Package com.google.auth.oauth2
Class ExternalAccountAuthorizedUserCredentials
java.lang.Object
com.google.auth.Credentials
com.google.auth.oauth2.OAuth2Credentials
com.google.auth.oauth2.GoogleCredentials
com.google.auth.oauth2.ExternalAccountAuthorizedUserCredentials
- All Implemented Interfaces:
QuotaProjectIdProvider
,Serializable
OAuth2 credentials sourced using external identities through Workforce Identity Federation.
Obtaining the initial access and refresh token can be done through the Google Cloud CLI.
Example credentials file: { "type": "external_account_authorized_user", "audience": "//iam.googleapis.com/locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID", "refresh_token": "refreshToken", "token_url": "https://sts.googleapis.com/v1/oauthtoken", "token_info_url": "https://sts.googleapis.com/v1/introspect", "client_id": "clientId", "client_secret": "clientSecret" }
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic class
Builder forExternalAccountAuthorizedUserCredentials
.Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final String
private final String
private final String
(package private) static final String
private static final String
private String
private final String
private static final long
private final String
private final String
private HttpTransportFactory
private final String
Fields inherited from class com.google.auth.oauth2.GoogleCredentials
GDCH_SERVICE_ACCOUNT_FILE_TYPE, QUOTA_PROJECT_ID_HEADER_KEY, quotaProjectId, SERVICE_ACCOUNT_FILE_TYPE, USER_FILE_TYPE
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprivate
Internal constructor. -
Method Summary
Modifier and TypeMethodDescriptionprivate com.google.api.client.http.HttpRequest
private boolean
boolean
(package private) static ExternalAccountAuthorizedUserCredentials
fromJson
(Map<String, Object> json, HttpTransportFactory transportFactory) Returns external account authorized user credentials defined by JSON contents using the format supported by the Cloud SDK.fromStream
(InputStream credentialsStream) Returns external account authorized user credentials defined by a JSON file stream.fromStream
(InputStream credentialsStream, HttpTransportFactory transportFactory) Returns external account authorized user credentials defined by a JSON file stream.int
hashCode()
private void
readObject
(ObjectInputStream input) Method to refresh the access token according to the specific type of credentials.toString()
Methods inherited from class com.google.auth.oauth2.GoogleCredentials
addQuotaProjectIdToRequestMetadata, create, create, createDelegated, createScoped, createScoped, createScoped, createScopedRequired, createWithCustomRetryStrategy, createWithQuotaProject, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getQuotaProjectId, getUniverseDomain, isDefaultUniverseDomain, isExplicitUniverseDomain, toStringHelper
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
Field Details
-
PARSE_ERROR_PREFIX
- See Also:
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE
- See Also:
-
transportFactoryClassName
-
audience
-
tokenUrl
-
tokenInfoUrl
-
revokeUrl
-
clientId
-
clientSecret
-
refreshToken
-
transportFactory
-
-
Constructor Details
-
ExternalAccountAuthorizedUserCredentials
private ExternalAccountAuthorizedUserCredentials(ExternalAccountAuthorizedUserCredentials.Builder builder) Internal constructor.- Parameters:
builder
- A builder forExternalAccountAuthorizedUserCredentials
. SeeExternalAccountAuthorizedUserCredentials.Builder
-
-
Method Details
-
fromStream
public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream) throws IOException Returns external account authorized user credentials defined by a JSON file stream.- Parameters:
credentialsStream
- the stream with the credential definition- Returns:
- the credential defined by the credentialsStream
- Throws:
IOException
- if the credential cannot be created from the stream
-
fromStream
public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory) throws IOException Returns external account authorized user credentials defined by a JSON file stream.- Parameters:
credentialsStream
- the stream with the credential definitiontransportFactory
- the HTTP transport factory used to create the transport to get access tokens- Returns:
- the credential defined by the credentialsStream
- Throws:
IOException
- if the credential cannot be created from the stream
-
refreshAccessToken
Description copied from class:OAuth2Credentials
Method to refresh the access token according to the specific type of credentials.Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
- Overrides:
refreshAccessToken
in classOAuth2Credentials
- Returns:
- never
- Throws:
IOException
-
getAudience
-
getClientId
-
getClientSecret
-
getRevokeUrl
-
getTokenUrl
-
getTokenInfoUrl
-
getRefreshToken
-
newBuilder
-
hashCode
public int hashCode()- Overrides:
hashCode
in classGoogleCredentials
-
toString
- Overrides:
toString
in classGoogleCredentials
-
equals
- Overrides:
equals
in classGoogleCredentials
-
toBuilder
- Overrides:
toBuilder
in classGoogleCredentials
-
fromJson
static ExternalAccountAuthorizedUserCredentials fromJson(Map<String, Object> json, HttpTransportFactory transportFactory) throws IOExceptionReturns external account authorized user credentials defined by JSON contents using the format supported by the Cloud SDK.- Parameters:
json
- a map from the JSON representing the credentialstransportFactory
- HTTP transport factory, creates the transport used to get access tokens- Returns:
- the external account authorized user credentials defined by the JSON
- Throws:
IOException
-
readObject
- Throws:
IOException
ClassNotFoundException
-
canRefresh
private boolean canRefresh() -
buildRefreshRequest
- Throws:
IOException
-