Class GoogleCredentials

    • Field Detail

      • QUOTA_PROJECT_ID_HEADER_KEY

        static final java.lang.String QUOTA_PROJECT_ID_HEADER_KEY
        See Also:
        Constant Field Values
      • SERVICE_ACCOUNT_FILE_TYPE

        static final java.lang.String SERVICE_ACCOUNT_FILE_TYPE
        See Also:
        Constant Field Values
      • GDCH_SERVICE_ACCOUNT_FILE_TYPE

        static final java.lang.String GDCH_SERVICE_ACCOUNT_FILE_TYPE
        See Also:
        Constant Field Values
      • universeDomain

        private final java.lang.String universeDomain
      • isExplicitUniverseDomain

        private final boolean isExplicitUniverseDomain
      • quotaProjectId

        protected final java.lang.String quotaProjectId
    • Constructor Detail

      • GoogleCredentials

        protected GoogleCredentials()
        Default constructor.
      • GoogleCredentials

        @Deprecated
        protected GoogleCredentials​(AccessToken accessToken,
                                    java.lang.String quotaProjectId)
        Deprecated.
        Constructor with an explicit access token and quotaProjectId.

        Deprecated, please use the GoogleCredentials(Builder) constructor whenever possible.

        Parameters:
        accessToken - initial or temporary access token
        quotaProjectId - a quotaProjectId, a project id to be used for billing purposes
      • GoogleCredentials

        @Deprecated
        public GoogleCredentials​(AccessToken accessToken)
        Deprecated.
        Constructor with explicit access token.
        Parameters:
        accessToken - initial or temporary access token
      • GoogleCredentials

        protected GoogleCredentials​(GoogleCredentials.Builder builder)
        Constructor that relies on a GoogleCredentials.Builder to provide all the necessary field values for initialization.
        Parameters:
        builder - an instance of a builder
      • GoogleCredentials

        @Deprecated
        protected GoogleCredentials​(AccessToken accessToken,
                                    java.time.Duration refreshMargin,
                                    java.time.Duration expirationMargin)
        Deprecated.
        Constructor with explicit access token and refresh margins.

        Deprecated, please use the GoogleCredentials(Builder) constructor whenever possible.

        Parameters:
        accessToken - initial or temporary access token
    • Method Detail

      • create

        public static GoogleCredentials create​(AccessToken accessToken)
        Returns the credentials instance from the given access token.
        Parameters:
        accessToken - the access token
        Returns:
        the credentials instance
      • create

        public static GoogleCredentials create​(java.lang.String universeDomain,
                                               AccessToken accessToken)
        Returns the credentials instance from the given access token and universe domain.
        Parameters:
        universeDomain - the universe domain
        accessToken - the access token
        Returns:
        the credentials instance
      • getApplicationDefault

        public static GoogleCredentials getApplicationDefault()
                                                       throws java.io.IOException
        Returns the Application Default Credentials.

        Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:

        1. Credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
        2. Credentials provided by the Google Cloud SDK.
          1. gcloud auth application-default login for user account credentials.
          2. gcloud auth application-default login --impersonate-service-account for impersonated service account credentials.
        3. Google App Engine built-in credentials
        4. Google Cloud Shell built-in credentials
        5. Google Compute Engine built-in credentials
        Returns:
        the credentials instance.
        Throws:
        java.io.IOException - if the credentials cannot be created in the current environment.
      • getApplicationDefault

        public static GoogleCredentials getApplicationDefault​(HttpTransportFactory transportFactory)
                                                       throws java.io.IOException
        Returns the Application Default Credentials.

        Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:

        1. Credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
        2. Credentials provided by the Google Cloud SDK gcloud auth application-default login command
        3. Google App Engine built-in credentials
        4. Google Cloud Shell built-in credentials
        5. Google Compute Engine built-in credentials
        Parameters:
        transportFactory - HTTP transport factory, creates the transport used to get access tokens.
        Returns:
        the credentials instance.
        Throws:
        java.io.IOException - if the credentials cannot be created in the current environment.
      • fromStream

        public static GoogleCredentials fromStream​(java.io.InputStream credentialsStream)
                                            throws java.io.IOException
        Returns credentials defined by a JSON file stream.

        The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.

        Parameters:
        credentialsStream - the stream with the credential definition.
        Returns:
        the credential defined by the credentialsStream.
        Throws:
        java.io.IOException - if the credential cannot be created from the stream.
      • fromStream

        public static GoogleCredentials fromStream​(java.io.InputStream credentialsStream,
                                                   HttpTransportFactory transportFactory)
                                            throws java.io.IOException
        Returns credentials defined by a JSON file stream.

