Package com.google.auth.oauth2

Class AwsCredentials

  • All Implemented Interfaces:
    QuotaProjectIdProvider, java.io.Serializable
    public class AwsCredentials
extends ExternalAccountCredentials
    Credentials representing an AWS third-party identity for calling Google APIs. AWS security credentials are either sourced by calling EC2 metadata endpoints, environment variables, or a user provided supplier method.

    By default, attempts to exchange the external credential for a GCP access token.

    See Also:
    Serialized Form

    • Field Detail

      • DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL

        static final java.lang.String DEFAULT_REGIONAL_CREDENTIAL_VERIFICATION_URL
        See Also:
        Constant Field Values

      • AWS_METRICS_HEADER_VALUE

        static final java.lang.String AWS_METRICS_HEADER_VALUE
        See Also:
        Constant Field Values

      • regionalCredentialVerificationUrlOverride

        @Nullable
private final java.lang.String regionalCredentialVerificationUrlOverride

      • regionalCredentialVerificationUrl

        @Nullable
private final java.lang.String regionalCredentialVerificationUrl

      • metricsHeaderValue

        private final java.lang.String metricsHeaderValue

    • Method Detail

      • refreshAccessToken

        public AccessToken refreshAccessToken()
                               throws java.io.IOException
        Description copied from class: OAuth2Credentials
        Method to refresh the access token according to the specific type of credentials.

        Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.

        Overrides:
        refreshAccessToken in class OAuth2Credentials
        Returns:
        never
        Throws:
        java.io.IOException

      • retrieveSubjectToken

        public java.lang.String retrieveSubjectToken()
                                      throws java.io.IOException
        Description copied from class: ExternalAccountCredentials
        Retrieves the external subject token to be exchanged for a Google Cloud access token.

        Must be implemented by subclasses as the retrieval method is dependent on the credential source.

        Specified by:
        retrieveSubjectToken in class ExternalAccountCredentials
        Returns:
        the external subject token
        Throws:
        java.io.IOException - if the subject token cannot be retrieved

      • createScoped

        public GoogleCredentials createScoped​(java.util.Collection<java.lang.String> newScopes)
        Clones the AwsCredentials with the specified scopes.
        Overrides:
        createScoped in class GoogleCredentials
        Parameters:
        newScopes - Collection of scopes to request.
        Returns:
        GoogleCredentials with requested scopes.

      • buildSubjectToken

        private java.lang.String buildSubjectToken​(AwsRequestSignature signature)
                                    throws java.io.UnsupportedEncodingException
        Throws:
        java.io.UnsupportedEncodingException

      • getRegionalCredentialVerificationUrl

        java.lang.String getRegionalCredentialVerificationUrl()

      • getEnv

        java.lang.String getEnv​(java.lang.String name)

      • getRegionalCredentialVerificationUrlOverride

        @Nullable
public java.lang.String getRegionalCredentialVerificationUrlOverride()

      • formatTokenHeaderForSts

        private static com.google.api.client.json.GenericJson formatTokenHeaderForSts​(java.lang.String key,
                                                                              java.lang.String value)