Package com.google.auth.oauth2

Class ServiceAccountJwtAccessCredentials

java.lang.Object
com.google.auth.Credentials
com.google.auth.oauth2.ServiceAccountJwtAccessCredentials
All Implemented Interfaces:
JwtProvider, QuotaProjectIdProvider, ServiceAccountSigner, Serializable
public class ServiceAccountJwtAccessCredentials extends Credentials implements JwtProvider, ServiceAccountSigner, QuotaProjectIdProvider
Service Account credentials for calling Google APIs using a JWT directly for access.

Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.

See Also:

  • Method Details

    • fromPkcs8

      public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId) throws IOException
      Factory using PKCS#8 for the private key.
      Parameters:
      clientId - Client ID of the service account from the console. May be null.
      clientEmail - Client email address of the service account from the console.
      privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.
      privateKeyId - Private key identifier for the service account. May be null.
      Returns:
      New ServiceAccountJwtAcceessCredentials created from a private key.
      Throws:
      IOException - if the credential cannot be created from the private key.

    • fromPkcs8

      public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId, URI defaultAudience) throws IOException
      Factory using PKCS#8 for the private key.
      Parameters:
      clientId - Client ID of the service account from the console. May be null.
      clientEmail - Client email address of the service account from the console.
      privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.
      privateKeyId - Private key identifier for the service account. May be null.
      defaultAudience - Audience to use if not provided by transport. May be null.
      Returns:
      New ServiceAccountJwtAcceessCredentials created from a private key.
      Throws:
      IOException - if the credential cannot be created from the private key.

    • fromStream

      public static ServiceAccountJwtAccessCredentials fromStream(InputStream credentialsStream) throws IOException
      Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
      Parameters:
      credentialsStream - the stream with the credential definition.
      Returns:
      the credential defined by the credentialsStream.
      Throws:
      IOException - if the credential cannot be created from the stream.

    • fromStream

      public static ServiceAccountJwtAccessCredentials fromStream(InputStream credentialsStream, URI defaultAudience) throws IOException
      Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
      Parameters:
      credentialsStream - the stream with the credential definition.
      defaultAudience - Audience to use if not provided by transport. May be null.
      Returns:
      the credential defined by the credentialsStream.
      Throws:
      IOException - if the credential cannot be created from the stream.

    • jwtWithClaims

      public JwtCredentials jwtWithClaims(JwtClaims newClaims)
      Returns a new JwtCredentials instance with modified claims.
      Specified by:
      jwtWithClaims in interface JwtProvider
      Parameters:
      newClaims - new claims. Any unspecified claim fields will default to the current values.
      Returns:
      new credentials

    • getAuthenticationType

      public String getAuthenticationType()
      Specified by:
      getAuthenticationType in class Credentials

    • hasRequestMetadata

      public boolean hasRequestMetadata()
      Specified by:
      hasRequestMetadata in class Credentials

    • hasRequestMetadataOnly

      public boolean hasRequestMetadataOnly()
      Specified by:
      hasRequestMetadataOnly in class Credentials

    • getRequestMetadata

      public void getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback callback)
      Overrides:
      getRequestMetadata in class Credentials

    • getRequestMetadata

      public Map<String,List<String>> getRequestMetadata(URI uri) throws IOException
      Provide the request metadata by putting an access JWT directly in the metadata.
      Specified by:
      getRequestMetadata in class Credentials
      Throws:
      IOException

    • refresh

      public void refresh()
      Discard any cached data
      Specified by:
      refresh in class Credentials

    • getClientId

      public final String getClientId()

    • getClientEmail

      public final String getClientEmail()

    • getPrivateKey

      public final PrivateKey getPrivateKey()

    • getPrivateKeyId

      public final String getPrivateKeyId()

    • getUniverseDomain

      public final String getUniverseDomain()
      Returns the universe domain (example, googleapis.com) for the credentials instance.
      Overrides:
      getUniverseDomain in class Credentials

    • getAccount

      public String getAccount()
      Specified by:
      getAccount in interface ServiceAccountSigner

    • sign

      public byte[] sign(byte[] toSign)
      Specified by:
      sign in interface ServiceAccountSigner

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • newBuilder

      public static ServiceAccountJwtAccessCredentials.Builder newBuilder()

    • toBuilder

      public ServiceAccountJwtAccessCredentials.Builder toBuilder()

    • getQuotaProjectId

      public String getQuotaProjectId()
      Specified by:
      getQuotaProjectId in interface QuotaProjectIdProvider
      Returns:
      the quota project ID used for quota and billing purposes