   * </code></pre>
+   */
+  public final UnaryCallable<GenerateIdTokenRequest, GenerateIdTokenResponse>
+      generateIdTokenCallable() {
+    return stub.generateIdTokenCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Signs a blob using a service account's system-managed private key.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   List&lt;String&gt; delegates = new ArrayList&lt;&gt;();
+   *   ByteString payload = ByteString.copyFromUtf8("");
+   *   SignBlobResponse response = iamCredentialsClient.signBlob(formattedName, delegates, payload);
+   * }
+   * </code></pre>
+   *
+   * @param name The resource name of the service account for which the credentials are requested,
+   *     in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * @param delegates The sequence of service accounts in a delegation chain. Each service account
+   *     must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account
+   *     in the chain. The last service account in the chain must be granted the
+   *     `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the
+   *     `name` field of the request.
+   *     <p>The delegates must have the following format:
+   *     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * @param payload The bytes to sign.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final SignBlobResponse signBlob(String name, List<String> delegates, ByteString payload) {
+    SERVICE_ACCOUNT_PATH_TEMPLATE.validate(name, "signBlob");
+    SignBlobRequest request =
+        SignBlobRequest.newBuilder()
+            .setName(name)
+            .addAllDelegates(delegates)
+            .setPayload(payload)
+            .build();
+    return signBlob(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Signs a blob using a service account's system-managed private key.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   ByteString payload = ByteString.copyFromUtf8("");
+   *   SignBlobRequest request = SignBlobRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .setPayload(payload)
+   *     .build();
+   *   SignBlobResponse response = iamCredentialsClient.signBlob(request);
+   * }
+   * </code></pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final SignBlobResponse signBlob(SignBlobRequest request) {
+    return signBlobCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Signs a blob using a service account's system-managed private key.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   ByteString payload = ByteString.copyFromUtf8("");
+   *   SignBlobRequest request = SignBlobRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .setPayload(payload)
+   *     .build();
+   *   ApiFuture&lt;SignBlobResponse&gt; future = iamCredentialsClient.signBlobCallable().futureCall(request);
+   *   // Do something
+   *   SignBlobResponse response = future.get();
+   * }
+   * </code></pre>
+   */
+  public final UnaryCallable<SignBlobRequest, SignBlobResponse> signBlobCallable() {
+    return stub.signBlobCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Signs a JWT using a service account's system-managed private key.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   List&lt;String&gt; delegates = new ArrayList&lt;&gt;();
+   *   String payload = "";
+   *   SignJwtResponse response = iamCredentialsClient.signJwt(formattedName, delegates, payload);
+   * }
+   * </code></pre>
+   *
+   * @param name The resource name of the service account for which the credentials are requested,
+   *     in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
+   * @param delegates The sequence of service accounts in a delegation chain. Each service account
+   *     must be granted the `roles/iam.serviceAccountTokenCreator` role on its next service account
+   *     in the chain. The last service account in the chain must be granted the
+   *     `roles/iam.serviceAccountTokenCreator` role on the service account that is specified in the
+   *     `name` field of the request.
+   *     <p>The delegates must have the following format:
+   *     `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`
+   * @param payload The JWT payload to sign: a JSON object that contains a JWT Claims Set.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final SignJwtResponse signJwt(String name, List<String> delegates, String payload) {
+    SERVICE_ACCOUNT_PATH_TEMPLATE.validate(name, "signJwt");
+    SignJwtRequest request =
+        SignJwtRequest.newBuilder()
+            .setName(name)
+            .addAllDelegates(delegates)
+            .setPayload(payload)
+            .build();
+    return signJwt(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Signs a JWT using a service account's system-managed private key.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   String payload = "";
+   *   SignJwtRequest request = SignJwtRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .setPayload(payload)
+   *     .build();
+   *   SignJwtResponse response = iamCredentialsClient.signJwt(request);
+   * }
+   * </code></pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final SignJwtResponse signJwt(SignJwtRequest request) {
+    return signJwtCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD
+  /**
+   * Signs a JWT using a service account's system-managed private key.
+   *
+   * <p>Sample code:
+   *
+   * <pre><code>
+   * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+   *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+   *   String payload = "";
+   *   SignJwtRequest request = SignJwtRequest.newBuilder()
+   *     .setName(formattedName)
+   *     .setPayload(payload)
+   *     .build();
+   *   ApiFuture&lt;SignJwtResponse&gt; future = iamCredentialsClient.signJwtCallable().futureCall(request);
+   *   // Do something
+   *   SignJwtResponse response = future.get();
+   * }
+   * </code></pre>
+   */
+  public final UnaryCallable<SignJwtRequest, SignJwtResponse> signJwtCallable() {
+    return stub.signJwtCallable();
+  }
+
+  @Override
+  public final void close() {
+    stub.close();
+  }
+
+  @Override
+  public void shutdown() {
+    stub.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return stub.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return stub.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    stub.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return stub.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsSettings.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsSettings.java
new file mode 100644
index 000000000000..363a5a534f1c
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/IamCredentialsSettings.java
@@ -0,0 +1,209 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.cloud.iam.credentials.v1.stub.IamCredentialsStubSettings;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+/**
+ * Settings class to configure an instance of {@link IamCredentialsClient}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (iamcredentials.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object. For
+ * example, to set the total timeout of generateAccessToken to 30 seconds:
+ *
+ * <pre>
+ * <code>
+ * IamCredentialsSettings.Builder iamCredentialsSettingsBuilder =
+ *     IamCredentialsSettings.newBuilder();
+ * iamCredentialsSettingsBuilder.generateAccessTokenSettings().getRetrySettings().toBuilder()
+ *     .setTotalTimeout(Duration.ofSeconds(30));
+ * IamCredentialsSettings iamCredentialsSettings = iamCredentialsSettingsBuilder.build();
+ * </code>
+ * </pre>
+ */
+@Generated("by gapic-generator")
+@BetaApi
+public class IamCredentialsSettings extends ClientSettings<IamCredentialsSettings> {
+  /** Returns the object with the settings used for calls to generateAccessToken. */
+  public UnaryCallSettings<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenSettings() {
+    return ((IamCredentialsStubSettings) getStubSettings()).generateAccessTokenSettings();
+  }
+
+  /** Returns the object with the settings used for calls to generateIdToken. */
+  public UnaryCallSettings<GenerateIdTokenRequest, GenerateIdTokenResponse>
+      generateIdTokenSettings() {
+    return ((IamCredentialsStubSettings) getStubSettings()).generateIdTokenSettings();
+  }
+
+  /** Returns the object with the settings used for calls to signBlob. */
+  public UnaryCallSettings<SignBlobRequest, SignBlobResponse> signBlobSettings() {
+    return ((IamCredentialsStubSettings) getStubSettings()).signBlobSettings();
+  }
+
+  /** Returns the object with the settings used for calls to signJwt. */
+  public UnaryCallSettings<SignJwtRequest, SignJwtResponse> signJwtSettings() {
+    return ((IamCredentialsStubSettings) getStubSettings()).signJwtSettings();
+  }
+
+  public static final IamCredentialsSettings create(IamCredentialsStubSettings stub)
+      throws IOException {
+    return new IamCredentialsSettings.Builder(stub.toBuilder()).build();
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return IamCredentialsStubSettings.defaultExecutorProviderBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return IamCredentialsStubSettings.getDefaultEndpoint();
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return IamCredentialsStubSettings.getDefaultServiceScopes();
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return IamCredentialsStubSettings.defaultCredentialsProviderBuilder();
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return IamCredentialsStubSettings.defaultGrpcTransportProviderBuilder();
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return IamCredentialsStubSettings.defaultTransportChannelProvider();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return IamCredentialsStubSettings.defaultApiClientHeaderProviderBuilder();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected IamCredentialsSettings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+  }
+
+  /** Builder for IamCredentialsSettings. */
+  public static class Builder extends ClientSettings.Builder<IamCredentialsSettings, Builder> {
+    protected Builder() throws IOException {
+      this((ClientContext) null);
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(IamCredentialsStubSettings.newBuilder(clientContext));
+    }
+
+    private static Builder createDefault() {
+      return new Builder(IamCredentialsStubSettings.newBuilder());
+    }
+
+    protected Builder(IamCredentialsSettings settings) {
+      super(settings.getStubSettings().toBuilder());
+    }
+
+    protected Builder(IamCredentialsStubSettings.Builder stubSettings) {
+      super(stubSettings);
+    }
+
+    public IamCredentialsStubSettings.Builder getStubSettingsBuilder() {
+      return ((IamCredentialsStubSettings.Builder) getStubSettings());
+    }
+
+    // NEXT_MAJOR_VER: remove 'throws Exception'
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) throws Exception {
+      super.applyToAllUnaryMethods(
+          getStubSettingsBuilder().unaryMethodSettingsBuilders(), settingsUpdater);
+      return this;
+    }
+
+    /** Returns the builder for the settings used for calls to generateAccessToken. */
+    public UnaryCallSettings.Builder<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+        generateAccessTokenSettings() {
+      return getStubSettingsBuilder().generateAccessTokenSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to generateIdToken. */
+    public UnaryCallSettings.Builder<GenerateIdTokenRequest, GenerateIdTokenResponse>
+        generateIdTokenSettings() {
+      return getStubSettingsBuilder().generateIdTokenSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to signBlob. */
+    public UnaryCallSettings.Builder<SignBlobRequest, SignBlobResponse> signBlobSettings() {
+      return getStubSettingsBuilder().signBlobSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to signJwt. */
+    public UnaryCallSettings.Builder<SignJwtRequest, SignJwtResponse> signJwtSettings() {
+      return getStubSettingsBuilder().signJwtSettings();
+    }
+
+    @Override
+    public IamCredentialsSettings build() throws IOException {
+      return new IamCredentialsSettings(this);
+    }
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/package-info.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/package-info.java
new file mode 100644
index 000000000000..8a52bac81454
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/package-info.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * A client to IAM Service Account Credentials API.
