Package com.google.auth.oauth2

Class ExternalAccountAuthorizedUserCredentials

  • All Implemented Interfaces:
    QuotaProjectIdProvider, java.io.Serializable
    public class ExternalAccountAuthorizedUserCredentials
extends GoogleCredentials
    OAuth2 credentials sourced using external identities through Workforce Identity Federation.

    Obtaining the initial access and refresh token can be done through the Google Cloud CLI. 

     Example credentials file:
 {
   "type": "external_account_authorized_user",
   "audience": "//iam.googleapis.com/locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID",
   "refresh_token": "refreshToken",
   "token_url": "https://sts.googleapis.com/v1/oauthtoken",
   "token_info_url": "https://sts.googleapis.com/v1/introspect",
   "client_id": "clientId",
   "client_secret": "clientSecret"
 }
    See Also:
    Serialized Form

    • Field Detail

      • PARSE_ERROR_PREFIX

        private static final java.lang.String PARSE_ERROR_PREFIX
        See Also:
        Constant Field Values

      • EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE

        static final java.lang.String EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE
        See Also:
        Constant Field Values

      • transportFactoryClassName

        private final java.lang.String transportFactoryClassName

      • audience

        private final java.lang.String audience

      • tokenUrl

        private final java.lang.String tokenUrl

      • tokenInfoUrl

        private final java.lang.String tokenInfoUrl

      • revokeUrl

        private final java.lang.String revokeUrl

      • clientId

        private final java.lang.String clientId

      • clientSecret

        private final java.lang.String clientSecret

      • refreshToken

        private java.lang.String refreshToken

    • Method Detail

      • fromStream

        public static ExternalAccountAuthorizedUserCredentials fromStream​(java.io.InputStream credentialsStream)
                                                           throws java.io.IOException
        Returns external account authorized user credentials defined by a JSON file stream.
        Parameters:
        credentialsStream - the stream with the credential definition
        Returns:
        the credential defined by the credentialsStream
        Throws:
        java.io.IOException - if the credential cannot be created from the stream

      • fromStream

        public static ExternalAccountAuthorizedUserCredentials fromStream​(java.io.InputStream credentialsStream,
                                                                  HttpTransportFactory transportFactory)
                                                           throws java.io.IOException
        Returns external account authorized user credentials defined by a JSON file stream.
        Parameters:
        credentialsStream - the stream with the credential definition
        transportFactory - the HTTP transport factory used to create the transport to get access tokens
        Returns:
        the credential defined by the credentialsStream
        Throws:
        java.io.IOException - if the credential cannot be created from the stream

      • refreshAccessToken

        public AccessToken refreshAccessToken()
                               throws java.io.IOException
        Description copied from class: OAuth2Credentials
        Method to refresh the access token according to the specific type of credentials.

        Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.

        Overrides:
        refreshAccessToken in class OAuth2Credentials
        Returns:
        never
        Throws:
        java.io.IOException

      • getAudience

        @Nullable
public java.lang.String getAudience()

      • getClientId

        @Nullable
public java.lang.String getClientId()

      • getClientSecret

        @Nullable
public java.lang.String getClientSecret()

      • getRevokeUrl

        @Nullable
public java.lang.String getRevokeUrl()

      • getTokenUrl

        @Nullable
public java.lang.String getTokenUrl()

      • getTokenInfoUrl

        @Nullable
public java.lang.String getTokenInfoUrl()

      • getRefreshToken

        @Nullable
public java.lang.String getRefreshToken()

      • fromJson

        static ExternalAccountAuthorizedUserCredentials fromJson​(java.util.Map<java.lang.String,​java.lang.Object> json,
                                                         HttpTransportFactory transportFactory)
                                                  throws java.io.IOException
        Returns external account authorized user credentials defined by JSON contents using the format supported by the Cloud SDK.
        Parameters:
        json - a map from the JSON representing the credentials
        transportFactory - HTTP transport factory, creates the transport used to get access tokens
        Returns:
        the external account authorized user credentials defined by the JSON
        Throws:
        java.io.IOException

      • readObject

        private void readObject​(java.io.ObjectInputStream input)
                 throws java.io.IOException,
                        java.lang.ClassNotFoundException
        Throws:
        java.io.IOException
        java.lang.ClassNotFoundException

      • canRefresh

        private boolean canRefresh()

      • buildRefreshRequest

        private com.google.api.client.http.HttpRequest buildRefreshRequest()
                                                            throws java.io.IOException
        Throws:
        java.io.IOException