Package com.google.auth.oauth2
Class AppEngineCredentials
java.lang.Object
com.google.auth.Credentials
com.google.auth.oauth2.OAuth2Credentials
com.google.auth.oauth2.GoogleCredentials
com.google.auth.oauth2.AppEngineCredentials
- All Implemented Interfaces:
QuotaProjectIdProvider
,ServiceAccountSigner
,Serializable
OAuth2 credentials representing the built-in service account for Google App Engine.
Instances of this class use reflection to access AppIdentityService in AppEngine SDK.
-
Nested Class Summary
Nested classes/interfaces inherited from class com.google.auth.oauth2.GoogleCredentials
GoogleCredentials.Builder
Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener
Nested classes/interfaces inherited from interface com.google.auth.ServiceAccountSigner
ServiceAccountSigner.SigningException
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate String
(package private) static final String
(package private) static final String
private Object
private static final String
(package private) static final String
private static final String
private static final String
private static final String
private static final String
private static final String
private Method
private Method
private Method
private Method
private final Collection
<String> private final boolean
private static final long
private static final String
private Method
(package private) static final String
Fields inherited from class com.google.auth.oauth2.GoogleCredentials
GDCH_SERVICE_ACCOUNT_FILE_TYPE, QUOTA_PROJECT_ID_HEADER_KEY, quotaProjectId, SERVICE_ACCOUNT_FILE_TYPE, USER_FILE_TYPE
Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask
Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE
-
Constructor Summary
ConstructorsConstructorDescriptionAppEngineCredentials
(Collection<String> scopes, Collection<String> defaultScopes) AppEngineCredentials
(Collection<String> scopes, Collection<String> defaultScopes, AppEngineCredentials unscoped) -
Method Summary
Modifier and TypeMethodDescriptioncreateScoped
(Collection<String> scopes) If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.createScoped
(Collection<String> scopes, Collection<String> defaultScopes) If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance.boolean
Indicates whether the credentials require scopes to be specified via a call toGoogleCredentials.createScoped(java.util.Collection<java.lang.String>)
before use.boolean
(package private) Class
<?> Returns the service account associated with the signer.int
hashCode()
private void
init()
private void
readObject
(ObjectInputStream input) Refresh the access token by getting it from the App Identity service.byte[]
sign
(byte[] toSign) Signs the provided bytes using the private key associated with the service account.toString()
Methods inherited from class com.google.auth.oauth2.GoogleCredentials
addQuotaProjectIdToRequestMetadata, create, create, createDelegated, createScoped, createWithCustomRetryStrategy, createWithQuotaProject, fromStream, fromStream, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getQuotaProjectId, getUniverseDomain, isDefaultUniverseDomain, isExplicitUniverseDomain, newBuilder, toBuilder, toStringHelper
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener
Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
APP_IDENTITY_SERVICE_FACTORY_CLASS
- See Also:
-
APP_IDENTITY_SERVICE_CLASS
- See Also:
-
GET_ACCESS_TOKEN_RESULT_CLASS
- See Also:
-
SIGNING_RESULT_CLASS
- See Also:
-
GET_APP_IDENTITY_SERVICE_METHOD
- See Also:
-
GET_ACCESS_TOKEN_RESULT_METHOD
- See Also:
-
GET_ACCESS_TOKEN_METHOD
- See Also:
-
GET_EXPIRATION_TIME_METHOD
- See Also:
-
GET_SERVICE_ACCOUNT_NAME_METHOD
- See Also:
-
SIGN_FOR_APP_METHOD
- See Also:
-
GET_SIGNATURE_METHOD
- See Also:
-
scopes
-
scopesRequired
private final boolean scopesRequired -
appIdentityService
-
getAccessToken
-
getAccessTokenResult
-
getExpirationTime
-
signForApp
-
getSignature
-
account
-
-
Constructor Details
-
AppEngineCredentials
AppEngineCredentials(Collection<String> scopes, Collection<String> defaultScopes) throws IOException - Throws:
IOException
-
AppEngineCredentials
AppEngineCredentials(Collection<String> scopes, Collection<String> defaultScopes, AppEngineCredentials unscoped)
-
-
Method Details
-
init
- Throws:
IOException
-
refreshAccessToken
Refresh the access token by getting it from the App Identity service.- Overrides:
refreshAccessToken
in classOAuth2Credentials
- Returns:
- never
- Throws:
IOException
-
createScopedRequired
public boolean createScopedRequired()Description copied from class:GoogleCredentials
Indicates whether the credentials require scopes to be specified via a call toGoogleCredentials.createScoped(java.util.Collection<java.lang.String>)
before use.- Overrides:
createScopedRequired
in classGoogleCredentials
- Returns:
- Whether the credentials require scopes to be specified.
-
createScoped
Description copied from class:GoogleCredentials
If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.- Overrides:
createScoped
in classGoogleCredentials
- Parameters:
scopes
- Collection of scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
createScoped
Description copied from class:GoogleCredentials
If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance. This is mainly used by client libraries.- Overrides:
createScoped
in classGoogleCredentials
- Parameters:
scopes
- Collection of scopes to request.defaultScopes
- Collection of default scopes to request.- Returns:
- GoogleCredentials with requested scopes.
-
getAccount
Description copied from interface:ServiceAccountSigner
Returns the service account associated with the signer.- Specified by:
getAccount
in interfaceServiceAccountSigner
- Returns:
- The service account associated with the signer.
-
sign
public byte[] sign(byte[] toSign) Description copied from interface:ServiceAccountSigner
Signs the provided bytes using the private key associated with the service account.- Specified by:
sign
in interfaceServiceAccountSigner
- Parameters:
toSign
- bytes to sign- Returns:
- signed bytes
-
hashCode
public int hashCode()- Overrides:
hashCode
in classGoogleCredentials
-
toString
- Overrides:
toString
in classGoogleCredentials
-
equals
- Overrides:
equals
in classGoogleCredentials
-
readObject
- Throws:
IOException
ClassNotFoundException
-
forName
- Throws:
ClassNotFoundException
-