Class ExternalAccountAuthorizedUserCredentials

java.lang.Object

com.google.auth.Credentials

com.google.auth.oauth2.OAuth2Credentials

com.google.auth.oauth2.GoogleCredentials

com.google.auth.oauth2.ExternalAccountAuthorizedUserCredentials

All Implemented Interfaces:

QuotaProjectIdProvider, Serializable

public class ExternalAccountAuthorizedUserCredentials
extends GoogleCredentials

OAuth2 credentials sourced using external identities through Workforce Identity Federation.

Obtaining the initial access and refresh token can be done through the Google Cloud CLI.

Example credentials file:
{
  "type": "external_account_authorized_user",
  "audience": "//iam.googleapis.com/locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID",
  "refresh_token": "refreshToken",
  "token_url": "https://sts.googleapis.com/v1/oauthtoken",
  "token_info_url": "https://sts.googleapis.com/v1/introspect",
  "client_id": "clientId",
  "client_secret": "clientSecret"
}

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	ExternalAccountAuthorizedUserCredentials.Builder	Builder for ExternalAccountAuthorizedUserCredentials.

Nested classes/interfaces inherited from class OAuth2Credentials

OAuth2Credentials.AsyncRefreshResult, OAuth2Credentials.CacheState, OAuth2Credentials.CredentialsChangedListener, OAuth2Credentials.FutureCallbackToMetadataCallbackAdapter, OAuth2Credentials.OAuthValue, OAuth2Credentials.RefreshTask, OAuth2Credentials.RefreshTaskListener

Field Summary

Fields

Modifier and Type	Field	Description
private final String	audience
private final String	clientId
private final String	clientSecret
(package private) static final String	EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE
private static final String	PARSE_ERROR_PREFIX
private String	refreshToken
private final String	revokeUrl
private static final long	serialVersionUID
private final String	tokenInfoUrl
private final String	tokenUrl
private HttpTransportFactory	transportFactory
private final String	transportFactoryClassName

Fields inherited from class GoogleCredentials

GDCH_SERVICE_ACCOUNT_FILE_TYPE, QUOTA_PROJECT_ID_HEADER_KEY, quotaProjectId, SERVICE_ACCOUNT_FILE_TYPE, USER_FILE_TYPE

Fields inherited from class OAuth2Credentials

clock, DEFAULT_EXPIRATION_MARGIN, DEFAULT_REFRESH_MARGIN, lock, refreshTask

Fields inherited from class Credentials

GOOGLE_DEFAULT_UNIVERSE

Constructor Summary

Constructors

Modifier	Constructor	Description
private	ExternalAccountAuthorizedUserCredentials(ExternalAccountAuthorizedUserCredentials.Builder builder)	Internal constructor.

Method Summary

Modifier and Type	Method	Description
private com.google.api.client.http.HttpRequest	buildRefreshRequest()
private boolean	canRefresh()
boolean	equals(Object obj)
(package private) static ExternalAccountAuthorizedUserCredentials	fromJson(Map<String,Object> json, HttpTransportFactory transportFactory)	Returns external account authorized user credentials defined by JSON contents using the format supported by the Cloud SDK.
static ExternalAccountAuthorizedUserCredentials	fromStream(InputStream credentialsStream)	Returns external account authorized user credentials defined by a JSON file stream.
static ExternalAccountAuthorizedUserCredentials	fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory)	Returns external account authorized user credentials defined by a JSON file stream.
String	getAudience()
String	getClientId()
String	getClientSecret()
String	getRefreshToken()
String	getRevokeUrl()
String	getTokenInfoUrl()
String	getTokenUrl()
int	hashCode()
static ExternalAccountAuthorizedUserCredentials.Builder	newBuilder()
private void	readObject(ObjectInputStream input)
AccessToken	refreshAccessToken()	Method to refresh the access token according to the specific type of credentials.
ExternalAccountAuthorizedUserCredentials.Builder	toBuilder()
String	toString()

Methods inherited from class GoogleCredentials

addQuotaProjectIdToRequestMetadata, create, create, createDelegated, createScoped, createScoped, createScoped, createScopedRequired, createWithCustomRetryStrategy, createWithQuotaProject, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getQuotaProjectId, getUniverseDomain, isDefaultUniverseDomain, isExplicitUniverseDomain, toStringHelper

