Class JwtCredentials
- java.lang.Object
-
- com.google.auth.Credentials
-
- com.google.auth.oauth2.JwtCredentials
-
- All Implemented Interfaces:
JwtProvider
,java.io.Serializable
public class JwtCredentials extends Credentials implements JwtProvider
Credentials class for calling Google APIs using a JWT with custom claims.Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.
JwtClaims claims = JwtClaims.newBuilder() .setAudience("https://example.com/some-audience") .setIssuer("some-issuer@example.com") .setSubject("some-subject@example.com") .build(); Credentials = JwtCredentials.newBuilder() .setPrivateKey(privateKey) .setPrivateKeyId("private-key-id") .setJwtClaims(claims) .build();
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
JwtCredentials.Builder
-
Field Summary
Fields Modifier and Type Field Description (package private) com.google.api.client.util.Clock
clock
private static long
CLOCK_SKEW
private java.lang.Long
expiryInSeconds
private java.lang.String
jwt
private static java.lang.String
JWT_ACCESS_PREFIX
private static java.lang.String
JWT_INCOMPLETE_ERROR_MESSAGE
private JwtClaims
jwtClaims
private java.lang.Long
lifeSpanSeconds
private java.lang.Object
lock
private java.security.PrivateKey
privateKey
private java.lang.String
privateKeyId
-
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
-
Constructor Summary
Constructors Modifier Constructor Description private
JwtCredentials(JwtCredentials.Builder builder)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(java.lang.Object obj)
java.lang.String
getAuthenticationType()
A constant string name describing the authentication technology.(package private) com.google.api.client.util.Clock
getClock()
java.util.Map<java.lang.String,java.util.List<java.lang.String>>
getRequestMetadata(java.net.URI uri)
Get the current request metadata in a blocking manner, refreshing tokens if required.int
hashCode()
boolean
hasRequestMetadata()
Whether the credentials have metadata entries that should be added to each request.boolean
hasRequestMetadataOnly()
Indicates whether or not the Auth mechanism works purely by including request metadata.JwtCredentials
jwtWithClaims(JwtClaims newClaims)
Returns a copy of these credentials with modified claims.static JwtCredentials.Builder
newBuilder()
void
refresh()
Refresh the token by discarding the cached token and metadata and rebuilding a new one.private boolean
shouldRefresh()
-
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata, getRequestMetadata, getUniverseDomain
-
-
-
-
Field Detail
-
JWT_ACCESS_PREFIX
private static final java.lang.String JWT_ACCESS_PREFIX
- See Also:
- Constant Field Values
-
JWT_INCOMPLETE_ERROR_MESSAGE
private static final java.lang.String JWT_INCOMPLETE_ERROR_MESSAGE
- See Also:
- Constant Field Values
-
CLOCK_SKEW
private static final long CLOCK_SKEW
-
lock
private final java.lang.Object lock
-
privateKey
private final java.security.PrivateKey privateKey
-
privateKeyId
private final java.lang.String privateKeyId
-
jwtClaims
private final JwtClaims jwtClaims
-
lifeSpanSeconds
private final java.lang.Long lifeSpanSeconds
-
clock
transient com.google.api.client.util.Clock clock
-
jwt
private transient java.lang.String jwt
-
expiryInSeconds
private transient java.lang.Long expiryInSeconds
-
-
Constructor Detail
-
JwtCredentials
private JwtCredentials(JwtCredentials.Builder builder)
-
-
Method Detail
-
newBuilder
public static JwtCredentials.Builder newBuilder()
-
refresh
public void refresh() throws java.io.IOException
Refresh the token by discarding the cached token and metadata and rebuilding a new one.- Specified by:
refresh
in classCredentials
- Throws:
java.io.IOException
- if there was an error getting up-to-date access.
-
shouldRefresh
private boolean shouldRefresh()
-
jwtWithClaims
public JwtCredentials jwtWithClaims(JwtClaims newClaims)
Returns a copy of these credentials with modified claims.- Specified by:
jwtWithClaims
in interfaceJwtProvider
- Parameters:
newClaims
- new claims. Any unspecified claim fields default to the the current values.- Returns:
- new credentials
-
getAuthenticationType
public java.lang.String getAuthenticationType()
Description copied from class:Credentials
A constant string name describing the authentication technology.E.g. “OAuth2”, “SSL”. For use by the transport layer to determine whether it supports the type of authentication in the case where
Credentials.hasRequestMetadataOnly()
is false. Also serves as a debugging helper.- Specified by:
getAuthenticationType
in classCredentials
- Returns:
- The type of authentication used.
-
getRequestMetadata
public java.util.Map<java.lang.String,java.util.List<java.lang.String>> getRequestMetadata(java.net.URI uri) throws java.io.IOException
Description copied from class:Credentials
Get the current request metadata in a blocking manner, refreshing tokens if required.This should be called by the transport layer on each request, and the data should be populated in headers or other context. The operation can block and fail to complete and may do things such as refreshing access tokens.
The convention for handling binary data is for the key in the returned map to end with
"-bin"
and for the corresponding values to be base64 encoded.- Specified by:
getRequestMetadata
in classCredentials
- Parameters:
uri
- URI of the entry point for the request.- Returns:
- The request metadata used for populating headers or other context.
- Throws:
java.io.IOException
- if there was an error getting up-to-date access. The exception should implementRetryable
andisRetryable()
will return true if the operation may be retried.
-
hasRequestMetadata
public boolean hasRequestMetadata()
Description copied from class:Credentials
Whether the credentials have metadata entries that should be added to each request.This should be called by the transport layer to see if
Credentials.getRequestMetadata()
should be used for each request.- Specified by:
hasRequestMetadata
in classCredentials
- Returns:
- Whether or not the transport layer should call
Credentials.getRequestMetadata()
-
hasRequestMetadataOnly
public boolean hasRequestMetadataOnly()
Description copied from class:Credentials
Indicates whether or not the Auth mechanism works purely by including request metadata.This is meant for the transport layer. If this is true a transport does not need to take actions other than including the request metadata. If this is false, a transport must specifically know about the authentication technology to support it, and should fail to accept the credentials otherwise.
- Specified by:
hasRequestMetadataOnly
in classCredentials
- Returns:
- Whether or not the Auth mechanism works purely by including request metadata.
-
equals
public boolean equals(java.lang.Object obj)
- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classjava.lang.Object
-
getClock
com.google.api.client.util.Clock getClock()
-
-