Class GoogleCredentials
- java.lang.Object
-
- com.google.auth.Credentials
-
- com.google.auth.oauth2.OAuth2Credentials
-
- com.google.auth.oauth2.GoogleCredentials
-
- All Implemented Interfaces:
QuotaProjectIdProvider
,java.io.Serializable
- Direct Known Subclasses:
AppEngineCredentials
,CloudShellCredentials
,ComputeEngineCredentials
,ExternalAccountAuthorizedUserCredentials
,ExternalAccountCredentials
,GdchCredentials
,ImpersonatedCredentials
,ServiceAccountCredentials
,UserCredentials
public class GoogleCredentials extends OAuth2Credentials implements QuotaProjectIdProvider
Base type for credentials for authorizing calls to Google APIs using OAuth2.- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
GoogleCredentials.Builder
-
Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
-
Field Summary
Fields Modifier and Type Field Description private static DefaultCredentialsProvider
defaultCredentialsProvider
(package private) static java.lang.String
GDCH_SERVICE_ACCOUNT_FILE_TYPE
private boolean
isExplicitUniverseDomain
(package private) static java.lang.String
QUOTA_PROJECT_ID_HEADER_KEY
protected java.lang.String
quotaProjectId
private static long
serialVersionUID
(package private) static java.lang.String
SERVICE_ACCOUNT_FILE_TYPE
private java.lang.String
universeDomain
(package private) static java.lang.String
USER_FILE_TYPE
-
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
-
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
GoogleCredentials()
Default constructor.GoogleCredentials(AccessToken accessToken)
Deprecated.protected
GoogleCredentials(AccessToken accessToken, java.lang.String quotaProjectId)
Deprecated.protected
GoogleCredentials(AccessToken accessToken, java.time.Duration refreshMargin, java.time.Duration expirationMargin)
Deprecated.protected
GoogleCredentials(GoogleCredentials.Builder builder)
Constructor that relies on aGoogleCredentials.Builder
to provide all the necessary field values for initialization.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description (package private) static java.util.Map<java.lang.String,java.util.List<java.lang.String>>
addQuotaProjectIdToRequestMetadata(java.lang.String quotaProjectId, java.util.Map<java.lang.String,java.util.List<java.lang.String>> requestMetadata)
Adds quota project ID to requestMetadata if present.static GoogleCredentials
create(AccessToken accessToken)
Returns the credentials instance from the given access token.static GoogleCredentials
create(java.lang.String universeDomain, AccessToken accessToken)
Returns the credentials instance from the given access token and universe domain.GoogleCredentials
createDelegated(java.lang.String user)
If the credentials support domain-wide delegation, creates a copy of the identity so that it impersonates the specified user; otherwise, returns the same instance.GoogleCredentials
createScoped(java.lang.String... scopes)
If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.GoogleCredentials
createScoped(java.util.Collection<java.lang.String> scopes)
If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.GoogleCredentials
createScoped(java.util.Collection<java.lang.String> scopes, java.util.Collection<java.lang.String> defaultScopes)
If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance.boolean
createScopedRequired()
Indicates whether the credentials require scopes to be specified via a call tocreateScoped(java.util.Collection<java.lang.String>)
before use.GoogleCredentials
createWithCustomRetryStrategy(boolean defaultRetriesEnabled)
If the credentials support automatic retries, creates a copy of the identity with the provided retry strategyGoogleCredentials
createWithQuotaProject(java.lang.String quotaProject)
Creates a credential with the provided quota project.boolean
equals(java.lang.Object obj)
static GoogleCredentials
fromStream(java.io.InputStream credentialsStream)
Returns credentials defined by a JSON file stream.static GoogleCredentials
fromStream(java.io.InputStream credentialsStream, HttpTransportFactory transportFactory)
Returns credentials defined by a JSON file stream.protected java.util.Map<java.lang.String,java.util.List<java.lang.String>>
getAdditionalHeaders()
Provide additional headers to return as request metadata.static GoogleCredentials
getApplicationDefault()
Returns the Application Default Credentials.static GoogleCredentials
getApplicationDefault(HttpTransportFactory transportFactory)
Returns the Application Default Credentials.java.lang.String
getQuotaProjectId()
java.lang.String
getUniverseDomain()
Gets the universe domain for the credential.int
hashCode()
(package private) boolean
isDefaultUniverseDomain()
Checks if universe domain equals toCredentials.GOOGLE_DEFAULT_UNIVERSE
.protected boolean
isExplicitUniverseDomain()
Gets the flag indicating whether universeDomain was explicitly set by the developer.static GoogleCredentials.Builder
newBuilder()
GoogleCredentials.Builder
toBuilder()
java.lang.String
toString()
protected com.google.common.base.MoreObjects.ToStringHelper
toStringHelper()
A helper for overriding the toString() method.-
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshAccessToken, refreshIfExpired, removeChangeListener
-
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
QUOTA_PROJECT_ID_HEADER_KEY
static final java.lang.String QUOTA_PROJECT_ID_HEADER_KEY
- See Also:
- Constant Field Values
-
USER_FILE_TYPE
static final java.lang.String USER_FILE_TYPE
- See Also:
- Constant Field Values
-
SERVICE_ACCOUNT_FILE_TYPE
static final java.lang.String SERVICE_ACCOUNT_FILE_TYPE
- See Also:
- Constant Field Values
-
GDCH_SERVICE_ACCOUNT_FILE_TYPE
static final java.lang.String GDCH_SERVICE_ACCOUNT_FILE_TYPE
- See Also:
- Constant Field Values
-
universeDomain
private final java.lang.String universeDomain
-
isExplicitUniverseDomain
private final boolean isExplicitUniverseDomain
-
quotaProjectId
protected final java.lang.String quotaProjectId
-
defaultCredentialsProvider
private static final DefaultCredentialsProvider defaultCredentialsProvider
-
-
Constructor Detail
-
GoogleCredentials
protected GoogleCredentials()
Default constructor.