+ *
+ * <p>The interfaces provided are listed below, along with usage samples.
+ *
+ * <p>==================== IamCredentialsClient ====================
+ *
+ * <p>Service Description: A service account is a special type of Google account that belongs to
+ * your application or a virtual machine (VM), instead of to an individual end user. Your
+ * application assumes the identity of the service account to call Google APIs, so that the users
+ * aren't directly involved.
+ *
+ * <p>Service account credentials are used to temporarily assume the identity of the service
+ * account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens,
+ * self-signed JSON Web Tokens (JWTs), and more.
+ *
+ * <p>Sample for IamCredentialsClient:
+ *
+ * <pre>
+ * <code>
+ * try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
+ *   String formattedName = IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+ *   List&lt;String&gt; delegates = new ArrayList&lt;&gt;();
+ *   List&lt;String&gt; scope = new ArrayList&lt;&gt;();
+ *   Duration lifetime = Duration.newBuilder().build();
+ *   GenerateAccessTokenResponse response = iamCredentialsClient.generateAccessToken(formattedName, delegates, scope, lifetime);
+ * }
+ * </code>
+ * </pre>
+ */
+package com.google.cloud.iam.credentials.v1;
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsCallableFactory.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsCallableFactory.java
new file mode 100644
index 000000000000..38aa9a995eed
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsCallableFactory.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1.stub;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcCallableFactory;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.BatchingCallSettings;
+import com.google.api.gax.rpc.BidiStreamingCallable;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.ClientStreamingCallable;
+import com.google.api.gax.rpc.OperationCallSettings;
+import com.google.api.gax.rpc.OperationCallable;
+import com.google.api.gax.rpc.PagedCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallSettings;
+import com.google.api.gax.rpc.ServerStreamingCallable;
+import com.google.api.gax.rpc.StreamingCallSettings;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.longrunning.stub.OperationsStub;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+/**
+ * gRPC callable factory implementation for IAM Service Account Credentials API.
+ *
+ * <p>This class is for advanced usage.
+ */
+@Generated("by gapic-generator")
+@BetaApi("The surface for use by generated code is not stable yet and may change in the future.")
+public class GrpcIamCredentialsCallableFactory implements GrpcStubCallableFactory {
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createUnaryCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      UnaryCallSettings<RequestT, ResponseT> callSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createUnaryCallable(grpcCallSettings, callSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT, PagedListResponseT>
+      UnaryCallable<RequestT, PagedListResponseT> createPagedCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          PagedCallSettings<RequestT, ResponseT, PagedListResponseT> pagedCallSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createPagedCallable(
+        grpcCallSettings, pagedCallSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT> UnaryCallable<RequestT, ResponseT> createBatchingCallable(
+      GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+      BatchingCallSettings<RequestT, ResponseT> batchingCallSettings,
+      ClientContext clientContext) {
+    return GrpcCallableFactory.createBatchingCallable(
+        grpcCallSettings, batchingCallSettings, clientContext);
+  }
+
+  @BetaApi(
+      "The surface for long-running operations is not stable yet and may change in the future.")
+  @Override
+  public <RequestT, ResponseT, MetadataT>
+      OperationCallable<RequestT, ResponseT, MetadataT> createOperationCallable(
+          GrpcCallSettings<RequestT, com.google.longrunning.Operation> grpcCallSettings,
+          OperationCallSettings<RequestT, ResponseT, MetadataT> operationCallSettings,
+          ClientContext clientContext,
+          OperationsStub operationsStub) {
+    return GrpcCallableFactory.createOperationCallable(
+        grpcCallSettings, operationCallSettings, clientContext, operationsStub);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      BidiStreamingCallable<RequestT, ResponseT> createBidiStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> streamingCallSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createBidiStreamingCallable(
+        grpcCallSettings, streamingCallSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ServerStreamingCallable<RequestT, ResponseT> createServerStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          ServerStreamingCallSettings<RequestT, ResponseT> streamingCallSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createServerStreamingCallable(
+        grpcCallSettings, streamingCallSettings, clientContext);
+  }
+
+  @Override
+  public <RequestT, ResponseT>
+      ClientStreamingCallable<RequestT, ResponseT> createClientStreamingCallable(
+          GrpcCallSettings<RequestT, ResponseT> grpcCallSettings,
+          StreamingCallSettings<RequestT, ResponseT> streamingCallSettings,
+          ClientContext clientContext) {
+    return GrpcCallableFactory.createClientStreamingCallable(
+        grpcCallSettings, streamingCallSettings, clientContext);
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsStub.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsStub.java
new file mode 100644
index 000000000000..bed050b4a10e
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/GrpcIamCredentialsStub.java
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1.stub;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.core.BackgroundResourceAggregation;
+import com.google.api.gax.grpc.GrpcCallSettings;
+import com.google.api.gax.grpc.GrpcStubCallableFactory;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest;
+import com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse;
+import com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest;
+import com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse;
+import com.google.cloud.iam.credentials.v1.SignBlobRequest;
+import com.google.cloud.iam.credentials.v1.SignBlobResponse;
+import com.google.cloud.iam.credentials.v1.SignJwtRequest;
+import com.google.cloud.iam.credentials.v1.SignJwtResponse;
+import io.grpc.MethodDescriptor;
+import io.grpc.protobuf.ProtoUtils;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+/**
+ * gRPC stub implementation for IAM Service Account Credentials API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator")
+@BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+public class GrpcIamCredentialsStub extends IamCredentialsStub {
+
+  private static final MethodDescriptor<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenMethodDescriptor =
+          MethodDescriptor.<GenerateAccessTokenRequest, GenerateAccessTokenResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName("google.iam.credentials.v1.IAMCredentials/GenerateAccessToken")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(GenerateAccessTokenRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(GenerateAccessTokenResponse.getDefaultInstance()))
+              .build();
+  private static final MethodDescriptor<GenerateIdTokenRequest, GenerateIdTokenResponse>
+      generateIdTokenMethodDescriptor =
+          MethodDescriptor.<GenerateIdTokenRequest, GenerateIdTokenResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName("google.iam.credentials.v1.IAMCredentials/GenerateIdToken")
+              .setRequestMarshaller(
+                  ProtoUtils.marshaller(GenerateIdTokenRequest.getDefaultInstance()))
+              .setResponseMarshaller(
+                  ProtoUtils.marshaller(GenerateIdTokenResponse.getDefaultInstance()))
+              .build();
+  private static final MethodDescriptor<SignBlobRequest, SignBlobResponse>
+      signBlobMethodDescriptor =
+          MethodDescriptor.<SignBlobRequest, SignBlobResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName("google.iam.credentials.v1.IAMCredentials/SignBlob")
+              .setRequestMarshaller(ProtoUtils.marshaller(SignBlobRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(SignBlobResponse.getDefaultInstance()))
+              .build();
+  private static final MethodDescriptor<SignJwtRequest, SignJwtResponse> signJwtMethodDescriptor =
+      MethodDescriptor.<SignJwtRequest, SignJwtResponse>newBuilder()
+          .setType(MethodDescriptor.MethodType.UNARY)
+          .setFullMethodName("google.iam.credentials.v1.IAMCredentials/SignJwt")
+          .setRequestMarshaller(ProtoUtils.marshaller(SignJwtRequest.getDefaultInstance()))
+          .setResponseMarshaller(ProtoUtils.marshaller(SignJwtResponse.getDefaultInstance()))
+          .build();
+
+  private final BackgroundResource backgroundResources;
+
+  private final UnaryCallable<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenCallable;
+  private final UnaryCallable<GenerateIdTokenRequest, GenerateIdTokenResponse>
+      generateIdTokenCallable;
+  private final UnaryCallable<SignBlobRequest, SignBlobResponse> signBlobCallable;
+  private final UnaryCallable<SignJwtRequest, SignJwtResponse> signJwtCallable;
+
+  private final GrpcStubCallableFactory callableFactory;
+
+  public static final GrpcIamCredentialsStub create(IamCredentialsStubSettings settings)
+      throws IOException {
+    return new GrpcIamCredentialsStub(settings, ClientContext.create(settings));
+  }
+
+  public static final GrpcIamCredentialsStub create(ClientContext clientContext)
+      throws IOException {
+    return new GrpcIamCredentialsStub(
+        IamCredentialsStubSettings.newBuilder().build(), clientContext);
+  }
+
+  public static final GrpcIamCredentialsStub create(
+      ClientContext clientContext, GrpcStubCallableFactory callableFactory) throws IOException {
+    return new GrpcIamCredentialsStub(
+        IamCredentialsStubSettings.newBuilder().build(), clientContext, callableFactory);
+  }
+
+  /**
+   * Constructs an instance of GrpcIamCredentialsStub, using the given settings. This is protected
+   * so that it is easy to make a subclass, but otherwise, the static factory methods should be
+   * preferred.
