Package com.google.auth.oauth2
Class IdTokenCredentials
- java.lang.Object
-
- com.google.auth.Credentials
-
- com.google.auth.oauth2.OAuth2Credentials
-
- com.google.auth.oauth2.IdTokenCredentials
-
- All Implemented Interfaces:
java.io.Serializable
public class IdTokenCredentials extends OAuth2Credentials
IdTokenCredentials provides a Google Issued OpenIdConnect token.
Use an ID token to access services that require presenting an ID token for authentication such as Cloud Functions or Cloud Run.
The following Credential subclasses support IDTokens: ServiceAccountCredentials, ComputeEngineCredentials, ImpersonatedCredentials.For more information see
Usage:
String credPath = "/path/to/svc_account.json"; String targetAudience = "https://example.com"; // For Application Default Credentials (as ServiceAccountCredentials) // export GOOGLE_APPLICATION_CREDENTIALS=/path/to/svc.json GoogleCredentials adcCreds = GoogleCredentials.getApplicationDefault(); if (!adcCreds instanceof IdTokenProvider) { // handle error message } IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(adcCreds) .setTargetAudience(targetAudience).build(); // for ServiceAccountCredentials ServiceAccountCredentials saCreds = ServiceAccountCredentials.fromStream(new FileInputStream(credPath)); saCreds = (ServiceAccountCredentials) saCreds.createScoped(Arrays.asList("https://www.googleapis.com/auth/iam")); IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(saCreds) .setTargetAudience(targetAudience).build(); // for ComputeEngineCredentials ComputeEngineCredentials caCreds = ComputeEngineCredentials.create(); IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(caCreds) .setTargetAudience(targetAudience) .setOptions(Arrays.asList(ComputeEngineCredentials.ID_TOKEN_FORMAT_FULL)) .build(); // for ImpersonatedCredentials ImpersonatedCredentials imCreds = ImpersonatedCredentials.create(saCreds, "impersonated-account@project.iam.gserviceaccount.com", null, Arrays.asList("https://www.googleapis.com/auth/cloud-platform"), 300); IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(imCreds) .setTargetAudience(targetAudience) .setOptions(Arrays.asList(ImpersonatedCredentials.INCLUDE_EMAIL)) .build(); // Use the IdTokenCredential in an authorized transport GenericUrl genericUrl = new GenericUrl("https://example.com"); HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(tokenCredential); HttpTransport transport = new NetHttpTransport(); HttpRequest request = transport.createRequestFactory(adapter).buildGetRequest(genericUrl); HttpResponse response = request.execute(); // Print the token, expiration and the audience System.out.println(tokenCredential.getIdToken().getTokenValue()); System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getAudienceAsList()); System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getExpirationTimeSeconds());
- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
IdTokenCredentials.Builder
-
Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
-
Field Summary
Fields Modifier and Type Field Description private IdTokenProvider
idTokenProvider
private java.util.List<IdTokenProvider.Option>
options
private static long
serialVersionUID
private java.lang.String
targetAudience
-
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
-
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
-
Constructor Summary
Constructors Modifier Constructor Description private
IdTokenCredentials(IdTokenCredentials.Builder builder)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
equals(java.lang.Object obj)
IdToken
getIdToken()
int
hashCode()
static IdTokenCredentials.Builder
newBuilder()
AccessToken
refreshAccessToken()
Method to refresh the access token according to the specific type of credentials.IdTokenCredentials.Builder
toBuilder()
java.lang.String
toString()
-
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, create, getAccessToken, getAdditionalHeaders, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener
-
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata, getUniverseDomain
-
-
-
-
Field Detail
-
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
-
idTokenProvider
private IdTokenProvider idTokenProvider
-
targetAudience
private java.lang.String targetAudience
-
options
private java.util.List<IdTokenProvider.Option> options
-
-
Constructor Detail
-
IdTokenCredentials
private IdTokenCredentials(IdTokenCredentials.Builder builder)
-
-
Method Detail
-
refreshAccessToken
public AccessToken refreshAccessToken() throws java.io.IOException
Description copied from class:OAuth2Credentials
Method to refresh the access token according to the specific type of credentials.Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
- Overrides:
refreshAccessToken
in classOAuth2Credentials
- Returns:
- never
- Throws:
java.io.IOException
-
getIdToken
public IdToken getIdToken()
-
hashCode
public int hashCode()
- Overrides:
hashCode
in classOAuth2Credentials
-
toString
public java.lang.String toString()
- Overrides:
toString
in classOAuth2Credentials
-
equals
public boolean equals(java.lang.Object obj)
- Overrides:
equals
in classOAuth2Credentials
-
toBuilder
public IdTokenCredentials.Builder toBuilder()
- Overrides:
toBuilder
in classOAuth2Credentials
-
newBuilder
public static IdTokenCredentials.Builder newBuilder()
-
-