| Package | Description |
|---|---|
| com.google.auth.oauth2 |
| Class and Description |
|---|
| AccessToken
Represents a temporary OAuth2 access token and its expiration information.
|
| AccessToken.Builder |
| AwsCredentials
Credentials representing an AWS third-party identity for calling Google APIs.
|
| AwsCredentials.Builder |
| AwsCredentialSource
The AWS credential source.
|
| AwsSecurityCredentials
Defines AWS security credentials.
|
| AwsSecurityCredentialsSupplier
Supplier for retrieving AWS Security credentials for
AwsCredentials to exchange for GCP
access tokens. |
| ClientId
An OAuth2 user authorization Client ID and associated information.
|
| ClientId.Builder |
| CloudShellCredentials
OAuth2 credentials representing the built-in service account for Google Cloud Shell.
|
| CloudShellCredentials.Builder |
| ComputeEngineCredentials
OAuth2 credentials representing the built-in service account for a Google Compute Engine VM.
|
| ComputeEngineCredentials.BindingEnforcement
Experimental Feature.
|
| ComputeEngineCredentials.Builder |
| ComputeEngineCredentials.GoogleAuthTransport
Experimental Feature.
|
| CredentialAccessBoundary
Defines an upper bound of permissions available for a GCP credential via
CredentialAccessBoundary.AccessBoundaryRules. |
| CredentialAccessBoundary.AccessBoundaryRule
Defines an upper bound of permissions on a particular resource.
|
| CredentialAccessBoundary.AccessBoundaryRule.AvailabilityCondition
An optional condition that can be used as part of a
CredentialAccessBoundary.AccessBoundaryRule to further
restrict permissions. |
| CredentialAccessBoundary.AccessBoundaryRule.AvailabilityCondition.Builder |
| CredentialAccessBoundary.AccessBoundaryRule.Builder |
| CredentialAccessBoundary.Builder |
| DownscopedCredentials
DownscopedCredentials enables the ability to downscope, or restrict, the Identity and Access
Management (IAM) permissions that a short-lived credential can use for Cloud Storage.
|
| DownscopedCredentials.Builder |
| ExternalAccountAuthorizedUserCredentials
OAuth2 credentials sourced using external identities through Workforce Identity Federation.
|
| ExternalAccountAuthorizedUserCredentials.Builder
Builder for
ExternalAccountAuthorizedUserCredentials. |
| ExternalAccountCredentials
Base external account credentials class.
|
| ExternalAccountCredentials.Builder
Base builder for external account credentials.
|
| ExternalAccountCredentials.SubjectTokenTypes
Enum specifying values for the subjectTokenType field in
ExternalAccountCredentials. |
| ExternalAccountSupplierContext
Context object to pass relevant variables from external account credentials to suppliers.
|
| GdchCredentials |
| GdchCredentials.Builder |
| GoogleCredentials
Base type for credentials for authorizing calls to Google APIs using OAuth2.
|
| GoogleCredentials.Builder |
| IdentityPoolCredentials
Url-sourced, file-sourced, or user provided supplier method-sourced external account credentials.
|
| IdentityPoolCredentials.Builder |
| IdentityPoolCredentialSource
The IdentityPool credential source.
|
| IdentityPoolSubjectTokenSupplier |
| IdToken
Represents a temporary IdToken and its JsonWebSignature object
|
| IdTokenCredentials
IdTokenCredentials provides a Google Issued OpenIdConnect token.
|
| IdTokenCredentials.Builder |
| IdTokenProvider
Interface for an Google OIDC token provider.
|
| IdTokenProvider.Option
Enum of various credential-specific options to apply to the token.
|
| ImpersonatedCredentials
ImpersonatedCredentials allowing credentials issued to a user or service account to impersonate
another.
|
| ImpersonatedCredentials.Builder |
| JwtClaims
Value class representing the set of fields used as the payload of a JWT token.
|
| JwtClaims.Builder |
| JwtCredentials
Credentials class for calling Google APIs using a JWT with custom claims.
|
| JwtCredentials.Builder |
| JwtProvider
Interface for creating custom JWT tokens
|
| OAuth2Credentials
Base type for Credentials using OAuth2.
|
| OAuth2Credentials.Builder |
| OAuth2Credentials.CredentialsChangedListener
Listener for changes to credentials.
|
| OAuth2CredentialsWithRefresh
A refreshable alternative to
OAuth2Credentials. |
| OAuth2CredentialsWithRefresh.Builder |
| OAuth2CredentialsWithRefresh.OAuth2RefreshHandler
Interface for the refresh handler.
|
| PKCEProvider |
| PluggableAuthCredentials
PluggableAuthCredentials enables the exchange of workload identity pool external credentials for
Google access tokens by retrieving 3rd party tokens through a user supplied executable.
|
| PluggableAuthCredentials.Builder |
| PluggableAuthCredentialSource
Encapsulates the credential source portion of the configuration for PluggableAuthCredentials.
|
| QuotaProjectIdProvider
Interface for
GoogleCredentials that return a quota project ID. |
| SecureSessionAgent
Utilities to fetch the S2A (Secure Session Agent) address from the mTLS configuration.
|
| SecureSessionAgent.Builder |
| SecureSessionAgentConfig
Holds an mTLS configuration (consists of address of S2A) retrieved from the Metadata Server.
|
| SecureSessionAgentConfig.Builder |
| ServiceAccountCredentials
OAuth2 credentials representing a Service Account for calling Google APIs.
|
| ServiceAccountCredentials.Builder |
| ServiceAccountJwtAccessCredentials
Service Account credentials for calling Google APIs using a JWT directly for access.
|
| ServiceAccountJwtAccessCredentials.Builder |
| StsRequestHandler
Implements the OAuth 2.0 token exchange based on RFC 8693.
|
| StsRequestHandler.Builder |
| StsTokenExchangeRequest
Represents an OAuth 2.0 token exchange request, as defined in RFC 8693, Section 2.1.
|
| StsTokenExchangeRequest.Builder |
| StsTokenExchangeResponse
Represents a successful OAuth 2.0 token exchange response from the Google Security Token Service
(STS), as defined in RFC 8693,
Section 2.2.1.
|
| StsTokenExchangeResponse.Builder |
| TokenStore
Interface for long term storage of tokens
|
| TokenVerifier
Handle verification of Google-signed JWT tokens.
|
| TokenVerifier.Builder |
| TokenVerifier.VerificationException
Custom exception for wrapping all verification errors.
|
| UserAuthorizer
Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.
|
| UserAuthorizer.Builder |
| UserAuthorizer.ClientAuthenticationType
Represents the client authentication types as specified in RFC 7591.
|
| UserAuthorizer.TokenResponseWithConfig
Represents the response from an OAuth token exchange, including configuration details used to
initiate the flow.
|
| UserCredentials
OAuth2 Credentials representing a user's identity and consent.
|
| UserCredentials.Builder |
Copyright © 2025 Google. All rights reserved.