+   */
+  protected GrpcIamCredentialsStub(IamCredentialsStubSettings settings, ClientContext clientContext)
+      throws IOException {
+    this(settings, clientContext, new GrpcIamCredentialsCallableFactory());
+  }
+
+  /**
+   * Constructs an instance of GrpcIamCredentialsStub, using the given settings. This is protected
+   * so that it is easy to make a subclass, but otherwise, the static factory methods should be
+   * preferred.
+   */
+  protected GrpcIamCredentialsStub(
+      IamCredentialsStubSettings settings,
+      ClientContext clientContext,
+      GrpcStubCallableFactory callableFactory)
+      throws IOException {
+    this.callableFactory = callableFactory;
+
+    GrpcCallSettings<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+        generateAccessTokenTransportSettings =
+            GrpcCallSettings.<GenerateAccessTokenRequest, GenerateAccessTokenResponse>newBuilder()
+                .setMethodDescriptor(generateAccessTokenMethodDescriptor)
+                .build();
+    GrpcCallSettings<GenerateIdTokenRequest, GenerateIdTokenResponse>
+        generateIdTokenTransportSettings =
+            GrpcCallSettings.<GenerateIdTokenRequest, GenerateIdTokenResponse>newBuilder()
+                .setMethodDescriptor(generateIdTokenMethodDescriptor)
+                .build();
+    GrpcCallSettings<SignBlobRequest, SignBlobResponse> signBlobTransportSettings =
+        GrpcCallSettings.<SignBlobRequest, SignBlobResponse>newBuilder()
+            .setMethodDescriptor(signBlobMethodDescriptor)
+            .build();
+    GrpcCallSettings<SignJwtRequest, SignJwtResponse> signJwtTransportSettings =
+        GrpcCallSettings.<SignJwtRequest, SignJwtResponse>newBuilder()
+            .setMethodDescriptor(signJwtMethodDescriptor)
+            .build();
+
+    this.generateAccessTokenCallable =
+        callableFactory.createUnaryCallable(
+            generateAccessTokenTransportSettings,
+            settings.generateAccessTokenSettings(),
+            clientContext);
+    this.generateIdTokenCallable =
+        callableFactory.createUnaryCallable(
+            generateIdTokenTransportSettings, settings.generateIdTokenSettings(), clientContext);
+    this.signBlobCallable =
+        callableFactory.createUnaryCallable(
+            signBlobTransportSettings, settings.signBlobSettings(), clientContext);
+    this.signJwtCallable =
+        callableFactory.createUnaryCallable(
+            signJwtTransportSettings, settings.signJwtSettings(), clientContext);
+
+    backgroundResources = new BackgroundResourceAggregation(clientContext.getBackgroundResources());
+  }
+
+  public UnaryCallable<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenCallable() {
+    return generateAccessTokenCallable;
+  }
+
+  public UnaryCallable<GenerateIdTokenRequest, GenerateIdTokenResponse> generateIdTokenCallable() {
+    return generateIdTokenCallable;
+  }
+
+  public UnaryCallable<SignBlobRequest, SignBlobResponse> signBlobCallable() {
+    return signBlobCallable;
+  }
+
+  public UnaryCallable<SignJwtRequest, SignJwtResponse> signJwtCallable() {
+    return signJwtCallable;
+  }
+
+  @Override
+  public final void close() {
+    shutdown();
+  }
+
+  @Override
+  public void shutdown() {
+    backgroundResources.shutdown();
+  }
+
+  @Override
+  public boolean isShutdown() {
+    return backgroundResources.isShutdown();
+  }
+
+  @Override
+  public boolean isTerminated() {
+    return backgroundResources.isTerminated();
+  }
+
+  @Override
+  public void shutdownNow() {
+    backgroundResources.shutdownNow();
+  }
+
+  @Override
+  public boolean awaitTermination(long duration, TimeUnit unit) throws InterruptedException {
+    return backgroundResources.awaitTermination(duration, unit);
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/IamCredentialsStub.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/IamCredentialsStub.java
new file mode 100644
index 000000000000..b6c99ff4bb74
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/IamCredentialsStub.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1.stub;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.BackgroundResource;
+import com.google.api.gax.rpc.UnaryCallable;
+import com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest;
+import com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse;
+import com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest;
+import com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse;
+import com.google.cloud.iam.credentials.v1.SignBlobRequest;
+import com.google.cloud.iam.credentials.v1.SignBlobResponse;
+import com.google.cloud.iam.credentials.v1.SignJwtRequest;
+import com.google.cloud.iam.credentials.v1.SignJwtResponse;
+import javax.annotation.Generated;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+/**
+ * Base stub class for IAM Service Account Credentials API.
+ *
+ * <p>This class is for advanced usage and reflects the underlying API directly.
+ */
+@Generated("by gapic-generator")
+@BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+public abstract class IamCredentialsStub implements BackgroundResource {
+
+  public UnaryCallable<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenCallable() {
+    throw new UnsupportedOperationException("Not implemented: generateAccessTokenCallable()");
+  }
+
+  public UnaryCallable<GenerateIdTokenRequest, GenerateIdTokenResponse> generateIdTokenCallable() {
+    throw new UnsupportedOperationException("Not implemented: generateIdTokenCallable()");
+  }
+
+  public UnaryCallable<SignBlobRequest, SignBlobResponse> signBlobCallable() {
+    throw new UnsupportedOperationException("Not implemented: signBlobCallable()");
+  }
+
+  public UnaryCallable<SignJwtRequest, SignJwtResponse> signJwtCallable() {
+    throw new UnsupportedOperationException("Not implemented: signJwtCallable()");
+  }
+
+  @Override
+  public abstract void close();
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/IamCredentialsStubSettings.java b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/IamCredentialsStubSettings.java
new file mode 100644
index 000000000000..e6b865af9447
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/main/java/com/google/cloud/iam/credentials/v1/stub/IamCredentialsStubSettings.java
@@ -0,0 +1,350 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1.stub;
+
+import com.google.api.core.ApiFunction;
+import com.google.api.core.BetaApi;
+import com.google.api.gax.core.GaxProperties;
+import com.google.api.gax.core.GoogleCredentialsProvider;
+import com.google.api.gax.core.InstantiatingExecutorProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.GrpcTransportChannel;
+import com.google.api.gax.grpc.InstantiatingGrpcChannelProvider;
+import com.google.api.gax.retrying.RetrySettings;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.ClientContext;
+import com.google.api.gax.rpc.StatusCode;
+import com.google.api.gax.rpc.StubSettings;
+import com.google.api.gax.rpc.TransportChannelProvider;
+import com.google.api.gax.rpc.UnaryCallSettings;
+import com.google.cloud.iam.credentials.v1.GenerateAccessTokenRequest;
+import com.google.cloud.iam.credentials.v1.GenerateAccessTokenResponse;
+import com.google.cloud.iam.credentials.v1.GenerateIdTokenRequest;
+import com.google.cloud.iam.credentials.v1.GenerateIdTokenResponse;
+import com.google.cloud.iam.credentials.v1.SignBlobRequest;
+import com.google.cloud.iam.credentials.v1.SignBlobResponse;
+import com.google.cloud.iam.credentials.v1.SignJwtRequest;
+import com.google.cloud.iam.credentials.v1.SignJwtResponse;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Lists;
+import java.io.IOException;
+import java.util.List;
+import javax.annotation.Generated;
+import org.threeten.bp.Duration;
+
+// AUTO-GENERATED DOCUMENTATION AND CLASS
+/**
+ * Settings class to configure an instance of {@link IamCredentialsStub}.
+ *
+ * <p>The default instance has everything set to sensible defaults:
+ *
+ * <ul>
+ *   <li>The default service address (iamcredentials.googleapis.com) and default port (443) are
+ *       used.
+ *   <li>Credentials are acquired automatically through Application Default Credentials.
+ *   <li>Retries are configured for idempotent methods but not for non-idempotent methods.
