Package com.google.auth.oauth2
Class ExternalAccountAuthorizedUserCredentials
- java.lang.Object
-
- com.google.auth.Credentials
-
- com.google.auth.oauth2.OAuth2Credentials
-
- com.google.auth.oauth2.GoogleCredentials
-
- com.google.auth.oauth2.ExternalAccountAuthorizedUserCredentials
-
- All Implemented Interfaces:
QuotaProjectIdProvider
,java.io.Serializable
public class ExternalAccountAuthorizedUserCredentials extends GoogleCredentials
OAuth2 credentials sourced using external identities through Workforce Identity Federation.Obtaining the initial access and refresh token can be done through the Google Cloud CLI.
Example credentials file: { "type": "external_account_authorized_user", "audience": "//iam.googleapis.com/locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID", "refresh_token": "refreshToken", "token_url": "https://sts.googleapis.com/v1/oauthtoken", "token_info_url": "https://sts.googleapis.com/v1/introspect", "client_id": "clientId", "client_secret": "clientSecret" }
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
ExternalAccountAuthorizedUserCredentials.Builder
Builder forExternalAccountAuthorizedUserCredentials
.-
Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
-
Field Summary
Fields Modifier and Type Field Description private java.lang.String
audience
private java.lang.String
clientId
private java.lang.String
clientSecret
(package private) static java.lang.String
EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE
private static java.lang.String
PARSE_ERROR_PREFIX
private java.lang.String
refreshToken
private java.lang.String
revokeUrl
private static long
serialVersionUID
private java.lang.String
tokenInfoUrl
private java.lang.String
tokenUrl
private HttpTransportFactory
transportFactory
private java.lang.String
transportFactoryClassName
-
Fields inherited from class com.google.auth.oauth2.GoogleCredentials
GDCH_SERVICE_ACCOUNT_FILE_TYPE, QUOTA_PROJECT_ID_HEADER_KEY, quotaProjectId, SERVICE_ACCOUNT_FILE_TYPE, USER_FILE_TYPE
-
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
-
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
-
Constructor Summary
Constructors Modifier Constructor Description private
ExternalAccountAuthorizedUserCredentials(ExternalAccountAuthorizedUserCredentials.Builder builder)
Internal constructor.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private com.google.api.client.http.HttpRequest
buildRefreshRequest()
private boolean
canRefresh()
boolean
equals(java.lang.Object obj)
(package private) static ExternalAccountAuthorizedUserCredentials
fromJson(java.util.Map<java.lang.String,java.lang.Object> json, HttpTransportFactory transportFactory)
Returns external account authorized user credentials defined by JSON contents using the format supported by the Cloud SDK.static ExternalAccountAuthorizedUserCredentials
fromStream(java.io.InputStream credentialsStream)
Returns external account authorized user credentials defined by a JSON file stream.static ExternalAccountAuthorizedUserCredentials
fromStream(java.io.InputStream credentialsStream, HttpTransportFactory transportFactory)
Returns external account authorized user credentials defined by a JSON file stream.java.lang.String
getAudience()
java.lang.String
getClientId()
java.lang.String
getClientSecret()
java.lang.String
getRefreshToken()
java.lang.String
getRevokeUrl()
java.lang.String
getTokenInfoUrl()
java.lang.String
getTokenUrl()
int
hashCode()
static ExternalAccountAuthorizedUserCredentials.Builder
newBuilder()
private void
readObject(java.io.ObjectInputStream input)
AccessToken
refreshAccessToken()
Method to refresh the access token according to the specific type of credentials.ExternalAccountAuthorizedUserCredentials.Builder
toBuilder()
java.lang.String
toString()
-
Methods inherited from class com.google.auth.oauth2.GoogleCredentials
addQuotaProjectIdToRequestMetadata, create, create, createDelegated, createScoped, createScoped, createScoped, createScopedRequired, createWithCustomRetryStrategy, createWithQuotaProject, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getQuotaProjectId, getUniverseDomain, isDefaultUniverseDomain, isExplicitUniverseDomain, toStringHelper
-
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener
-
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
-
-
-
Field Detail
-
PARSE_ERROR_PREFIX
private static final java.lang.String PARSE_ERROR_PREFIX
- See Also:
