All Classes and Interfaces
Class
Description
Represents a temporary OAuth2 access token and its expiration information.
The acting party as defined in OAuth 2.0 Token
Exchange.
Credentials class for calling Google APIs using an API key.
OAuth2 credentials representing the built-in service account for Google App Engine.
Constants used for auth in http
Credentials representing an AWS third-party identity for calling Google APIs.
The AWS credential source.
Formats dates required for AWS Signature V4 request signing.
Stores the AWS API request signature based on the AWS Signature Version 4 signing process, and
the parameters used in the signing process.
Internal utility that signs AWS API requests based on the AWS Signature Version 4 signing
process.
Defines AWS security credentials.
Supplier for retrieving AWS Security credentials for
AwsCredentials
to exchange for GCP
access tokens.An OAuth2 user authorization Client ID and associated information.
OAuth2 credentials representing the built-in service account for Google Cloud Shell.
OAuth2 credentials representing the built-in service account for a Google Compute Engine VM.
Defines an upper bound of permissions available for a GCP credential via
CredentialAccessBoundary.AccessBoundaryRule
s.Defines an upper bound of permissions on a particular resource.
An optional condition that can be used as part of a
CredentialAccessBoundary.AccessBoundaryRule
to further
restrict permissions.Indicates that the provided credential does not adhere to the required format.
Represents an abstract authorized identity instance.
Defines the different types of credentials that can be used for metrics.
Provides the Application Default Credential from the environment.
Implements PKCE using only the Java standard library.
DownscopedCredentials enables the ability to downscope, or restrict, the Identity and Access
Management (IAM) permissions that a short-lived credential can use for Cloud Storage.
Interface for an environment provider.
An interface for 3rd party executable handling.
An interface for required fields needed to call 3rd party executables.
Encapsulates response values for the 3rd party executable response (e.g.
OAuth2 credentials sourced using external identities through Workforce Identity Federation.
Builder for
ExternalAccountAuthorizedUserCredentials
.Base external account credentials class.
Base builder for external account credentials.
Base credential source class.
Encapsulates the service account impersonation options portion of the configuration for
ExternalAccountCredentials.
Enum specifying values for the subjectTokenType field in
ExternalAccountCredentials
.A handler for generating the x-goog-api-client header value for BYOID external account
credentials.
Context object to pass relevant variables from external account credentials to suppliers.
Builder for external account supplier context.
Internal provider for retrieving subject tokens for
IdentityPoolCredentials
to exchange
for GCP access tokens via a local file.Base class for the standard Auth error response.
This public class provides shared utilities for common OAuth2 utils or ADC.
Base type for credentials for authorizing calls to Google APIs using OAuth2.
A wrapper for using Credentials with the Google API Client Libraries for Java with Http.
A base interface for all
HttpTransport
factories.This internal class provides shared utilities for interacting with the IAM API for common
features like signing.
Url-sourced, file-sourced, or user provided supplier method-sourced external account credentials.
The IdentityPool credential source.
Represents a temporary IdToken and its JsonWebSignature object
IdTokenCredentials provides a Google Issued OpenIdConnect token.
Interface for an Google OIDC token provider.
Enum of various credential-specific options to apply to the token.
ImpersonatedCredentials allowing credentials issued to a user or service account to impersonate
another.
Internal constants used for auth in http
Internal provider for retrieving AWS security credentials for
AwsCredentials
to exchange
for GCP access tokens.Value class representing the set of fields used as the payload of a JWT token.
Credentials class for calling Google APIs using a JWT with custom claims.
Interface for creating custom JWT tokens
Represents an in-memory storage of tokens.
Base type for Credentials using OAuth2.
Result from
OAuth2Credentials.getOrCreateRefreshTask()
.Listener for changes to credentials.
Stores an immutable snapshot of the accesstoken owned by
OAuth2Credentials
A refreshable alternative to
OAuth2Credentials
.Interface for the refresh handler.
Internal utilities for the com.google.auth.oauth2 namespace.
Encapsulates the standard OAuth error response.
PluggableAuthCredentials enables the exchange of workload identity pool external credentials for
Google access tokens by retrieving 3rd party tokens through a user supplied executable.
Encapsulates the credential source portion of the configuration for PluggableAuthCredentials.
Encapsulates the error response's for 3rd party executables defined by the executable spec.
Internal handler for retrieving 3rd party tokens from user defined scripts/executables for
workload identity federation.
A default implementation for
PluggableAuthHandler.InternalProcessBuilder
that wraps ProcessBuilder
.An interface for creating and managing a process.
Interface for
GoogleCredentials
that return a quota project ID.The callback that receives the result of the asynchronous
Credentials.getRequestMetadata(java.net.URI, java.util.concurrent.Executor, RequestMetadataCallback)
.Utilities to fetch the S2A (Secure Session Agent) address from the mTLS configuration.
Holds an mTLS configuration (consists of address of S2A) retrieved from the Metadata Server.
OAuth2 credentials representing a Service Account for calling Google APIs.
Service Account credentials for calling Google APIs using a JWT directly for access.
Interface for a service account signer.
Implements the OAuth 2.0 token exchange based on https://tools.ietf.org/html/rfc8693.
Defines an OAuth 2.0 token exchange request.
Defines an OAuth 2.0 token exchange successful response.
Represents the default system environment provider.
Interface for long term storage of tokens
Handle verification of Google-signed JWT tokens.
Custom CacheLoader for mapping certificate urls to the contained public keys.
Data class used for deserializing a single JSON Web Key.
Data class used for deserializing a JSON Web Key Set (JWKS) from an external HTTP request.
Custom exception for wrapping all verification errors.
Provider for retrieving subject tokens for
IdentityPoolCredentials
to exchange for GCP
access tokens.Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.
Represents the client authentication types as specified in RFC 7591.
Represents the response from an OAuth token exchange, including configuration details used to
initiate the flow.
OAuth2 Credentials representing a user's identity and consent.