+ * </ul>
+ *
+ * <p>The builder of this class is recursive, so contained classes are themselves builders. When
+ * build() is called, the tree of builders is called to create the complete settings object. For
+ * example, to set the total timeout of generateAccessToken to 30 seconds:
+ *
+ * <pre>
+ * <code>
+ * IamCredentialsStubSettings.Builder iamCredentialsSettingsBuilder =
+ *     IamCredentialsStubSettings.newBuilder();
+ * iamCredentialsSettingsBuilder.generateAccessTokenSettings().getRetrySettings().toBuilder()
+ *     .setTotalTimeout(Duration.ofSeconds(30));
+ * IamCredentialsStubSettings iamCredentialsSettings = iamCredentialsSettingsBuilder.build();
+ * </code>
+ * </pre>
+ */
+@Generated("by gapic-generator")
+@BetaApi
+public class IamCredentialsStubSettings extends StubSettings<IamCredentialsStubSettings> {
+  /** The default scopes of the service. */
+  private static final ImmutableList<String> DEFAULT_SERVICE_SCOPES =
+      ImmutableList.<String>builder().add("https://www.googleapis.com/auth/cloud-platform").build();
+
+  private final UnaryCallSettings<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenSettings;
+  private final UnaryCallSettings<GenerateIdTokenRequest, GenerateIdTokenResponse>
+      generateIdTokenSettings;
+  private final UnaryCallSettings<SignBlobRequest, SignBlobResponse> signBlobSettings;
+  private final UnaryCallSettings<SignJwtRequest, SignJwtResponse> signJwtSettings;
+
+  /** Returns the object with the settings used for calls to generateAccessToken. */
+  public UnaryCallSettings<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+      generateAccessTokenSettings() {
+    return generateAccessTokenSettings;
+  }
+
+  /** Returns the object with the settings used for calls to generateIdToken. */
+  public UnaryCallSettings<GenerateIdTokenRequest, GenerateIdTokenResponse>
+      generateIdTokenSettings() {
+    return generateIdTokenSettings;
+  }
+
+  /** Returns the object with the settings used for calls to signBlob. */
+  public UnaryCallSettings<SignBlobRequest, SignBlobResponse> signBlobSettings() {
+    return signBlobSettings;
+  }
+
+  /** Returns the object with the settings used for calls to signJwt. */
+  public UnaryCallSettings<SignJwtRequest, SignJwtResponse> signJwtSettings() {
+    return signJwtSettings;
+  }
+
+  @BetaApi("A restructuring of stub classes is planned, so this may break in the future")
+  public IamCredentialsStub createStub() throws IOException {
+    if (getTransportChannelProvider()
+        .getTransportName()
+        .equals(GrpcTransportChannel.getGrpcTransportName())) {
+      return GrpcIamCredentialsStub.create(this);
+    } else {
+      throw new UnsupportedOperationException(
+          "Transport not supported: " + getTransportChannelProvider().getTransportName());
+    }
+  }
+
+  /** Returns a builder for the default ExecutorProvider for this service. */
+  public static InstantiatingExecutorProvider.Builder defaultExecutorProviderBuilder() {
+    return InstantiatingExecutorProvider.newBuilder();
+  }
+
+  /** Returns the default service endpoint. */
+  public static String getDefaultEndpoint() {
+    return "iamcredentials.googleapis.com:443";
+  }
+
+  /** Returns the default service scopes. */
+  public static List<String> getDefaultServiceScopes() {
+    return DEFAULT_SERVICE_SCOPES;
+  }
+
+  /** Returns a builder for the default credentials for this service. */
+  public static GoogleCredentialsProvider.Builder defaultCredentialsProviderBuilder() {
+    return GoogleCredentialsProvider.newBuilder().setScopesToApply(DEFAULT_SERVICE_SCOPES);
+  }
+
+  /** Returns a builder for the default ChannelProvider for this service. */
+  public static InstantiatingGrpcChannelProvider.Builder defaultGrpcTransportProviderBuilder() {
+    return InstantiatingGrpcChannelProvider.newBuilder();
+  }
+
+  public static TransportChannelProvider defaultTransportChannelProvider() {
+    return defaultGrpcTransportProviderBuilder().build();
+  }
+
+  @BetaApi("The surface for customizing headers is not stable yet and may change in the future.")
+  public static ApiClientHeaderProvider.Builder defaultApiClientHeaderProviderBuilder() {
+    return ApiClientHeaderProvider.newBuilder()
+        .setGeneratedLibToken(
+            "gapic", GaxProperties.getLibraryVersion(IamCredentialsStubSettings.class))
+        .setTransportToken(
+            GaxGrpcProperties.getGrpcTokenName(), GaxGrpcProperties.getGrpcVersion());
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder() {
+    return Builder.createDefault();
+  }
+
+  /** Returns a new builder for this class. */
+  public static Builder newBuilder(ClientContext clientContext) {
+    return new Builder(clientContext);
+  }
+
+  /** Returns a builder containing all the values of this settings class. */
+  public Builder toBuilder() {
+    return new Builder(this);
+  }
+
+  protected IamCredentialsStubSettings(Builder settingsBuilder) throws IOException {
+    super(settingsBuilder);
+
+    generateAccessTokenSettings = settingsBuilder.generateAccessTokenSettings().build();
+    generateIdTokenSettings = settingsBuilder.generateIdTokenSettings().build();
+    signBlobSettings = settingsBuilder.signBlobSettings().build();
+    signJwtSettings = settingsBuilder.signJwtSettings().build();
+  }
+
+  /** Builder for IamCredentialsStubSettings. */
+  public static class Builder extends StubSettings.Builder<IamCredentialsStubSettings, Builder> {
+    private final ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders;
+
+    private final UnaryCallSettings.Builder<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+        generateAccessTokenSettings;
+    private final UnaryCallSettings.Builder<GenerateIdTokenRequest, GenerateIdTokenResponse>
+        generateIdTokenSettings;
+    private final UnaryCallSettings.Builder<SignBlobRequest, SignBlobResponse> signBlobSettings;
+    private final UnaryCallSettings.Builder<SignJwtRequest, SignJwtResponse> signJwtSettings;
+
+    private static final ImmutableMap<String, ImmutableSet<StatusCode.Code>>
+        RETRYABLE_CODE_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, ImmutableSet<StatusCode.Code>> definitions =
+          ImmutableMap.builder();
+      definitions.put(
+          "idempotent",
+          ImmutableSet.copyOf(
+              Lists.<StatusCode.Code>newArrayList(
+                  StatusCode.Code.DEADLINE_EXCEEDED, StatusCode.Code.UNAVAILABLE)));
+      definitions.put("non_idempotent", ImmutableSet.copyOf(Lists.<StatusCode.Code>newArrayList()));
+      RETRYABLE_CODE_DEFINITIONS = definitions.build();
+    }
+
+    private static final ImmutableMap<String, RetrySettings> RETRY_PARAM_DEFINITIONS;
+
+    static {
+      ImmutableMap.Builder<String, RetrySettings> definitions = ImmutableMap.builder();
+      RetrySettings settings = null;
+      settings =
+          RetrySettings.newBuilder()
+              .setInitialRetryDelay(Duration.ofMillis(100L))
+              .setRetryDelayMultiplier(1.3)
+              .setMaxRetryDelay(Duration.ofMillis(60000L))
+              .setInitialRpcTimeout(Duration.ofMillis(20000L))
+              .setRpcTimeoutMultiplier(1.0)
+              .setMaxRpcTimeout(Duration.ofMillis(20000L))
+              .setTotalTimeout(Duration.ofMillis(600000L))
+              .build();
+      definitions.put("default", settings);
+      RETRY_PARAM_DEFINITIONS = definitions.build();
+    }
+
+    protected Builder() {
+      this((ClientContext) null);
+    }
+
+    protected Builder(ClientContext clientContext) {
+      super(clientContext);
+
+      generateAccessTokenSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+
+      generateIdTokenSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+
+      signBlobSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+
+      signJwtSettings = UnaryCallSettings.newUnaryCallSettingsBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(
+              generateAccessTokenSettings,
+              generateIdTokenSettings,
+              signBlobSettings,
+              signJwtSettings);
+
+      initDefaults(this);
+    }
+
+    private static Builder createDefault() {
+      Builder builder = new Builder((ClientContext) null);
+      builder.setTransportChannelProvider(defaultTransportChannelProvider());
+      builder.setCredentialsProvider(defaultCredentialsProviderBuilder().build());
+      builder.setInternalHeaderProvider(defaultApiClientHeaderProviderBuilder().build());
+      builder.setEndpoint(getDefaultEndpoint());
+      return initDefaults(builder);
+    }
+
+    private static Builder initDefaults(Builder builder) {
+
+      builder
+          .generateAccessTokenSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("idempotent"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("default"));
+
+      builder
+          .generateIdTokenSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("idempotent"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("default"));
+
+      builder
+          .signBlobSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("idempotent"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("default"));
+
+      builder
+          .signJwtSettings()
+          .setRetryableCodes(RETRYABLE_CODE_DEFINITIONS.get("idempotent"))
+          .setRetrySettings(RETRY_PARAM_DEFINITIONS.get("default"));
+
+      return builder;
+    }
+
+    protected Builder(IamCredentialsStubSettings settings) {
+      super(settings);
+
+      generateAccessTokenSettings = settings.generateAccessTokenSettings.toBuilder();
+      generateIdTokenSettings = settings.generateIdTokenSettings.toBuilder();
+      signBlobSettings = settings.signBlobSettings.toBuilder();
+      signJwtSettings = settings.signJwtSettings.toBuilder();
+
+      unaryMethodSettingsBuilders =
+          ImmutableList.<UnaryCallSettings.Builder<?, ?>>of(
+              generateAccessTokenSettings,
+              generateIdTokenSettings,
+              signBlobSettings,
+              signJwtSettings);
+    }
+
+    // NEXT_MAJOR_VER: remove 'throws Exception'
+    /**
+     * Applies the given settings updater function to all of the unary API methods in this service.