Methods inherited from class OAuth2Credentials

addChangeListener, getAccessToken, getAuthenticationType, getExpirationMargin, getFromServiceLoader, getRefreshMargin, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener

Methods inherited from class Credentials

blockingGetToCallback, getMetricsCredentialType, getRequestMetadata

Methods inherited from class Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details

PARSE_ERROR_PREFIX

private static final String PARSE_ERROR_PREFIX

See Also:

• Constant Field Values

serialVersionUID

private static final long serialVersionUID

See Also:

• Constant Field Values

EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE

static final String EXTERNAL_ACCOUNT_AUTHORIZED_USER_FILE_TYPE

See Also:

• Constant Field Values

transportFactoryClassName

private final String transportFactoryClassName

audience

private final String audience

tokenUrl

private final String tokenUrl

tokenInfoUrl

private final String tokenInfoUrl

revokeUrl

private final String revokeUrl

clientId

private final String clientId

clientSecret

private final String clientSecret

refreshToken

private String refreshToken

transportFactory

private transient HttpTransportFactory transportFactory

Constructor Details

ExternalAccountAuthorizedUserCredentials

private ExternalAccountAuthorizedUserCredentials(ExternalAccountAuthorizedUserCredentials.Builder builder)

Internal constructor.

Parameters:

builder - A builder for ExternalAccountAuthorizedUserCredentials. See ExternalAccountAuthorizedUserCredentials.Builder

Method Details

fromStream

public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream)
                                                           throws IOException

Returns external account authorized user credentials defined by a JSON file stream.

Parameters:

credentialsStream - the stream with the credential definition

Returns:

the credential defined by the credentialsStream

Throws:

IOException - if the credential cannot be created from the stream

fromStream

public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream,
 HttpTransportFactory transportFactory)
                                                           throws IOException

Returns external account authorized user credentials defined by a JSON file stream.

Parameters:

credentialsStream - the stream with the credential definition

transportFactory - the HTTP transport factory used to create the transport to get access tokens

Returns:

the credential defined by the credentialsStream

Throws:

IOException - if the credential cannot be created from the stream

refreshAccessToken

public AccessToken refreshAccessToken()
                               throws IOException

Description copied from class: OAuth2Credentials

Method to refresh the access token according to the specific type of credentials.

Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.

Overrides:

refreshAccessToken in class OAuth2Credentials

Returns:

never

Throws:

IOException

getAudience

@Nullable
public String getAudience()

getClientId

@Nullable
public String getClientId()

getClientSecret

@Nullable
public String getClientSecret()

getRevokeUrl

@Nullable
public String getRevokeUrl()

getTokenUrl

@Nullable
public String getTokenUrl()

getTokenInfoUrl

@Nullable
public String getTokenInfoUrl()

getRefreshToken

@Nullable
public String getRefreshToken()

newBuilder

public static ExternalAccountAuthorizedUserCredentials.Builder newBuilder()

hashCode

public int hashCode()

Overrides:

hashCode in class GoogleCredentials

toString

public String toString()

Overrides:

toString in class GoogleCredentials

equals

public boolean equals(Object obj)

Overrides:

equals in class GoogleCredentials

toBuilder

public ExternalAccountAuthorizedUserCredentials.Builder toBuilder()

Overrides:

toBuilder in class GoogleCredentials

fromJson

static ExternalAccountAuthorizedUserCredentials fromJson(Map<String,Object> json,
 HttpTransportFactory transportFactory)
                                                  throws IOException

Returns external account authorized user credentials defined by JSON contents using the format supported by the Cloud SDK.

Parameters:

json - a map from the JSON representing the credentials

transportFactory - HTTP transport factory, creates the transport used to get access tokens

Returns:

the external account authorized user credentials defined by the JSON

Throws:

IOException

readObject

private void readObject(ObjectInputStream input)
                 throws IOException,
ClassNotFoundException

Throws:

IOException

ClassNotFoundException

canRefresh

private boolean canRefresh()

buildRefreshRequest

private com.google.api.client.http.HttpRequest buildRefreshRequest()
                                                            throws IOException

Throws:

IOException