-
GoogleCredentials
@Deprecated protected GoogleCredentials(AccessToken accessToken, java.lang.String quotaProjectId)
Deprecated.Constructor with an explicit access token and quotaProjectId.Deprecated, please use the
GoogleCredentials(Builder)
constructor whenever possible.- Parameters:
accessToken
- initial or temporary access tokenquotaProjectId
- a quotaProjectId, a project id to be used for billing purposes
-
GoogleCredentials
@Deprecated public GoogleCredentials(AccessToken accessToken)
Deprecated.Constructor with explicit access token.- Parameters:
accessToken
- initial or temporary access token
-
GoogleCredentials
protected GoogleCredentials(GoogleCredentials.Builder builder)
Constructor that relies on aGoogleCredentials.Builder
to provide all the necessary field values for initialization.- Parameters:
builder
- an instance of a builder
-
GoogleCredentials
@Deprecated protected GoogleCredentials(AccessToken accessToken, java.time.Duration refreshMargin, java.time.Duration expirationMargin)
Deprecated.Constructor with explicit access token and refresh margins.Deprecated, please use the
GoogleCredentials(Builder)
constructor whenever possible.- Parameters:
accessToken
- initial or temporary access token
-
-
Method Detail
-
create
public static GoogleCredentials create(AccessToken accessToken)
Returns the credentials instance from the given access token.- Parameters:
accessToken
- the access token- Returns:
- the credentials instance
-
create
public static GoogleCredentials create(java.lang.String universeDomain, AccessToken accessToken)
Returns the credentials instance from the given access token and universe domain.- Parameters:
universeDomain
- the universe domainaccessToken
- the access token- Returns:
- the credentials instance
-
getApplicationDefault
public static GoogleCredentials getApplicationDefault() throws java.io.IOException
Returns the Application Default Credentials.Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:
- Credentials file pointed to by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable - Credentials provided by the Google Cloud SDK.
gcloud auth application-default login
for user account credentials.gcloud auth application-default login --impersonate-service-account
for impersonated service account credentials.
- Google App Engine built-in credentials
- Google Cloud Shell built-in credentials
- Google Compute Engine built-in credentials
- Returns:
- the credentials instance.
- Throws:
java.io.IOException
- if the credentials cannot be created in the current environment.
- Credentials file pointed to by the
-
getApplicationDefault
public static GoogleCredentials getApplicationDefault(HttpTransportFactory transportFactory) throws java.io.IOException
Returns the Application Default Credentials.Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:
- Credentials file pointed to by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable - Credentials provided by the Google Cloud SDK
gcloud auth application-default login
command - Google App Engine built-in credentials
- Google Cloud Shell built-in credentials
- Google Compute Engine built-in credentials
- Parameters:
transportFactory
- HTTP transport factory, creates the transport used to get access tokens.- Returns:
- the credentials instance.
- Throws:
java.io.IOException
- if the credentials cannot be created in the current environment.
- Credentials file pointed to by the
-
fromStream
public static GoogleCredentials fromStream(java.io.InputStream credentialsStream) throws java.io.IOException
Returns credentials defined by a JSON file stream.The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.
- Parameters:
credentialsStream
- the stream with the credential definition.- Returns:
- the credential defined by the credentialsStream.
- Throws:
java.io.IOException
- if the credential cannot be created from the stream.
-
fromStream
public static GoogleCredentials fromStream(java.io.InputStream credentialsStream, HttpTransportFactory transportFactory) throws java.io.IOException
Returns credentials defined by a JSON file stream.The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.
- Parameters:
credentialsStream
- the stream with the credential definition.transportFactory
- HTTP transport factory, creates the transport used to get access tokens.- Returns:
- the credential defined by the credentialsStream.