+     *
+     * <p>Note: This method does not support applying settings to streaming methods.
+     */
+    public Builder applyToAllUnaryMethods(
+        ApiFunction<UnaryCallSettings.Builder<?, ?>, Void> settingsUpdater) throws Exception {
+      super.applyToAllUnaryMethods(unaryMethodSettingsBuilders, settingsUpdater);
+      return this;
+    }
+
+    public ImmutableList<UnaryCallSettings.Builder<?, ?>> unaryMethodSettingsBuilders() {
+      return unaryMethodSettingsBuilders;
+    }
+
+    /** Returns the builder for the settings used for calls to generateAccessToken. */
+    public UnaryCallSettings.Builder<GenerateAccessTokenRequest, GenerateAccessTokenResponse>
+        generateAccessTokenSettings() {
+      return generateAccessTokenSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to generateIdToken. */
+    public UnaryCallSettings.Builder<GenerateIdTokenRequest, GenerateIdTokenResponse>
+        generateIdTokenSettings() {
+      return generateIdTokenSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to signBlob. */
+    public UnaryCallSettings.Builder<SignBlobRequest, SignBlobResponse> signBlobSettings() {
+      return signBlobSettings;
+    }
+
+    /** Returns the builder for the settings used for calls to signJwt. */
+    public UnaryCallSettings.Builder<SignJwtRequest, SignJwtResponse> signJwtSettings() {
+      return signJwtSettings;
+    }
+
+    @Override
+    public IamCredentialsStubSettings build() throws IOException {
+      return new IamCredentialsStubSettings(this);
+    }
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/IamCredentialsClientTest.java b/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/IamCredentialsClientTest.java
new file mode 100644
index 000000000000..8f275a594bfc
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/IamCredentialsClientTest.java
@@ -0,0 +1,279 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1;
+
+import com.google.api.gax.core.NoCredentialsProvider;
+import com.google.api.gax.grpc.GaxGrpcProperties;
+import com.google.api.gax.grpc.testing.LocalChannelProvider;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.api.gax.grpc.testing.MockServiceHelper;
+import com.google.api.gax.rpc.ApiClientHeaderProvider;
+import com.google.api.gax.rpc.InvalidArgumentException;
+import com.google.protobuf.ByteString;
+import com.google.protobuf.Duration;
+import com.google.protobuf.GeneratedMessageV3;
+import io.grpc.Status;
+import io.grpc.StatusRuntimeException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+@javax.annotation.Generated("by GAPIC")
+public class IamCredentialsClientTest {
+  private static MockIAMCredentials mockIAMCredentials;
+  private static MockServiceHelper serviceHelper;
+  private IamCredentialsClient client;
+  private LocalChannelProvider channelProvider;
+
+  @BeforeClass
+  public static void startStaticServer() {
+    mockIAMCredentials = new MockIAMCredentials();
+    serviceHelper =
+        new MockServiceHelper("in-process-1", Arrays.<MockGrpcService>asList(mockIAMCredentials));
+    serviceHelper.start();
+  }
+
+  @AfterClass
+  public static void stopServer() {
+    serviceHelper.stop();
+  }
+
+  @Before
+  public void setUp() throws IOException {
+    serviceHelper.reset();
+    channelProvider = serviceHelper.createChannelProvider();
+    IamCredentialsSettings settings =
+        IamCredentialsSettings.newBuilder()
+            .setTransportChannelProvider(channelProvider)
+            .setCredentialsProvider(NoCredentialsProvider.create())
+            .build();
+    client = IamCredentialsClient.create(settings);
+  }
+
+  @After
+  public void tearDown() throws Exception {
+    client.close();
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void generateAccessTokenTest() {
+    String accessToken = "accessToken-1938933922";
+    GenerateAccessTokenResponse expectedResponse =
+        GenerateAccessTokenResponse.newBuilder().setAccessToken(accessToken).build();
+    mockIAMCredentials.addResponse(expectedResponse);
+
+    String formattedName =
+        IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+    List<String> delegates = new ArrayList<>();
+    List<String> scope = new ArrayList<>();
+    Duration lifetime = Duration.newBuilder().build();
+
+    GenerateAccessTokenResponse actualResponse =
+        client.generateAccessToken(formattedName, delegates, scope, lifetime);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<GeneratedMessageV3> actualRequests = mockIAMCredentials.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GenerateAccessTokenRequest actualRequest = (GenerateAccessTokenRequest) actualRequests.get(0);
+
+    Assert.assertEquals(formattedName, actualRequest.getName());
+    Assert.assertEquals(delegates, actualRequest.getDelegatesList());
+    Assert.assertEquals(scope, actualRequest.getScopeList());
+    Assert.assertEquals(lifetime, actualRequest.getLifetime());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void generateAccessTokenExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(Status.INVALID_ARGUMENT);
+    mockIAMCredentials.addException(exception);
+
+    try {
+      String formattedName =
+          IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+      List<String> delegates = new ArrayList<>();
+      List<String> scope = new ArrayList<>();
+      Duration lifetime = Duration.newBuilder().build();
+
+      client.generateAccessToken(formattedName, delegates, scope, lifetime);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception
+    }
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void generateIdTokenTest() {
+    String token = "token110541305";
+    GenerateIdTokenResponse expectedResponse =
+        GenerateIdTokenResponse.newBuilder().setToken(token).build();
+    mockIAMCredentials.addResponse(expectedResponse);
+
+    String formattedName =
+        IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+    List<String> delegates = new ArrayList<>();
+    String audience = "audience975628804";
+    boolean includeEmail = false;
+
+    GenerateIdTokenResponse actualResponse =
+        client.generateIdToken(formattedName, delegates, audience, includeEmail);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<GeneratedMessageV3> actualRequests = mockIAMCredentials.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    GenerateIdTokenRequest actualRequest = (GenerateIdTokenRequest) actualRequests.get(0);
+
+    Assert.assertEquals(formattedName, actualRequest.getName());
+    Assert.assertEquals(delegates, actualRequest.getDelegatesList());
+    Assert.assertEquals(audience, actualRequest.getAudience());
+    Assert.assertEquals(includeEmail, actualRequest.getIncludeEmail());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void generateIdTokenExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(Status.INVALID_ARGUMENT);
+    mockIAMCredentials.addException(exception);
+
+    try {
+      String formattedName =
+          IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+      List<String> delegates = new ArrayList<>();
+      String audience = "audience975628804";
+      boolean includeEmail = false;
+
+      client.generateIdToken(formattedName, delegates, audience, includeEmail);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception
+    }
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void signBlobTest() {
+    String keyId = "keyId-1134673157";
+    ByteString signedBlob = ByteString.copyFromUtf8("-32");
+    SignBlobResponse expectedResponse =
+        SignBlobResponse.newBuilder().setKeyId(keyId).setSignedBlob(signedBlob).build();
+    mockIAMCredentials.addResponse(expectedResponse);
+
+    String formattedName =
+        IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+    List<String> delegates = new ArrayList<>();
+    ByteString payload = ByteString.copyFromUtf8("-114");
+
+    SignBlobResponse actualResponse = client.signBlob(formattedName, delegates, payload);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<GeneratedMessageV3> actualRequests = mockIAMCredentials.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    SignBlobRequest actualRequest = (SignBlobRequest) actualRequests.get(0);
+
+    Assert.assertEquals(formattedName, actualRequest.getName());
+    Assert.assertEquals(delegates, actualRequest.getDelegatesList());
+    Assert.assertEquals(payload, actualRequest.getPayload());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void signBlobExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(Status.INVALID_ARGUMENT);
+    mockIAMCredentials.addException(exception);
+
+    try {
+      String formattedName =
