Class GoogleCredentials

java.lang.Object
com.google.auth.Credentials
com.google.auth.oauth2.OAuth2Credentials
com.google.auth.oauth2.GoogleCredentials
All Implemented Interfaces:
QuotaProjectIdProvider, Serializable
Direct Known Subclasses:
AppEngineCredentials, CloudShellCredentials, ComputeEngineCredentials, ExternalAccountAuthorizedUserCredentials, ExternalAccountCredentials, GdchCredentials, ImpersonatedCredentials, ServiceAccountCredentials, UserCredentials
public class GoogleCredentials extends OAuth2Credentials implements QuotaProjectIdProvider
Base type for credentials for authorizing calls to Google APIs using OAuth2.
See Also:

  • Field Details

  • Constructor Details

    • GoogleCredentials

      protected GoogleCredentials()
      Default constructor.

    • GoogleCredentials

      @Deprecated protected GoogleCredentials(AccessToken accessToken, String quotaProjectId)
      Deprecated.
      Constructor with an explicit access token and quotaProjectId.

      Deprecated, please use the GoogleCredentials(Builder) constructor whenever possible.

      Parameters:
      accessToken - initial or temporary access token
      quotaProjectId - a quotaProjectId, a project id to be used for billing purposes

    • GoogleCredentials

      @Deprecated public GoogleCredentials(AccessToken accessToken)
      Deprecated.
      Constructor with explicit access token.
      Parameters:
      accessToken - initial or temporary access token

    • GoogleCredentials

      protected GoogleCredentials(GoogleCredentials.Builder builder)
      Constructor that relies on a GoogleCredentials.Builder to provide all the necessary field values for initialization.
      Parameters:
      builder - an instance of a builder

    • GoogleCredentials

      @Deprecated protected GoogleCredentials(AccessToken accessToken, Duration refreshMargin, Duration expirationMargin)
      Deprecated.
      Constructor with explicit access token and refresh margins.

      Deprecated, please use the GoogleCredentials(Builder) constructor whenever possible.

      Parameters:
      accessToken - initial or temporary access token

  • Method Details

    • create

      public static GoogleCredentials create(AccessToken accessToken)
      Returns the credentials instance from the given access token.
      Parameters:
      accessToken - the access token
      Returns:
      the credentials instance

    • create

      public static GoogleCredentials create(String universeDomain, AccessToken accessToken)
      Returns the credentials instance from the given access token and universe domain.
      Parameters:
      universeDomain - the universe domain
      accessToken - the access token
      Returns:
      the credentials instance

    • getApplicationDefault

      public static GoogleCredentials getApplicationDefault() throws IOException
      Returns the Application Default Credentials.

      Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:

      1. Credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
      2. Credentials provided by the Google Cloud SDK.
        1. gcloud auth application-default login for user account credentials.
        2. gcloud auth application-default login --impersonate-service-account for impersonated service account credentials.
      3. Google App Engine built-in credentials
      4. Google Cloud Shell built-in credentials
      5. Google Compute Engine built-in credentials
      Returns:
      the credentials instance.
      Throws:
      IOException - if the credentials cannot be created in the current environment.

    • getApplicationDefault

      public static GoogleCredentials getApplicationDefault(HttpTransportFactory transportFactory) throws IOException
      Returns the Application Default Credentials.

      Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:

      1. Credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
      2. Credentials provided by the Google Cloud SDK gcloud auth application-default login command
      3. Google App Engine built-in credentials
      4. Google Cloud Shell built-in credentials
      5. Google Compute Engine built-in credentials
      Parameters:
      transportFactory - HTTP transport factory, creates the transport used to get access tokens.
      Returns:
      the credentials instance.
      Throws:
      IOException - if the credentials cannot be created in the current environment.

    • fromStream

      public static GoogleCredentials fromStream(InputStream credentialsStream) throws IOException
      Returns credentials defined by a JSON file stream.

      The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.

      Parameters:
      credentialsStream - the stream with the credential definition.
      Returns:
      the credential defined by the credentialsStream.
      Throws:
      IOException - if the credential cannot be created from the stream.

    • fromStream

      public static GoogleCredentials fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory) throws IOException
      Returns credentials defined by a JSON file stream.

      The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.

      Parameters:
      credentialsStream - the stream with the credential definition.
      transportFactory - HTTP transport factory, creates the transport used to get access tokens.
      Returns:
      the credential defined by the credentialsStream.
      Throws:
      IOException - if the credential cannot be created from the stream.

