Class GoogleCredentials
- All Implemented Interfaces:
QuotaProjectIdProvider
,Serializable
- Direct Known Subclasses:
AppEngineCredentials
,CloudShellCredentials
,ComputeEngineCredentials
,ExternalAccountAuthorizedUserCredentials
,ExternalAccountCredentials
,GdchCredentials
,ImpersonatedCredentials
,ServiceAccountCredentials
,UserCredentials
- See Also:
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final DefaultCredentialsProvider
(package private) static final String
private final boolean
(package private) static final String
protected final String
private static final long
(package private) static final String
private final String
(package private) static final String
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
Default constructor.GoogleCredentials
(AccessToken accessToken) Deprecated.protected
GoogleCredentials
(AccessToken accessToken, String quotaProjectId) Deprecated.protected
GoogleCredentials
(AccessToken accessToken, Duration refreshMargin, Duration expirationMargin) Deprecated.protected
Constructor that relies on aGoogleCredentials.Builder
to provide all the necessary field values for initialization. -
Method Summary
Modifier and TypeMethodDescriptionAdds quota project ID to requestMetadata if present.static GoogleCredentials
create
(AccessToken accessToken) Returns the credentials instance from the given access token.static GoogleCredentials
create
(String universeDomain, AccessToken accessToken) Returns the credentials instance from the given access token and universe domain.createDelegated
(String user) If the credentials support domain-wide delegation, creates a copy of the identity so that it impersonates the specified user; otherwise, returns the same instance.createScoped
(String... scopes) If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.createScoped
(Collection<String> scopes) If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.createScoped
(Collection<String> scopes, Collection<String> defaultScopes) If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance.boolean
Indicates whether the credentials require scopes to be specified via a call tocreateScoped(java.util.Collection<java.lang.String>)
before use.createWithCustomRetryStrategy
(boolean defaultRetriesEnabled) If the credentials support automatic retries, creates a copy of the identity with the provided retry strategycreateWithQuotaProject
(String quotaProject) Creates a credential with the provided quota project.boolean
static GoogleCredentials
fromStream
(InputStream credentialsStream) Returns credentials defined by a JSON file stream.static GoogleCredentials
fromStream
(InputStream credentialsStream, HttpTransportFactory transportFactory) Returns credentials defined by a JSON file stream.Provide additional headers to return as request metadata.static GoogleCredentials
Returns the Application Default Credentials.static GoogleCredentials
getApplicationDefault
(HttpTransportFactory transportFactory) Returns the Application Default Credentials.Gets the universe domain for the credential.int
hashCode()
(package private) boolean
Checks if universe domain equals toCredentials.GOOGLE_DEFAULT_UNIVERSE
.protected boolean
Gets the flag indicating whether universeDomain was explicitly set by the developer.static GoogleCredentials.Builder
toString()
protected com.google.common.base.MoreObjects.ToStringHelper
A helper for overriding the toString() method.Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshAccessToken, refreshIfExpired, removeChangeListener
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
QUOTA_PROJECT_ID_HEADER_KEY
- See Also:
-
USER_FILE_TYPE
- See Also:
-
SERVICE_ACCOUNT_FILE_TYPE
- See Also:
-
GDCH_SERVICE_ACCOUNT_FILE_TYPE
- See Also:
-
universeDomain
-
isExplicitUniverseDomain
private final boolean isExplicitUniverseDomain -
quotaProjectId
-
defaultCredentialsProvider
-
-
Constructor Details
-
GoogleCredentials
protected GoogleCredentials()Default constructor. -
GoogleCredentials
Deprecated.Constructor with an explicit access token and quotaProjectId.Deprecated, please use the
GoogleCredentials(Builder)
constructor whenever possible.- Parameters:
accessToken
- initial or temporary access tokenquotaProjectId
- a quotaProjectId, a project id to be used for billing purposes
-
GoogleCredentials
Deprecated.Constructor with explicit access token.- Parameters:
accessToken
- initial or temporary access token
-
GoogleCredentials
Constructor that relies on aGoogleCredentials.Builder
to provide all the necessary field values for initialization.- Parameters:
builder
- an instance of a builder
-
GoogleCredentials
@Deprecated protected GoogleCredentials(AccessToken accessToken, Duration refreshMargin, Duration expirationMargin) Deprecated.Constructor with explicit access token and refresh margins.Deprecated, please use the
GoogleCredentials(Builder)
constructor whenever possible.- Parameters:
accessToken
- initial or temporary access token
-
-
Method Details
-
create
Returns the credentials instance from the given access token.- Parameters:
accessToken
- the access token- Returns:
- the credentials instance
-
create
Returns the credentials instance from the given access token and universe domain.- Parameters:
universeDomain
- the universe domainaccessToken
- the access token- Returns:
- the credentials instance
-
getApplicationDefault
Returns the Application Default Credentials.Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:
- Credentials file pointed to by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable - Credentials provided by the Google Cloud SDK.
gcloud auth application-default login
for user account credentials.gcloud auth application-default login --impersonate-service-account
for impersonated service account credentials.