- Throws:
java.io.IOException
- if the credential cannot be created from the stream.
-
createWithQuotaProject
public GoogleCredentials createWithQuotaProject(java.lang.String quotaProject)
Creates a credential with the provided quota project.- Parameters:
quotaProject
- the quota project to set on the credential- Returns:
- credential with the provided quota project
-
getUniverseDomain
public java.lang.String getUniverseDomain() throws java.io.IOException
Gets the universe domain for the credential.- Overrides:
getUniverseDomain
in classCredentials
- Returns:
- An explicit universe domain if it was explicitly provided, invokes the super implementation otherwise
- Throws:
java.io.IOException
- extending classes might have to do remote calls to determine the universe domain. The exception must implementRetryable
andisRetryable()
will return true if the operation may be retried.
-
isExplicitUniverseDomain
protected boolean isExplicitUniverseDomain()
Gets the flag indicating whether universeDomain was explicitly set by the developer.If subclass has a requirement to give priority to developer-set universeDomain, this property must be used to check if the universeDomain value was provided by the user. It could be a default otherwise.
- Returns:
- true if universeDomain value was provided by the developer, false otherwise
-
isDefaultUniverseDomain
boolean isDefaultUniverseDomain() throws java.io.IOException
Checks if universe domain equals toCredentials.GOOGLE_DEFAULT_UNIVERSE
.- Returns:
- true if universe domain equals to
Credentials.GOOGLE_DEFAULT_UNIVERSE
, false otherwise - Throws:
java.io.IOException
-
addQuotaProjectIdToRequestMetadata
static java.util.Map<java.lang.String,java.util.List<java.lang.String>> addQuotaProjectIdToRequestMetadata(java.lang.String quotaProjectId, java.util.Map<java.lang.String,java.util.List<java.lang.String>> requestMetadata)
Adds quota project ID to requestMetadata if present.- Returns:
- a new map with quotaProjectId added if needed
-
getAdditionalHeaders
protected java.util.Map<java.lang.String,java.util.List<java.lang.String>> getAdditionalHeaders()
Description copied from class:OAuth2Credentials
Provide additional headers to return as request metadata.- Overrides:
getAdditionalHeaders
in classOAuth2Credentials
- Returns:
- additional headers
-
toStringHelper
protected com.google.common.base.MoreObjects.ToStringHelper toStringHelper()
A helper for overriding the toString() method. This allows inheritance of super class fields. Extending classes can override this implementation and call super implementation and add more fields. Same cannot be done with overriding the toString() directly.- Returns:
- an instance of the ToStringHelper that has public fields added
-
toString
public java.lang.String toString()
- Overrides:
toString
in classOAuth2Credentials
-
equals
public boolean equals(java.lang.Object obj)
- Overrides:
equals
in classOAuth2Credentials
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classOAuth2Credentials
-
newBuilder
public static GoogleCredentials.Builder newBuilder()
-
toBuilder
public GoogleCredentials.Builder toBuilder()
- Overrides:
toBuilder
in classOAuth2Credentials
-
getQuotaProjectId
public java.lang.String getQuotaProjectId()
- Specified by:
getQuotaProjectId
in interfaceQuotaProjectIdProvider
- Returns:
- the quota project ID used for quota and billing purposes
-
createScopedRequired
public boolean createScopedRequired()
Indicates whether the credentials require scopes to be specified via a call tocreateScoped(java.util.Collection<java.lang.String>)
before use.- Returns:
- Whether the credentials require scopes to be specified.
-
createScoped
public GoogleCredentials createScoped(java.util.Collection<java.lang.String> scopes)
If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.- Parameters:
scopes
- Collection of scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
createScoped
public GoogleCredentials createScoped(java.util.Collection<java.lang.String> scopes, java.util.Collection<java.lang.String> defaultScopes)
If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance. This is mainly used by client libraries.- Parameters:
scopes
- Collection of scopes to request.defaultScopes
- Collection of default scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
createScoped
public GoogleCredentials createScoped(java.lang.String... scopes)
If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.- Parameters:
scopes
- Collection of scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
createWithCustomRetryStrategy
public GoogleCredentials createWithCustomRetryStrategy(boolean defaultRetriesEnabled)
If the credentials support automatic retries, creates a copy of the identity with the provided retry strategy- Parameters:
defaultRetriesEnabled
- a flag enabling or disabling default retries- Returns:
- GoogleCredentials with the new default retries configuration.
-
createDelegated
public GoogleCredentials createDelegated(java.lang.String user)
If the credentials support domain-wide delegation, creates a copy of the identity so that it impersonates the specified user; otherwise, returns the same instance.- Parameters:
user
- User to impersonate.- Returns:
- GoogleCredentials with a delegated user.
-
-