+          IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+      List<String> delegates = new ArrayList<>();
+      ByteString payload = ByteString.copyFromUtf8("-114");
+
+      client.signBlob(formattedName, delegates, payload);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception
+    }
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void signJwtTest() {
+    String keyId = "keyId-1134673157";
+    String signedJwt = "signedJwt-979546844";
+    SignJwtResponse expectedResponse =
+        SignJwtResponse.newBuilder().setKeyId(keyId).setSignedJwt(signedJwt).build();
+    mockIAMCredentials.addResponse(expectedResponse);
+
+    String formattedName =
+        IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+    List<String> delegates = new ArrayList<>();
+    String payload = "-114";
+
+    SignJwtResponse actualResponse = client.signJwt(formattedName, delegates, payload);
+    Assert.assertEquals(expectedResponse, actualResponse);
+
+    List<GeneratedMessageV3> actualRequests = mockIAMCredentials.getRequests();
+    Assert.assertEquals(1, actualRequests.size());
+    SignJwtRequest actualRequest = (SignJwtRequest) actualRequests.get(0);
+
+    Assert.assertEquals(formattedName, actualRequest.getName());
+    Assert.assertEquals(delegates, actualRequest.getDelegatesList());
+    Assert.assertEquals(payload, actualRequest.getPayload());
+    Assert.assertTrue(
+        channelProvider.isHeaderSent(
+            ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
+            GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
+  }
+
+  @Test
+  @SuppressWarnings("all")
+  public void signJwtExceptionTest() throws Exception {
+    StatusRuntimeException exception = new StatusRuntimeException(Status.INVALID_ARGUMENT);
+    mockIAMCredentials.addException(exception);
+
+    try {
+      String formattedName =
+          IamCredentialsClient.formatServiceAccountName("[PROJECT]", "[SERVICE_ACCOUNT]");
+      List<String> delegates = new ArrayList<>();
+      String payload = "-114";
+
+      client.signJwt(formattedName, delegates, payload);
+      Assert.fail("No exception raised");
+    } catch (InvalidArgumentException e) {
+      // Expected exception
+    }
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/MockIAMCredentials.java b/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/MockIAMCredentials.java
new file mode 100644
index 000000000000..5b89bfa9de2f
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/MockIAMCredentials.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.api.gax.grpc.testing.MockGrpcService;
+import com.google.protobuf.GeneratedMessageV3;
+import io.grpc.ServerServiceDefinition;
+import java.util.List;
+
+@javax.annotation.Generated("by GAPIC")
+@BetaApi
+public class MockIAMCredentials implements MockGrpcService {
+  private final MockIAMCredentialsImpl serviceImpl;
+
+  public MockIAMCredentials() {
+    serviceImpl = new MockIAMCredentialsImpl();
+  }
+
+  @Override
+  public List<GeneratedMessageV3> getRequests() {
+    return serviceImpl.getRequests();
+  }
+
+  @Override
+  public void addResponse(GeneratedMessageV3 response) {
+    serviceImpl.addResponse(response);
+  }
+
+  @Override
+  public void addException(Exception exception) {
+    serviceImpl.addException(exception);
+  }
+
+  @Override
+  public ServerServiceDefinition getServiceDefinition() {
+    return serviceImpl.bindService();
+  }
+
+  @Override
+  public void reset() {
+    serviceImpl.reset();
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/MockIAMCredentialsImpl.java b/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/MockIAMCredentialsImpl.java
new file mode 100644
index 000000000000..b9f106d5d1c6
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/src/test/java/com/google/cloud/iam/credentials/v1/MockIAMCredentialsImpl.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.google.cloud.iam.credentials.v1;
+
+import com.google.api.core.BetaApi;
+import com.google.cloud.iam.credentials.v1.IAMCredentialsGrpc.IAMCredentialsImplBase;
+import com.google.protobuf.GeneratedMessageV3;
+import io.grpc.stub.StreamObserver;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Queue;
+
+@javax.annotation.Generated("by GAPIC")
+@BetaApi
+public class MockIAMCredentialsImpl extends IAMCredentialsImplBase {
+  private ArrayList<GeneratedMessageV3> requests;
+  private Queue<Object> responses;
+
+  public MockIAMCredentialsImpl() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  public List<GeneratedMessageV3> getRequests() {
+    return requests;
+  }
+
+  public void addResponse(GeneratedMessageV3 response) {
+    responses.add(response);
+  }
+
+  public void setResponses(List<GeneratedMessageV3> responses) {
+    this.responses = new LinkedList<Object>(responses);
+  }
+
+  public void addException(Exception exception) {
+    responses.add(exception);
+  }
+
+  public void reset() {
+    requests = new ArrayList<>();
+    responses = new LinkedList<>();
+  }
+
+  @Override
+  public void generateAccessToken(
+      GenerateAccessTokenRequest request,
+      StreamObserver<GenerateAccessTokenResponse> responseObserver) {
+    Object response = responses.remove();
+    if (response instanceof GenerateAccessTokenResponse) {
+      requests.add(request);
+      responseObserver.onNext((GenerateAccessTokenResponse) response);
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError((Exception) response);
+    } else {
+      responseObserver.onError(new IllegalArgumentException("Unrecognized response type"));
+    }
+  }
+
+  @Override
+  public void generateIdToken(
+      GenerateIdTokenRequest request, StreamObserver<GenerateIdTokenResponse> responseObserver) {
+    Object response = responses.remove();
+    if (response instanceof GenerateIdTokenResponse) {
+      requests.add(request);
+      responseObserver.onNext((GenerateIdTokenResponse) response);
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError((Exception) response);
+    } else {
+      responseObserver.onError(new IllegalArgumentException("Unrecognized response type"));
+    }
+  }
+
+  @Override
+  public void signBlob(SignBlobRequest request, StreamObserver<SignBlobResponse> responseObserver) {
+    Object response = responses.remove();
+    if (response instanceof SignBlobResponse) {
+      requests.add(request);
+      responseObserver.onNext((SignBlobResponse) response);
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError((Exception) response);
+    } else {
+      responseObserver.onError(new IllegalArgumentException("Unrecognized response type"));
+    }
+  }
+
+  @Override
+  public void signJwt(SignJwtRequest request, StreamObserver<SignJwtResponse> responseObserver) {
+    Object response = responses.remove();
+    if (response instanceof SignJwtResponse) {
+      requests.add(request);
+      responseObserver.onNext((SignJwtResponse) response);
+      responseObserver.onCompleted();
+    } else if (response instanceof Exception) {
+      responseObserver.onError((Exception) response);
+    } else {
+      responseObserver.onError(new IllegalArgumentException("Unrecognized response type"));
+    }
+  }
+}
diff --git a/google-cloud-clients/google-cloud-iamcredentials/synth.metadata b/google-cloud-clients/google-cloud-iamcredentials/synth.metadata
new file mode 100644
index 000000000000..4541e1ba854a
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/synth.metadata
@@ -0,0 +1,32 @@
+{
+  "updateTime": "2018-12-12T22:58:16.947668Z",
+  "sources": [
+    {
+      "generator": {
+        "name": "artman",
+        "version": "0.16.2",
+        "dockerImage": "googleapis/artman@sha256:2f6b261ee7fe1aedf238991c93a20b3820de37a343d0cacf3e3e9555c2aaf2ea"
+      }
+    },
+    {
+      "git": {
+        "name": "googleapis",
+        "remote": "https://github.com/googleapis/googleapis.git",
+        "sha": "a207551d5190d2dc915ea261f19ce83eeee000d3",
+        "internalRef": "225249459"
+      }
+    }
+  ],
+  "destinations": [
+    {
+      "client": {
+        "source": "googleapis",
+        "apiName": "iamcredentials",
+        "apiVersion": "v1",
+        "language": "java",
+        "generator": "gapic",
+        "config": "google/iam/credentials/artman_iamcredentials_v1.yaml"
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/google-cloud-clients/google-cloud-iamcredentials/synth.py b/google-cloud-clients/google-cloud-iamcredentials/synth.py
new file mode 100644
index 000000000000..8377ae99a39e
--- /dev/null
+++ b/google-cloud-clients/google-cloud-iamcredentials/synth.py
@@ -0,0 +1,40 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""This script is used to synthesize generated parts of this library."""
