Class SecureSessionAgent

java.lang.Object
com.google.auth.oauth2.SecureSessionAgent

@ThreadSafe public class SecureSessionAgent extends Object
Utilities to fetch the S2A (Secure Session Agent) address from the mTLS configuration.

mTLS configuration is queried from the MDS MTLS Autoconfiguration endpoint. See https://google.aip.dev/auth/4115 for details.

This is an experimental utility.

  • Field Details

  • Constructor Details

  • Method Details

    • getConfig

      public SecureSessionAgentConfig getConfig()
      This method makes a network call to MDS to get the SecureSessionAgentConfig which contains the plaintext and mtls address to reach the S2A (Secure Session Agent).
      Returns:
      a SecureSessionAgentConfig.
    • create

      public static SecureSessionAgent create()
      Returns:
      default instance of SecureSessionAgent
    • newBuilder

      public static SecureSessionAgent.Builder newBuilder()
    • getSecureSessionAgentConfigFromMDS

      private SecureSessionAgentConfig getSecureSessionAgentConfigFromMDS()
      Queries the MDS mTLS Autoconfiguration endpoint and returns the SecureSessionAgentConfig.

      Returns SecureSessionAgentConfig. If S2A is not running, or if any error occurs when making the request to MDS / processing the response, SecureSessionAgentConfig will be populated with empty addresses.

      Users are expected to try to fetch the mTLS-S2A address first (via

      invalid reference
      getMtlsS2AAddress
      ). If it is empty or they have some problem loading the mTLS-MDS credentials, they should then fallback to fetching the plaintext-S2A address (via
      invalid reference
      getPlaintextS2AAddress
      ). If the plaintext-S2A address is empty it means that an error occurred when talking to the MDS / processing the response or that S2A is not running in the environment; in either case this indicates S2A shouldn't be used.
      Returns:
      the SecureSessionAgentConfig.