Package com.google.auth.oauth2
Class IamUtils
java.lang.Object
com.google.auth.oauth2.IamUtils
This internal class provides shared utilities for interacting with the IAM API for common
features like signing.
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) static IdToken
getIdToken
(String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, String targetAudience, boolean includeEmail, Map<String, ?> additionalFields, CredentialTypeForMetrics credentialTypeForMetrics) Returns an IdToken issued to the serviceAccount with a specified targetAudienceprivate static String
getSignature
(String serviceAccountEmail, String bytes, Map<String, ?> additionalFields, com.google.api.client.http.HttpRequestFactory factory) (package private) static byte[]
sign
(String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, byte[] toSign, Map<String, ?> additionalFields) Returns a signature for the provided bytes.
-
Field Details
-
SIGN_BLOB_URL_FORMAT
- See Also:
-
ID_TOKEN_URL_FORMAT
- See Also:
-
PARSE_ERROR_MESSAGE
- See Also:
-
PARSE_ERROR_SIGNATURE
- See Also:
-
IAM_RETRYABLE_STATUS_CODES
-
-
Constructor Details
-
IamUtils
IamUtils()
-
-
Method Details
-
sign
static byte[] sign(String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, byte[] toSign, Map<String, ?> additionalFields) Returns a signature for the provided bytes.- Parameters:
serviceAccountEmail
- the email address for the service account used for signingcredentials
- credentials required for making the IAM calltransport
- transport used for building the HTTP requesttoSign
- bytes to signadditionalFields
- additional fields to send in the IAM call- Returns:
- signed bytes
- Throws:
ServiceAccountSigner.SigningException
- if signing fails
-
getSignature
private static String getSignature(String serviceAccountEmail, String bytes, Map<String, ?> additionalFields, com.google.api.client.http.HttpRequestFactory factory) throws IOException- Throws:
IOException
-
getIdToken
static IdToken getIdToken(String serviceAccountEmail, Credentials credentials, com.google.api.client.http.HttpTransport transport, String targetAudience, boolean includeEmail, Map<String, ?> additionalFields, CredentialTypeForMetrics credentialTypeForMetrics) throws IOExceptionReturns an IdToken issued to the serviceAccount with a specified targetAudience- Parameters:
serviceAccountEmail
- the email address for the service account to get an ID Token forcredentials
- credentials required for making the IAM calltransport
- transport used for building the HTTP requesttargetAudience
- the audience the issued ID token should includeadditionalFields
- additional fields to send in the IAM callcredentialTypeForMetrics
- credential type for credential making this call- Returns:
- IdToken issed to the serviceAccount
- Throws:
IOException
- if the IdToken cannot be issued.- See Also:
-