+
+import synthtool as s
+import synthtool.gcp as gcp
+import synthtool.languages.java as java
+
+gapic = gcp.GAPICGenerator()
+
+service = 'iamcredentials'
+versions = ['v1']
+config_pattern = '/google/iam/credentials/artman_iamcredentials_{version}.yaml'
+
+for version in versions:
+    library = gapic.java_library(
+        service=service,
+        version=version,
+        config_path=config_pattern.format(version=version),
+        artman_output_name='')
+
+    s.copy(library / f'gapic-google-cloud-{service}-{version}/src', 'src')
+    s.copy(library / f'grpc-google-cloud-{service}-{version}/src', f'../../google-api-grpc/grpc-google-cloud-{service}-{version}/src')
+    s.copy(library / f'proto-google-cloud-{service}-{version}/src', f'../../google-api-grpc/proto-google-cloud-{service}-{version}/src')
+
+    java.format_code('./src')
+    java.format_code(f'../../google-api-grpc/grpc-google-cloud-{service}-{version}/src')
+    java.format_code(f'../../google-api-grpc/proto-google-cloud-{service}-{version}/src')
diff --git a/google-cloud-clients/pom.xml b/google-cloud-clients/pom.xml
index bac640bc08b5..6a66f4d6863d 100644
--- a/google-cloud-clients/pom.xml
+++ b/google-cloud-clients/pom.xml
@@ -1,7 +1,5 @@
-<?xml version="1.0"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<?xml version='1.0' encoding='UTF-8'?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.google.cloud</groupId>
   <artifactId>google-cloud-clients</artifactId>
@@ -446,6 +444,7 @@
     <module>google-cloud-dns</module>
     <module>google-cloud-errorreporting</module>
     <module>google-cloud-firestore</module>
+    <module>google-cloud-iamcredentials</module>
     <module>google-cloud-iot</module>
     <module>google-cloud-kms</module>
     <module>google-cloud-language</module>
@@ -769,7 +768,7 @@
                   </group>
                   <group>
                     <title>Stub packages</title>
-                    <packages>com.google.cloud.asset.v1beta1.stub:com.google.cloud.automl.v1beta1.stub:com.google.cloud.bigquery.datatransfer.v1.stub:com.google.cloud.bigquery.storage.v1beta1.stub:com.google.cloud.bigtable.admin.v2.stub:com.google.cloud.bigtable.data.v2.stub*:com.google.cloud.compute.v1.stub:com.google.cloud.container.v1.stub:com.google.cloud.devtools.containeranalysis.v1beta1.stub:com.google.cloud.dataproc.v1.stub:com.google.cloud.dataproc.v1beta2.stub:com.google.cloud.dlp.v2beta1.stub:com.google.cloud.dlp.v2.stub:com.google.cloud.dialogflow.v2beta1.stub:com.google.cloud.dialogflow.v2.stub:com.google.cloud.errorreporting.v1beta1.stub:com.google.cloud.firestore.v1beta1.stub:com.google.cloud.iot.v1.stub:com.google.cloud.kms.v1.stub:com.google.cloud.language.v1beta2.stub:com.google.cloud.language.v1.stub:com.google.cloud.logging.v2.stub:com.google.cloud.monitoring.v3.stub:com.google.cloud.oslogin.v1.stub:com.google.cloud.pubsub.v1.stub:com.google.cloud.redis.v1beta1.stub:com.google.cloud.redis.v1.stub:com.google.cloud.scheduler.v1beta1.stub:com.google.cloud.securitycenter.v1beta1.stub:com.google.cloud.spanner.admin.database.v1.stub:com.google.cloud.spanner.admin.instance.v1.stub:com.google.cloud.spanner.v1.stub:com.google.cloud.speech.v1beta1.stub:com.google.cloud.speech.v1p1beta1.stub:com.google.cloud.speech.v1.stub:com.google.cloud.tasks.v2beta2.stub:com.google.cloud.texttospeech.v1beta1.stub:com.google.cloud.texttospeech.v1.stub:com.google.cloud.trace.v1.stub:com.google.cloud.trace.v2.stub:com.google.cloud.videointelligence.v1beta1.stub:com.google.cloud.videointelligence.v1beta2.stub:com.google.cloud.videointelligence.v1.stub:com.google.cloud.videointelligence.v1p1beta1.stub:com.google.cloud.videointelligence.v1p2beta1.stub:com.google.cloud.vision.v1.stub:com.google.cloud.vision.v1p1beta1.stub:com.google.cloud.vision.v1p2beta1.stub:com.google.cloud.vision.v1p3beta1.stub:com.google.cloud.websecurityscanner.v1alpha.stub</packages>
+                    <packages>com.google.cloud.asset.v1beta1.stub:com.google.cloud.automl.v1beta1.stub:com.google.cloud.bigquerydatatransfer.v1.stub:com.google.cloud.bigquerystorage.v1beta1.stub:com.google.cloud.bigtable-admin.v2.stub:com.google.cloud.bigtable.v2.stub:com.google.cloud.container.v1.stub:com.google.cloud.containeranalysis.v1beta1.stub:com.google.cloud.dataproc.v1.stub:com.google.cloud.dataproc.v1beta2.stub:com.google.cloud.dialogflow.v2.stub:com.google.cloud.dialogflow.v2beta1.stub:com.google.cloud.dlp.v2.stub:com.google.cloud.error-reporting.v1beta1.stub:com.google.cloud.firestore.v1beta1.stub:com.google.cloud.iamcredentials.v1.stub:com.google.cloud.iot.v1.stub:com.google.cloud.kms.v1.stub:com.google.cloud.language.v1.stub:com.google.cloud.language.v1beta2.stub:com.google.cloud.logging.v2.stub:com.google.cloud.monitoring.v3.stub:com.google.cloud.os-login.v1.stub:com.google.cloud.pubsub.v1.stub:com.google.cloud.redis.v1.stub:com.google.cloud.redis.v1beta1.stub:com.google.cloud.scheduler.v1beta1.stub:com.google.cloud.securitycenter.v1beta1.stub:com.google.cloud.spanner-admin-database.v1.stub:com.google.cloud.spanner-admin-instance.v1.stub:com.google.cloud.spanner.v1.stub:com.google.cloud.speech.v1.stub:com.google.cloud.speech.v1beta1.stub:com.google.cloud.speech.v1p1beta1.stub:com.google.cloud.tasks.v2beta2.stub:com.google.cloud.tasks.v2beta3.stub:com.google.cloud.texttospeech.v1.stub:com.google.cloud.texttospeech.v1beta1.stub:com.google.cloud.trace.v1.stub:com.google.cloud.trace.v2.stub:com.google.cloud.video-intelligence.v1.stub:com.google.cloud.video-intelligence.v1beta1.stub:com.google.cloud.video-intelligence.v1beta2.stub:com.google.cloud.video-intelligence.v1p1beta1.stub:com.google.cloud.video-intelligence.v1p2beta1.stub:com.google.cloud.vision.v1.stub:com.google.cloud.vision.v1p1beta1.stub:com.google.cloud.vision.v1p2beta1.stub:com.google.cloud.vision.v1p3beta1.stub:com.google.cloud.websecurityscanner.v1alpha.stub</packages>
                   </group>
                   <group>
                     <title>Deprecated packages</title>
@@ -877,7 +876,7 @@
             </group>
             <group>
               <title>Stub packages</title>
-              <packages>com.google.cloud.automl.v1beta1.stub:com.google.cloud.bigquery.datatransfer.v1.stub:com.google.cloud.bigquery.storage.v1beta1.stub:com.google.cloud.bigtable.admin.v2.stub:com.google.cloud.bigtable.data.v2.stub*:com.google.cloud.compute.v1.stub:com.google.cloud.container.v1.stub:com.google.cloud.dataproc.v1.stub:com.google.cloud.dataproc.v1beta2.stub:com.google.cloud.dlp.v2beta1.stub:com.google.cloud.dlp.v2.stub:com.google.cloud.dialogflow.v2beta1.stub:com.google.cloud.dialogflow.v2.stub:com.google.cloud.errorreporting.v1beta1.stub:com.google.cloud.firestore.v1beta1.stub:com.google.cloud.iot.v1.stub:com.google.cloud.kms.v1.stub:com.google.cloud.language.v1beta2.stub:com.google.cloud.language.v1.stub:com.google.cloud.logging.v2.stub:com.google.cloud.monitoring.v3.stub:com.google.cloud.oslogin.v1.stub:com.google.cloud.pubsub.v1.stub:com.google.cloud.redis.v1beta1.stub:com.google.cloud.scheduler.v1beta1.stub:com.google.cloud.securitycenter.v1beta1.stub:com.google.cloud.spanner.admin.database.v1.stub:com.google.cloud.spanner.admin.instance.v1.stub:com.google.cloud.spanner.v1.stub:com.google.cloud.speech.v1beta1.stub:com.google.cloud.speech.v1p1beta1.stub:com.google.cloud.speech.v1.stub:com.google.cloud.tasks.v2beta2.stub:com.google.cloud.texttospeech.v1beta1.stub:com.google.cloud.texttospeech.v1.stub:com.google.cloud.trace.v1.stub:com.google.cloud.trace.v2.stub:com.google.cloud.videointelligence.v1beta1.stub:com.google.cloud.videointelligence.v1beta2.stub:com.google.cloud.videointelligence.v1.stub:com.google.cloud.videointelligence.v1p1beta1.stub:com.google.cloud.vision.v1.stub:com.google.cloud.vision.v1p1beta1.stub:com.google.cloud.vision.v1p2beta1.stub:com.google.cloud.vision.v1p3beta1.stub:com.google.cloud.websecurityscanner.v1alpha.stub</packages>
+              <packages>com.google.cloud.asset.v1beta1.stub:com.google.cloud.automl.v1beta1.stub:com.google.cloud.bigquerydatatransfer.v1.stub:com.google.cloud.bigquerystorage.v1beta1.stub:com.google.cloud.bigtable-admin.v2.stub:com.google.cloud.bigtable.v2.stub:com.google.cloud.container.v1.stub:com.google.cloud.containeranalysis.v1beta1.stub:com.google.cloud.dataproc.v1.stub:com.google.cloud.dataproc.v1beta2.stub:com.google.cloud.dialogflow.v2.stub:com.google.cloud.dialogflow.v2beta1.stub:com.google.cloud.dlp.v2.stub:com.google.cloud.error-reporting.v1beta1.stub:com.google.cloud.firestore.v1beta1.stub:com.google.cloud.iamcredentials.v1.stub:com.google.cloud.iot.v1.stub:com.google.cloud.kms.v1.stub:com.google.cloud.language.v1.stub:com.google.cloud.language.v1beta2.stub:com.google.cloud.logging.v2.stub:com.google.cloud.monitoring.v3.stub:com.google.cloud.os-login.v1.stub:com.google.cloud.pubsub.v1.stub:com.google.cloud.redis.v1.stub:com.google.cloud.redis.v1beta1.stub:com.google.cloud.scheduler.v1beta1.stub:com.google.cloud.securitycenter.v1beta1.stub:com.google.cloud.spanner-admin-database.v1.stub:com.google.cloud.spanner-admin-instance.v1.stub:com.google.cloud.spanner.v1.stub:com.google.cloud.speech.v1.stub:com.google.cloud.speech.v1beta1.stub:com.google.cloud.speech.v1p1beta1.stub:com.google.cloud.tasks.v2beta2.stub:com.google.cloud.tasks.v2beta3.stub:com.google.cloud.texttospeech.v1.stub:com.google.cloud.texttospeech.v1beta1.stub:com.google.cloud.trace.v1.stub:com.google.cloud.trace.v2.stub:com.google.cloud.video-intelligence.v1.stub:com.google.cloud.video-intelligence.v1beta1.stub:com.google.cloud.video-intelligence.v1beta2.stub:com.google.cloud.video-intelligence.v1p1beta1.stub:com.google.cloud.video-intelligence.v1p2beta1.stub:com.google.cloud.vision.v1.stub:com.google.cloud.vision.v1p1beta1.stub:com.google.cloud.vision.v1p2beta1.stub:com.google.cloud.vision.v1p3beta1.stub:com.google.cloud.websecurityscanner.v1alpha.stub</packages>