    • createWithQuotaProject

      public GoogleCredentials createWithQuotaProject(String quotaProject)
      Creates a credential with the provided quota project.
      Parameters:
      quotaProject - the quota project to set on the credential
      Returns:
      credential with the provided quota project

    • getUniverseDomain

      public String getUniverseDomain() throws IOException
      Gets the universe domain for the credential.
      Overrides:
      getUniverseDomain in class Credentials
      Returns:
      An explicit universe domain if it was explicitly provided, invokes the super implementation otherwise
      Throws:
      IOException - extending classes might have to do remote calls to determine the universe domain. The exception must implement Retryable and isRetryable() will return true if the operation may be retried.

    • isExplicitUniverseDomain

      protected boolean isExplicitUniverseDomain()
      Gets the flag indicating whether universeDomain was explicitly set by the developer.

      If subclass has a requirement to give priority to developer-set universeDomain, this property must be used to check if the universeDomain value was provided by the user. It could be a default otherwise.

      Returns:
      true if universeDomain value was provided by the developer, false otherwise

    • isDefaultUniverseDomain

      boolean isDefaultUniverseDomain() throws IOException
      Checks if universe domain equals to Credentials.GOOGLE_DEFAULT_UNIVERSE.
      Returns:
      true if universe domain equals to Credentials.GOOGLE_DEFAULT_UNIVERSE, false otherwise
      Throws:
      IOException

    • addQuotaProjectIdToRequestMetadata

      static Map<String, List<String>> addQuotaProjectIdToRequestMetadata(String quotaProjectId, Map<String, List<String>> requestMetadata)
      Adds quota project ID to requestMetadata if present.
      Returns:
      a new map with quotaProjectId added if needed

    • getAdditionalHeaders

      protected Map<String, List<String>> getAdditionalHeaders()
      Description copied from class: OAuth2Credentials
      Provide additional headers to return as request metadata.
      Overrides:
      getAdditionalHeaders in class OAuth2Credentials
      Returns:
      additional headers

    • toStringHelper

      protected com.google.common.base.MoreObjects.ToStringHelper toStringHelper()
      A helper for overriding the toString() method. This allows inheritance of super class fields. Extending classes can override this implementation and call super implementation and add more fields. Same cannot be done with overriding the toString() directly.
      Returns:
      an instance of the ToStringHelper that has public fields added

    • toString

      public String toString()
      Overrides:
      toString in class OAuth2Credentials

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class OAuth2Credentials

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class OAuth2Credentials

    • newBuilder

      public static GoogleCredentials.Builder newBuilder()

    • toBuilder

      public GoogleCredentials.Builder toBuilder()
      Overrides:
      toBuilder in class OAuth2Credentials

    • getQuotaProjectId

      public String getQuotaProjectId()
      Specified by:
      getQuotaProjectId in interface QuotaProjectIdProvider
      Returns:
      the quota project ID used for quota and billing purposes

    • createScopedRequired

      public boolean createScopedRequired()
      Indicates whether the credentials require scopes to be specified via a call to createScoped(Collection) before use.
      Returns:
      Whether the credentials require scopes to be specified.

    • createScoped

      public GoogleCredentials createScoped(Collection<String> scopes)
      If the credentials support scopes, creates a copy of the identity with the specified scopes, invalidates the existing scoped access token; otherwise, return the same instance.
      Parameters:
      scopes - Collection of scopes to request.
      Returns:
      GoogleCredentials with requested scopes.

    • createScoped

      public GoogleCredentials createScoped(Collection<String> scopes, Collection<String> defaultScopes)
      If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance. This is mainly used by client libraries.
      Parameters:
      scopes - Collection of scopes to request.
      defaultScopes - Collection of default scopes to request.
      Returns:
      GoogleCredentials with requested scopes.

    • createScoped

      public GoogleCredentials createScoped(String... scopes)
      If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.
      Parameters:
      scopes - Collection of scopes to request.
      Returns:
      GoogleCredentials with requested scopes.

    • createWithCustomRetryStrategy

      public GoogleCredentials createWithCustomRetryStrategy(boolean defaultRetriesEnabled)
      If the credentials support automatic retries, creates a copy of the identity with the provided retry strategy
      Parameters:
      defaultRetriesEnabled - a flag enabling or disabling default retries
      Returns:
      GoogleCredentials with the new default retries configuration.

    • createDelegated

      public GoogleCredentials createDelegated(String user)
      If the credentials support domain-wide delegation, creates a copy of the identity so that it impersonates the specified user; otherwise, returns the same instance.
      Parameters:
      user - User to impersonate.
      Returns:
      GoogleCredentials with a delegated user.