- Google App Engine built-in credentials
- Google Cloud Shell built-in credentials
- Google Compute Engine built-in credentials
- Returns:
- the credentials instance.
- Throws:
IOException
- if the credentials cannot be created in the current environment.
- Credentials file pointed to by the
-
getApplicationDefault
public static GoogleCredentials getApplicationDefault(HttpTransportFactory transportFactory) throws IOException Returns the Application Default Credentials.Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:
- Credentials file pointed to by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable - Credentials provided by the Google Cloud SDK
gcloud auth application-default login
command - Google App Engine built-in credentials
- Google Cloud Shell built-in credentials
- Google Compute Engine built-in credentials
- Parameters:
transportFactory
- HTTP transport factory, creates the transport used to get access tokens.- Returns:
- the credentials instance.
- Throws:
IOException
- if the credentials cannot be created in the current environment.
- Credentials file pointed to by the
-
fromStream
Returns credentials defined by a JSON file stream.The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.
- Parameters:
credentialsStream
- the stream with the credential definition.- Returns:
- the credential defined by the credentialsStream.
- Throws:
IOException
- if the credential cannot be created from the stream.
-
fromStream
public static GoogleCredentials fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory) throws IOException Returns credentials defined by a JSON file stream.The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.
- Parameters:
credentialsStream
- the stream with the credential definition.transportFactory
- HTTP transport factory, creates the transport used to get access tokens.- Returns:
- the credential defined by the credentialsStream.
- Throws:
IOException
- if the credential cannot be created from the stream.
-
createWithQuotaProject
Creates a credential with the provided quota project.- Parameters:
quotaProject
- the quota project to set on the credential- Returns:
- credential with the provided quota project
-
getUniverseDomain
Gets the universe domain for the credential.- Overrides:
getUniverseDomain
in classCredentials
- Returns:
- An explicit universe domain if it was explicitly provided, invokes the super implementation otherwise
- Throws:
IOException
- extending classes might have to do remote calls to determine the universe domain. The exception must implementRetryable
andisRetryable()
will return true if the operation may be retried.
-
isExplicitUniverseDomain
protected boolean isExplicitUniverseDomain()Gets the flag indicating whether universeDomain was explicitly set by the developer.If subclass has a requirement to give priority to developer-set universeDomain, this property must be used to check if the universeDomain value was provided by the user. It could be a default otherwise.
- Returns:
- true if universeDomain value was provided by the developer, false otherwise
-
isDefaultUniverseDomain
Checks if universe domain equals toCredentials.GOOGLE_DEFAULT_UNIVERSE
.- Returns:
- true if universe domain equals to
Credentials.GOOGLE_DEFAULT_UNIVERSE
, false otherwise - Throws:
IOException
-
addQuotaProjectIdToRequestMetadata
static Map<String,List<String>> addQuotaProjectIdToRequestMetadata(String quotaProjectId, Map<String, List<String>> requestMetadata) Adds quota project ID to requestMetadata if present.- Returns:
- a new map with quotaProjectId added if needed
-
getAdditionalHeaders
Description copied from class:OAuth2Credentials
Provide additional headers to return as request metadata.- Overrides:
getAdditionalHeaders
in classOAuth2Credentials
- Returns:
- additional headers
-
toStringHelper
protected com.google.common.base.MoreObjects.ToStringHelper toStringHelper()A helper for overriding the toString() method. This allows inheritance of super class fields. Extending classes can override this implementation and call super implementation and add more fields. Same cannot be done with overriding the toString() directly.- Returns:
- an instance of the ToStringHelper that has public fields added
-
toString
- Overrides:
toString
in classOAuth2Credentials
-
equals
- Overrides:
equals
in classOAuth2Credentials
-
hashCode
public int hashCode()- Overrides:
hashCode
in classOAuth2Credentials
-
newBuilder
-
toBuilder
- Overrides:
toBuilder
in classOAuth2Credentials
-
getQuotaProjectId
- Specified by:
getQuotaProjectId
in interfaceQuotaProjectIdProvider
- Returns:
- the quota project ID used for quota and billing purposes
-
createScopedRequired
public boolean createScopedRequired()Indicates whether the credentials require scopes to be specified via a call tocreateScoped(java.util.Collection<java.lang.String>)
before use.- Returns:
- Whether the credentials require scopes to be specified.
-
createScoped
If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.- Parameters:
scopes
- Collection of scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
createScoped
If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance. This is mainly used by client libraries.- Parameters:
scopes
- Collection of scopes to request.defaultScopes
- Collection of default scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
createScoped
If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.- Parameters:
scopes
- Collection of scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
createWithCustomRetryStrategy
If the credentials support automatic retries, creates a copy of the identity with the provided retry strategy- Parameters:
defaultRetriesEnabled
- a flag enabling or disabling default retries- Returns:
- GoogleCredentials with the new default retries configuration.
-
createDelegated
If the credentials support domain-wide delegation, creates a copy of the identity so that it impersonates the specified user; otherwise, returns the same instance.- Parameters:
user
- User to impersonate.- Returns:
- GoogleCredentials with a delegated user.
-