Package com.google.auth.oauth2
Class AwsCredentials
java.lang.Object
com.google.auth.Credentials
com.google.auth.oauth2.OAuth2Credentials
com.google.auth.oauth2.GoogleCredentials
com.google.auth.oauth2.ExternalAccountCredentials
com.google.auth.oauth2.AwsCredentials
- All Implemented Interfaces:
QuotaProjectIdProvider
,Serializable
Credentials representing an AWS third-party identity for calling Google APIs. AWS security
credentials are either sourced by calling EC2 metadata endpoints, environment variables, or a
user provided supplier method.
By default, attempts to exchange the external credential for a GCP access token.
- See Also:
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class com.google.auth.oauth2.ExternalAccountCredentials
ExternalAccountCredentials.CredentialSource, ExternalAccountCredentials.ServiceAccountImpersonationOptions, ExternalAccountCredentials.SubjectTokenTypes
Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
Field Summary
FieldsModifier and TypeFieldDescription(package private) static final String
private final AwsSecurityCredentialsSupplier
(package private) static final String
private final String
private final String
private final String
private static final long
private final ExternalAccountSupplierContext
Fields inherited from class com.google.auth.oauth2.ExternalAccountCredentials
DEFAULT_TOKEN_URL, EXECUTABLE_SOURCE_KEY, EXTERNAL_ACCOUNT_FILE_TYPE, impersonatedCredentials, PROGRAMMATIC_METRICS_HEADER_VALUE, transportFactory
Fields inherited from class com.google.auth.oauth2.GoogleCredentials
GDCH_SERVICE_ACCOUNT_FILE_TYPE, QUOTA_PROJECT_ID_HEADER_KEY, quotaProjectId, SERVICE_ACCOUNT_FILE_TYPE, USER_FILE_TYPE
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate String
buildSubjectToken
(AwsRequestSignature signature) createScoped
(Collection<String> newScopes) Clones the AwsCredentials with the specified scopes.private static com.google.api.client.json.GenericJson
formatTokenHeaderForSts
(String key, String value) (package private) AwsSecurityCredentialsSupplier
(package private) String
(package private) String
(package private) String
static AwsCredentials.Builder
static AwsCredentials.Builder
newBuilder
(AwsCredentials awsCredentials) Method to refresh the access token according to the specific type of credentials.Retrieves the external subject token to be exchanged for a Google Cloud access token.Methods inherited from class com.google.auth.oauth2.ExternalAccountCredentials
buildImpersonatedCredentials, exchangeExternalCredentialForAccessToken, fromJson, fromStream, fromStream, getAudience, getClientId, getClientSecret, getCredentialSource, getEnvironmentProvider, getRequestMetadata, getRequestMetadata, getScopes, getServiceAccountEmail, getServiceAccountImpersonationOptions, getServiceAccountImpersonationUrl, getSubjectTokenType, getTokenInfoUrl, getTokenUrl, getUniverseDomain, getWorkforcePoolUserProject, isWorkforcePoolConfiguration, validateServiceAccountImpersonationInfoUrl, validateTokenUrl
Methods inherited from class com.google.auth.oauth2.GoogleCredentials
addQuotaProjectIdToRequestMetadata, create, create, createDelegated, createScoped, createScoped, createScopedRequired, createWithCustomRetryStrategy, createWithQuotaProject, equals, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getQuotaProjectId, hashCode, isDefaultUniverseDomain, isExplicitUniverseDomain, toBuilder, toString, toStringHelper
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
Field Details
-
DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL
- See Also:
-
AWS_METRICS_HEADER_VALUE
- See Also:
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
awsSecurityCredentialsSupplier
-
supplierContext
-
regionalCredentialVerificationUrlOverride
-
regionalCredentialVerificationUrl
-
metricsHeaderValue
-
-
Constructor Details
-
AwsCredentials
AwsCredentials(AwsCredentials.Builder builder) Internal constructor. SeeAwsCredentials.Builder
.
-
-
Method Details
-
refreshAccessToken
Description copied from class:OAuth2Credentials
Method to refresh the access token according to the specific type of credentials.Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
- Overrides:
refreshAccessToken
in classOAuth2Credentials
- Returns:
- never
- Throws:
IOException
-
retrieveSubjectToken
Description copied from class:ExternalAccountCredentials
Retrieves the external subject token to be exchanged for a Google Cloud access token.Must be implemented by subclasses as the retrieval method is dependent on the credential source.
- Specified by:
retrieveSubjectToken
in classExternalAccountCredentials
- Returns:
- the external subject token
- Throws:
IOException
- if the subject token cannot be retrieved
-
createScoped
Clones the AwsCredentials with the specified scopes.- Overrides:
createScoped
in classGoogleCredentials
- Parameters:
newScopes
- Collection of scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
getCredentialSourceType
String getCredentialSourceType()- Overrides:
getCredentialSourceType
in classExternalAccountCredentials
-
buildSubjectToken
- Throws:
UnsupportedEncodingException
-
getRegionalCredentialVerificationUrl
String getRegionalCredentialVerificationUrl() -
getEnv
-
getAwsSecurityCredentialsSupplier
AwsSecurityCredentialsSupplier getAwsSecurityCredentialsSupplier() -
getRegionalCredentialVerificationUrlOverride
-
formatTokenHeaderForSts
-
newBuilder
-
newBuilder
-