java.lang.Object
- com.google.auth.Credentials
- - com.google.auth.oauth2.OAuth2Credentials
  - - com.google.auth.oauth2.IdTokenCredentials

All Implemented Interfaces:: java.io.Serializable

public class IdTokenCredentials
extends OAuth2Credentials

IdTokenCredentials provides a Google Issued OpenIdConnect token.
Use an ID token to access services that require presenting an ID token for authentication such as Cloud Functions or Cloud Run.
The following Credential subclasses support IDTokens: ServiceAccountCredentials, ComputeEngineCredentials, ImpersonatedCredentials.

For more information see
Usage:

 String credPath = "/path/to/svc_account.json";
 String targetAudience = "https://example.com";

 // For Application Default Credentials (as ServiceAccountCredentials)
 // export GOOGLE_APPLICATION_CREDENTIALS=/path/to/svc.json
 GoogleCredentials adcCreds = GoogleCredentials.getApplicationDefault();
 if (!adcCreds instanceof IdTokenProvider) {
   // handle error message
 }

 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(adcCreds)
     .setTargetAudience(targetAudience).build();

 // for ServiceAccountCredentials
 ServiceAccountCredentials saCreds = ServiceAccountCredentials.fromStream(new FileInputStream(credPath));
 saCreds = (ServiceAccountCredentials) saCreds.createScoped(Arrays.asList("https://www.googleapis.com/auth/iam"));
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(saCreds)
     .setTargetAudience(targetAudience).build();

 // for ComputeEngineCredentials
 ComputeEngineCredentials caCreds = ComputeEngineCredentials.create();
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(caCreds)
     .setTargetAudience(targetAudience)
     .setOptions(Arrays.asList(ComputeEngineCredentials.ID_TOKEN_FORMAT_FULL))
     .build();

 // for ImpersonatedCredentials
 ImpersonatedCredentials imCreds = ImpersonatedCredentials.create(saCreds,
     "impersonated-account@project.iam.gserviceaccount.com", null,
     Arrays.asList("https://www.googleapis.com/auth/cloud-platform"), 300);
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(imCreds)
     .setTargetAudience(targetAudience)
     .setOptions(Arrays.asList(ImpersonatedCredentials.INCLUDE_EMAIL))
     .build();

 // Use the IdTokenCredential in an authorized transport
 GenericUrl genericUrl = new GenericUrl("https://example.com");
 HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(tokenCredential);
 HttpTransport transport = new NetHttpTransport();
 HttpRequest request = transport.createRequestFactory(adapter).buildGetRequest(genericUrl);
 HttpResponse response = request.execute();

 // Print the token, expiration and the audience
 System.out.println(tokenCredential.getIdToken().getTokenValue());
 System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getAudienceAsList());
 System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getExpirationTimeSeconds());

See Also:: Serialized Form

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class IdTokenCredentials.Builder
- Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
  OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener

Field Summary

Fields
Modifier and Type	Field	Description
`private IdTokenProvider`	`idTokenProvider`
`private java.util.List<IdTokenProvider.Option>`	`options`
`private static long`	`serialVersionUID`
`private java.lang.String`	`targetAudience`

Fields inherited from class com.google.auth.oauth2.OAuth2Credentials
clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask

Fields inherited from class com.google.auth.Credentials
GOOGLE_DEFAULT_UNIVERSE

Constructor Summary

Constructors
Modifier Constructor Description

private IdTokenCredentials(IdTokenCredentials.Builder builder)

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`boolean`	`equals(java.lang.Object obj)`
`IdToken`	`getIdToken()`
`int`	`hashCode()`
`static IdTokenCredentials.Builder`	`newBuilder()`
`AccessToken`	`refreshAccessToken()`	Method to refresh the access token according to the specific type of credentials.
`IdTokenCredentials.Builder`	`toBuilder()`
`java.lang.String`	`toString()`

Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, create, getAccessToken, getAdditionalHeaders, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener

Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getMetricsCredentialType, getRequestMetadata, getUniverseDomain

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - serialVersionUID
```
private static final long serialVersionUID
```
    See Also:
    
    Constant Field Values
  - idTokenProvider
```
private IdTokenProvider idTokenProvider
```
  - targetAudience
```
private java.lang.String targetAudience
```
  - options
```
private java.util.List<IdTokenProvider.Option> options
```
- Constructor Detail
  - IdTokenCredentials
```
private IdTokenCredentials(IdTokenCredentials.Builder builder)
```
- Method Detail
  - refreshAccessToken
```
public AccessToken refreshAccessToken()
                               throws java.io.IOException
```
    Description copied from class: OAuth2Credentials
    
    Method to refresh the access token according to the specific type of credentials.
    Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
    
    Overrides:
    
    refreshAccessToken in class OAuth2Credentials
    
    Returns:
    
    never
    
    Throws:
    
    java.io.IOException
  - getIdToken
```
public IdToken getIdToken()
```
  - hashCode
```
public int hashCode()
```
    Overrides:
    
    hashCode in class OAuth2Credentials
  - toString
```
public java.lang.String toString()
```
    Overrides:
    
    toString in class OAuth2Credentials
  - equals
```
public boolean equals(java.lang.Object obj)
```
    Overrides:
    
    equals in class OAuth2Credentials
  - toBuilder
```
public IdTokenCredentials.Builder toBuilder()
```
    Overrides:
    
    toBuilder in class OAuth2Credentials
  - newBuilder
```
public static IdTokenCredentials.Builder newBuilder()
```

Class IdTokenCredentials

Nested Class Summary

Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials

Field Summary

Fields inherited from class com.google.auth.oauth2.OAuth2Credentials

Fields inherited from class com.google.auth.Credentials

Constructor Summary

Method Summary

Methods inherited from class com.google.auth.oauth2.OAuth2Credentials

Methods inherited from class com.google.auth.Credentials

Methods inherited from class java.lang.Object

Field Detail

serialVersionUID

idTokenProvider

targetAudience

options

Constructor Detail

IdTokenCredentials

Method Detail

refreshAccessToken

getIdToken

hashCode

toString

equals

toBuilder

newBuilder