All Classes and Interfaces
Class
Description
Represents a temporary OAuth2 access token and its expiration information.
Constants used for auth in http
Credentials representing an AWS third-party identity for calling Google APIs.
The AWS credential source.
Defines AWS security credentials.
Supplier for retrieving AWS Security credentials for
AwsCredentials to exchange for GCP
access tokens.Provider for retrieving the subject tokens for
IdentityPoolCredentials by reading an
X.509 certificate from the filesystem.This exception is thrown by certificate providers in the Google auth library when the certificate
source is unavailable.
An OAuth2 user authorization Client ID and associated information.
OAuth2 credentials representing the built-in service account for Google Cloud Shell.
OAuth2 credentials representing the built-in service account for a Google Compute Engine VM.
Experimental Feature.
Experimental Feature.
Data class representing context_aware_metadata.json file.
Defines an upper bound of permissions available for a GCP credential via
CredentialAccessBoundary.AccessBoundaryRules.Defines an upper bound of permissions on a particular resource.
An optional condition that can be used as part of a
CredentialAccessBoundary.AccessBoundaryRule to further
restrict permissions.Implements PKCE using only the Java standard library.
DownscopedCredentials enables the ability to downscope, or restrict, the Identity and Access
Management (IAM) permissions that a short-lived credential can use for Cloud Storage.
Interface for an environment provider.
OAuth2 credentials sourced using external identities through Workforce Identity Federation.
Builder for
ExternalAccountAuthorizedUserCredentials.Base external account credentials class.
Base builder for external account credentials.
Enum specifying values for the subjectTokenType field in
ExternalAccountCredentials.Context object to pass relevant variables from external account credentials to suppliers.
This public class provides shared utilities for common OAuth2 utils or ADC.
Base type for credentials for authorizing calls to Google APIs using OAuth2.
A wrapper for using Credentials with the Google API Client Libraries for Java with Http.
A base interface for all
HttpTransport factories.Url-sourced, file-sourced, or user provided supplier method-sourced external account credentials.
The IdentityPool credential source.
Represents the configuration options for X.509-based workload credentials (mTLS).
Represents a temporary IdToken and its JsonWebSignature object
IdTokenCredentials provides a Google Issued OpenIdConnect token.
Interface for an Google OIDC token provider.
Enum of various credential-specific options to apply to the token.
ImpersonatedCredentials allowing credentials issued to a user or service account to impersonate
another.
Value class representing the set of fields used as the payload of a JWT token.
Credentials class for calling Google APIs using a JWT with custom claims.
Interface for creating custom JWT tokens
Represents an in-memory storage of tokens.
An HttpTransportFactory that creates
NetHttpTransport instances configured for mTLS
(mutual TLS) using a specific KeyStore containing the client's certificate and private
key.MtlsProvider is used by the Gax library for configuring mutual TLS in the HTTP and GRPC transport
layer.
Utility class for mTLS related operations.
Base type for Credentials using OAuth2.
Listener for changes to credentials.
A refreshable alternative to
OAuth2Credentials.Interface for the refresh handler.
Internal utilities for the com.google.auth.oauth2 namespace.
PluggableAuthCredentials enables the exchange of workload identity pool external credentials for
Google access tokens by retrieving 3rd party tokens through a user supplied executable.
Encapsulates the credential source portion of the configuration for PluggableAuthCredentials.
Interface for a system property provider.
Interface for
GoogleCredentials that return a quota project ID.This class implements
MtlsProvider for the Google Auth library transport layer via ContextAwareMetadataJson.Utilities to fetch the S2A (Secure Session Agent) address from the mTLS configuration.
Holds an mTLS configuration (consists of address of S2A) retrieved from the Metadata Server.
OAuth2 credentials representing a Service Account for calling Google APIs.
Service Account credentials for calling Google APIs using a JWT directly for access.
Implements the OAuth 2.0 token exchange based on RFC 8693.
Represents an OAuth 2.0 token exchange request, as defined in RFC 8693, Section 2.1.
Represents a successful OAuth 2.0 token exchange response from the Google Security Token Service
(STS), as defined in RFC 8693,
Section 2.2.1.
Represents the default system environment provider.
Represents the default system property provider.
Interface for long term storage of tokens
Handle verification of Google-signed JWT tokens.
Custom exception for wrapping all verification errors.
Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.
Represents the client authentication types as specified in RFC 7591.
Represents the response from an OAuth token exchange, including configuration details used to
initiate the flow.
OAuth2 Credentials representing a user's identity and consent.
This class implements
MtlsProvider for the Google Auth library transport layer via WorkloadCertificateConfiguration.