             </group>
             <group>
               <title>Deprecated packages</title>
diff --git a/versions.txt b/versions.txt
index f77aeebba612..7053d78c555c 100644
--- a/versions.txt
+++ b/versions.txt
@@ -2,6 +2,67 @@
 # module:released-version:current-version
 
 google-api-grpc:0.38.0:0.38.1-SNAPSHOT
+google-cloud:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-appengineflexcompat:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-appengineflexcustom:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-appengineflexjava:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-appenginejava8:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-asset:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-automl:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-bigquery:1.55.0:1.55.1-SNAPSHOT
+google-cloud-bigquerydatatransfer:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-bigquerystorage:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-bigtable:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-bigtable-admin:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-bigtable-emulator:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-bom:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-clients:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-compat-checker:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-compute:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-container:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-containeranalysis:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-contrib:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-core:1.55.0:1.55.1-SNAPSHOT
+google-cloud-core-grpc:1.55.0:1.55.1-SNAPSHOT
+google-cloud-core-http:1.55.0:1.55.1-SNAPSHOT
+google-cloud-dataproc:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-datastore:1.55.0:1.55.1-SNAPSHOT
+google-cloud-dialogflow:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-dlp:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-dns:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-errorreporting:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-examples:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-firestore:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-gcloud-maven-plugin:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-iamcredentials:0.0.0-alpha:0.0.1-alpha-SNAPSHOT
+google-cloud-iot:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-kms:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-language:1.55.0:1.55.1-SNAPSHOT
+google-cloud-logging:1.55.0:1.55.1-SNAPSHOT
+google-cloud-logging-logback:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-managedtest:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-monitoring:1.55.0:1.55.1-SNAPSHOT
+google-cloud-nio:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-nio-examples:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-notification:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-os-login:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-pubsub:1.55.0:1.55.1-SNAPSHOT
+google-cloud-redis:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-resourcemanager:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-scheduler:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-securitycenter:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-spanner:1.0.0:1.0.1-SNAPSHOT
+google-cloud-speech:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-storage:1.55.0:1.55.1-SNAPSHOT
+google-cloud-tasks:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-testing:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-texttospeech:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-trace:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-translate:1.55.0:1.55.1-SNAPSHOT
+google-cloud-util:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
+google-cloud-video-intelligence:0.73.0-beta:0.73.1-beta-SNAPSHOT
+google-cloud-vision:1.55.0:1.55.1-SNAPSHOT
+google-cloud-websecurityscanner:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
 grpc-google-cloud-asset-v1beta1:0.38.0:0.38.1-SNAPSHOT
 grpc-google-cloud-automl-v1beta1:0.38.0:0.38.1-SNAPSHOT
 grpc-google-cloud-bigquerydatatransfer-v1:0.38.0:0.38.1-SNAPSHOT
@@ -17,6 +78,7 @@ grpc-google-cloud-dialogflow-v2beta1:0.38.0:0.38.1-SNAPSHOT
 grpc-google-cloud-dlp-v2:0.38.0:0.38.1-SNAPSHOT
 grpc-google-cloud-error-reporting-v1beta1:0.38.0:0.38.1-SNAPSHOT
 grpc-google-cloud-firestore-v1beta1:0.38.0:0.38.1-SNAPSHOT
+grpc-google-cloud-iamcredentials-v1:0.0.0-alpha:0.0.1-alpha-SNAPSHOT
 grpc-google-cloud-iot-v1:0.38.0:0.38.1-SNAPSHOT
 grpc-google-cloud-kms-v1:0.38.0:0.38.1-SNAPSHOT
 grpc-google-cloud-language-v1:1.37.0:1.37.1-SNAPSHOT
@@ -67,6 +129,7 @@ proto-google-cloud-dialogflow-v2beta1:0.38.0:0.38.1-SNAPSHOT
 proto-google-cloud-dlp-v2:0.38.0:0.38.1-SNAPSHOT
 proto-google-cloud-error-reporting-v1beta1:0.38.0:0.38.1-SNAPSHOT
 proto-google-cloud-firestore-v1beta1:0.38.0:0.38.1-SNAPSHOT
+proto-google-cloud-iamcredentials-v1:0.0.0-alpha:0.0.1-alpha-SNAPSHOT
 proto-google-cloud-iot-v1:0.38.0:0.38.1-SNAPSHOT
 proto-google-cloud-kms-v1:0.38.0:0.38.1-SNAPSHOT
 proto-google-cloud-language-v1:1.37.0:1.37.1-SNAPSHOT
@@ -101,63 +164,3 @@ proto-google-cloud-vision-v1p1beta1:0.38.0:0.38.1-SNAPSHOT
 proto-google-cloud-vision-v1p2beta1:1.37.0:1.37.1-SNAPSHOT
 proto-google-cloud-vision-v1p3beta1:0.38.0:0.38.1-SNAPSHOT
 proto-google-cloud-websecurityscanner-v1alpha:0.38.0:0.38.1-SNAPSHOT
-google-cloud-clients:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-appengineflexcompat:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-appengineflexcustom:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-appengineflexjava:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-appenginejava8:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-asset:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-automl:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-bigquery:1.55.0:1.55.1-SNAPSHOT
-google-cloud-bigquerydatatransfer:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-bigquerystorage:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-bigtable:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-bigtable-admin:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-bom:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-compat-checker:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-compute:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-container:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-containeranalysis:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-contrib:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-core:1.55.0:1.55.1-SNAPSHOT
-google-cloud-core-grpc:1.55.0:1.55.1-SNAPSHOT
-google-cloud-core-http:1.55.0:1.55.1-SNAPSHOT
-google-cloud-dataproc:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-datastore:1.55.0:1.55.1-SNAPSHOT
-google-cloud-dialogflow:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-dlp:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-dns:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-errorreporting:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-examples:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-firestore:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-iot:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-kms:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-language:1.55.0:1.55.1-SNAPSHOT
-google-cloud-logging:1.55.0:1.55.1-SNAPSHOT
-google-cloud-logging-logback:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-managedtest:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-monitoring:1.55.0:1.55.1-SNAPSHOT
-google-cloud-nio:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-nio-examples:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-notification:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-os-login:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-pubsub:1.55.0:1.55.1-SNAPSHOT
-google-cloud-redis:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-resourcemanager:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-scheduler:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-securitycenter:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-spanner:1.0.0:1.0.1-SNAPSHOT
-google-cloud-speech:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-storage:1.55.0:1.55.1-SNAPSHOT
-google-cloud-tasks:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-texttospeech:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-testing:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-gcloud-maven-plugin:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-bigtable-emulator:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-trace:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-translate:1.55.0:1.55.1-SNAPSHOT
-google-cloud-util:0.73.0-alpha:0.73.1-alpha-SNAPSHOT
-google-cloud-video-intelligence:0.73.0-beta:0.73.1-beta-SNAPSHOT
-google-cloud-vision:1.55.0:1.55.1-SNAPSHOT
-google-cloud-websecurityscanner:0.73.0-alpha:0.73.1-alpha-SNAPSHOT