Class JwtCredentials

  • All Implemented Interfaces:
    JwtProvider, java.io.Serializable

    public class JwtCredentials
    extends Credentials
    implements JwtProvider
    Credentials class for calling Google APIs using a JWT with custom claims.

    Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.

    
     JwtClaims claims = JwtClaims.newBuilder()
         .setAudience("https://example.com/some-audience")
         .setIssuer("some-issuer@example.com")
         .setSubject("some-subject@example.com")
         .build();
     Credentials = JwtCredentials.newBuilder()
         .setPrivateKey(privateKey)
         .setPrivateKeyId("private-key-id")
         .setJwtClaims(claims)
         .build();
     
    See Also:
    Serialized Form
    • Field Detail

      • JWT_ACCESS_PREFIX

        private static final java.lang.String JWT_ACCESS_PREFIX
        See Also:
        Constant Field Values
      • JWT_INCOMPLETE_ERROR_MESSAGE

        private static final java.lang.String JWT_INCOMPLETE_ERROR_MESSAGE
        See Also:
        Constant Field Values
      • CLOCK_SKEW

        private static final long CLOCK_SKEW
      • lock

        private final java.lang.Object lock
      • privateKey

        private final java.security.PrivateKey privateKey
      • privateKeyId

        private final java.lang.String privateKeyId
      • jwtClaims

        private final JwtClaims jwtClaims
      • lifeSpanSeconds

        private final java.lang.Long lifeSpanSeconds
      • clock

        transient com.google.api.client.util.Clock clock
      • jwt

        private transient java.lang.String jwt
      • expiryInSeconds

        private transient java.lang.Long expiryInSeconds
    • Method Detail

      • refresh

        public void refresh()
                     throws java.io.IOException
        Refresh the token by discarding the cached token and metadata and rebuilding a new one.
        Specified by:
        refresh in class Credentials
        Throws:
        java.io.IOException - if there was an error getting up-to-date access.
      • shouldRefresh

        private boolean shouldRefresh()
      • jwtWithClaims

        public JwtCredentials jwtWithClaims​(JwtClaims newClaims)
        Returns a copy of these credentials with modified claims.
        Specified by:
        jwtWithClaims in interface JwtProvider
        Parameters:
        newClaims - new claims. Any unspecified claim fields default to the the current values.
        Returns:
        new credentials
      • getAuthenticationType

        public java.lang.String getAuthenticationType()
        Description copied from class: Credentials
        A constant string name describing the authentication technology.

        E.g. “OAuth2”, “SSL”. For use by the transport layer to determine whether it supports the type of authentication in the case where Credentials.hasRequestMetadataOnly() is false. Also serves as a debugging helper.

        Specified by:
        getAuthenticationType in class Credentials
        Returns:
        The type of authentication used.
      • getRequestMetadata

        public java.util.Map<java.lang.String,​java.util.List<java.lang.String>> getRequestMetadata​(java.net.URI uri)
                                                                                                  throws java.io.IOException
        Description copied from class: Credentials
        Get the current request metadata in a blocking manner, refreshing tokens if required.

        This should be called by the transport layer on each request, and the data should be populated in headers or other context. The operation can block and fail to complete and may do things such as refreshing access tokens.

        The convention for handling binary data is for the key in the returned map to end with "-bin" and for the corresponding values to be base64 encoded.

        Specified by:
        getRequestMetadata in class Credentials
        Parameters:
        uri - URI of the entry point for the request.
        Returns:
        The request metadata used for populating headers or other context.
        Throws:
        java.io.IOException - if there was an error getting up-to-date access. The exception should implement Retryable and isRetryable() will return true if the operation may be retried.
      • hasRequestMetadataOnly

        public boolean hasRequestMetadataOnly()
        Description copied from class: Credentials
        Indicates whether or not the Auth mechanism works purely by including request metadata.

        This is meant for the transport layer. If this is true a transport does not need to take actions other than including the request metadata. If this is false, a transport must specifically know about the authentication technology to support it, and should fail to accept the credentials otherwise.

        Specified by:
        hasRequestMetadataOnly in class Credentials
        Returns:
        Whether or not the Auth mechanism works purely by including request metadata.
      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object
      • getClock

        com.google.api.client.util.Clock getClock()