        The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.

        Parameters:
        credentialsStream - the stream with the credential definition.
        transportFactory - HTTP transport factory, creates the transport used to get access tokens.
        Returns:
        the credential defined by the credentialsStream.
        Throws:
        java.io.IOException - if the credential cannot be created from the stream.
      • createWithQuotaProject

        public GoogleCredentials createWithQuotaProject​(java.lang.String quotaProject)
        Creates a credential with the provided quota project.
        Parameters:
        quotaProject - the quota project to set on the credential
        Returns:
        credential with the provided quota project
      • getUniverseDomain

        public java.lang.String getUniverseDomain()
                                           throws java.io.IOException
        Gets the universe domain for the credential.
        Overrides:
        getUniverseDomain in class Credentials
        Returns:
        An explicit universe domain if it was explicitly provided, invokes the super implementation otherwise
        Throws:
        java.io.IOException - extending classes might have to do remote calls to determine the universe domain. The exception must implement Retryable and isRetryable() will return true if the operation may be retried.
      • isExplicitUniverseDomain

        protected boolean isExplicitUniverseDomain()
        Gets the flag indicating whether universeDomain was explicitly set by the developer.

        If subclass has a requirement to give priority to developer-set universeDomain, this property must be used to check if the universeDomain value was provided by the user. It could be a default otherwise.

        Returns:
        true if universeDomain value was provided by the developer, false otherwise
      • addQuotaProjectIdToRequestMetadata

        static java.util.Map<java.lang.String,​java.util.List<java.lang.String>> addQuotaProjectIdToRequestMetadata​(java.lang.String quotaProjectId,
                                                                                                                         java.util.Map<java.lang.String,​java.util.List<java.lang.String>> requestMetadata)
        Adds quota project ID to requestMetadata if present.
        Returns:
        a new map with quotaProjectId added if needed
      • getAdditionalHeaders

        protected java.util.Map<java.lang.String,​java.util.List<java.lang.String>> getAdditionalHeaders()
        Description copied from class: OAuth2Credentials
        Provide additional headers to return as request metadata.
        Overrides:
        getAdditionalHeaders in class OAuth2Credentials
        Returns:
        additional headers
      • toStringHelper

        protected com.google.common.base.MoreObjects.ToStringHelper toStringHelper()
        A helper for overriding the toString() method. This allows inheritance of super class fields. Extending classes can override this implementation and call super implementation and add more fields. Same cannot be done with overriding the toString() directly.
        Returns:
        an instance of the ToStringHelper that has public fields added
      • getQuotaProjectId

        public java.lang.String getQuotaProjectId()
        Specified by:
        getQuotaProjectId in interface QuotaProjectIdProvider
        Returns:
        the quota project ID used for quota and billing purposes
      • createScopedRequired

        public boolean createScopedRequired()
        Indicates whether the credentials require scopes to be specified via a call to createScoped(java.util.Collection<java.lang.String>) before use.
        Returns:
        Whether the credentials require scopes to be specified.
      • createScoped

        public GoogleCredentials createScoped​(java.util.Collection<java.lang.String> scopes)
        If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.
        Parameters:
        scopes - Collection of scopes to request.
        Returns:
        GoogleCredentials with requested scopes.
      • createScoped

        public GoogleCredentials createScoped​(java.util.Collection<java.lang.String> scopes,
                                              java.util.Collection<java.lang.String> defaultScopes)
        If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance. This is mainly used by client libraries.
        Parameters:
        scopes - Collection of scopes to request.
        defaultScopes - Collection of default scopes to request.
        Returns:
        GoogleCredentials with requested scopes.
      • createScoped

        public GoogleCredentials createScoped​(java.lang.String... scopes)
        If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.
        Parameters:
        scopes - Collection of scopes to request.
        Returns:
        GoogleCredentials with requested scopes.
      • createWithCustomRetryStrategy

        public GoogleCredentials createWithCustomRetryStrategy​(boolean defaultRetriesEnabled)
        If the credentials support automatic retries, creates a copy of the identity with the provided retry strategy
        Parameters:
        defaultRetriesEnabled - a flag enabling or disabling default retries
        Returns:
        GoogleCredentials with the new default retries configuration.
      • createDelegated

        public GoogleCredentials createDelegated​(java.lang.String user)
        If the credentials support domain-wide delegation, creates a copy of the identity so that it impersonates the specified user; otherwise, returns the same instance.
        Parameters:
        user - User to impersonate.
        Returns:
        GoogleCredentials with a delegated user.