- Constant Field Values
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE
static final java.lang.String EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE
- See Also:
- Constant Field Values
-
transportFactoryClassName
private final java.lang.String transportFactoryClassName
-
audience
private final java.lang.String audience
-
tokenUrl
private final java.lang.String tokenUrl
-
tokenInfoUrl
private final java.lang.String tokenInfoUrl
-
revokeUrl
private final java.lang.String revokeUrl
-
clientId
private final java.lang.String clientId
-
clientSecret
private final java.lang.String clientSecret
-
refreshToken
private java.lang.String refreshToken
-
transportFactory
private transient HttpTransportFactory transportFactory
-
-
Constructor Detail
-
ExternalAccountAuthorizedUserCredentials
private ExternalAccountAuthorizedUserCredentials(ExternalAccountAuthorizedUserCredentials.Builder builder)
Internal constructor.- Parameters:
builder
- A builder forExternalAccountAuthorizedUserCredentials
. SeeExternalAccountAuthorizedUserCredentials.Builder
-
-
Method Detail
-
fromStream
public static ExternalAccountAuthorizedUserCredentials fromStream(java.io.InputStream credentialsStream) throws java.io.IOException
Returns external account authorized user credentials defined by a JSON file stream.- Parameters:
credentialsStream
- the stream with the credential definition- Returns:
- the credential defined by the credentialsStream
- Throws:
java.io.IOException
- if the credential cannot be created from the stream
-
fromStream
public static ExternalAccountAuthorizedUserCredentials fromStream(java.io.InputStream credentialsStream, HttpTransportFactory transportFactory) throws java.io.IOException
Returns external account authorized user credentials defined by a JSON file stream.- Parameters:
credentialsStream
- the stream with the credential definitiontransportFactory
- the HTTP transport factory used to create the transport to get access tokens- Returns:
- the credential defined by the credentialsStream
- Throws:
java.io.IOException
- if the credential cannot be created from the stream
-
refreshAccessToken
public AccessToken refreshAccessToken() throws java.io.IOException
Description copied from class:OAuth2Credentials
Method to refresh the access token according to the specific type of credentials.Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
- Overrides:
refreshAccessToken
in classOAuth2Credentials
- Returns:
- never
- Throws:
java.io.IOException
-
getAudience
@Nullable public java.lang.String getAudience()
-
getClientId
@Nullable public java.lang.String getClientId()
-
getClientSecret
@Nullable public java.lang.String getClientSecret()
-
getRevokeUrl
@Nullable public java.lang.String getRevokeUrl()
-
getTokenUrl
@Nullable public java.lang.String getTokenUrl()
-
getTokenInfoUrl
@Nullable public java.lang.String getTokenInfoUrl()
-
getRefreshToken
@Nullable public java.lang.String getRefreshToken()
-
newBuilder
public static ExternalAccountAuthorizedUserCredentials.Builder newBuilder()
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classGoogleCredentials
-
toString
public java.lang.String toString()
- Overrides:
toString
in classGoogleCredentials
-
equals
public boolean equals(java.lang.Object obj)
- Overrides:
equals
in classGoogleCredentials
-
toBuilder
public ExternalAccountAuthorizedUserCredentials.Builder toBuilder()
- Overrides:
toBuilder
in classGoogleCredentials
-
fromJson
static ExternalAccountAuthorizedUserCredentials fromJson(java.util.Map<java.lang.String,java.lang.Object> json, HttpTransportFactory transportFactory) throws java.io.IOException
Returns external account authorized user credentials defined by JSON contents using the format supported by the Cloud SDK.- Parameters:
json
- a map from the JSON representing the credentialstransportFactory
- HTTP transport factory, creates the transport used to get access tokens- Returns:
- the external account authorized user credentials defined by the JSON
- Throws:
java.io.IOException
-
readObject
private void readObject(java.io.ObjectInputStream input) throws java.io.IOException, java.lang.ClassNotFoundException
- Throws:
java.io.IOException
java.lang.ClassNotFoundException
-
canRefresh
private boolean canRefresh()
-
buildRefreshRequest
private com.google.api.client.http.HttpRequest buildRefreshRequest() throws java.io.IOException
- Throws:
java.io.IOException
-
-