Package com.google.auth.oauth2
package com.google.auth.oauth2
-
ClassDescriptionRepresents a temporary OAuth2 access token and its expiration information.Credentials representing an AWS third-party identity for calling Google APIs.The AWS credential source.Defines AWS security credentials.Supplier for retrieving AWS Security credentials for
AwsCredentialsto exchange for GCP access tokens.Provider for retrieving the subject tokens forIdentityPoolCredentialsby reading an X.509 certificate from the filesystem.An OAuth2 user authorization Client ID and associated information.OAuth2 credentials representing the built-in service account for Google Cloud Shell.OAuth2 credentials representing the built-in service account for a Google Compute Engine VM.Experimental Feature.Experimental Feature.Defines an upper bound of permissions available for a GCP credential viaCredentialAccessBoundary.AccessBoundaryRules.Defines an upper bound of permissions on a particular resource.An optional condition that can be used as part of aCredentialAccessBoundary.AccessBoundaryRuleto further restrict permissions.Implements PKCE using only the Java standard library.DownscopedCredentials enables the ability to downscope, or restrict, the Identity and Access Management (IAM) permissions that a short-lived credential can use for Cloud Storage.Interface for an environment provider.OAuth2 credentials sourced using external identities through Workforce Identity Federation.Builder forExternalAccountAuthorizedUserCredentials.Base external account credentials class.Base builder for external account credentials.Enum specifying values for the subjectTokenType field inExternalAccountCredentials.Context object to pass relevant variables from external account credentials to suppliers.This public class provides shared utilities for common OAuth2 utils or ADC.Base type for credentials for authorizing calls to Google APIs using OAuth2.Url-sourced, file-sourced, or user provided supplier method-sourced external account credentials.The IdentityPool credential source.Represents the configuration options for X.509-based workload credentials (mTLS).Represents a temporary IdToken and its JsonWebSignature objectIdTokenCredentials provides a Google Issued OpenIdConnect token.Interface for an Google OIDC token provider.Enum of various credential-specific options to apply to the token.ImpersonatedCredentials allowing credentials issued to a user or service account to impersonate another.Value class representing the set of fields used as the payload of a JWT token.Credentials class for calling Google APIs using a JWT with custom claims.Interface for creating custom JWT tokensRepresents an in-memory storage of tokens.Base type for Credentials using OAuth2.Listener for changes to credentials.A refreshable alternative toOAuth2Credentials.Interface for the refresh handler.Internal utilities for the com.google.auth.oauth2 namespace.PluggableAuthCredentials enables the exchange of workload identity pool external credentials for Google access tokens by retrieving 3rd party tokens through a user supplied executable.Encapsulates the credential source portion of the configuration for PluggableAuthCredentials.Interface for a system property provider.Interface forGoogleCredentialsthat return a quota project ID.Utilities to fetch the S2A (Secure Session Agent) address from the mTLS configuration.Holds an mTLS configuration (consists of address of S2A) retrieved from the Metadata Server.OAuth2 credentials representing a Service Account for calling Google APIs.Service Account credentials for calling Google APIs using a JWT directly for access.Implements the OAuth 2.0 token exchange based on RFC 8693.Represents an OAuth 2.0 token exchange request, as defined in RFC 8693, Section 2.1.Represents a successful OAuth 2.0 token exchange response from the Google Security Token Service (STS), as defined in RFC 8693, Section 2.2.1.Represents the default system environment provider.Represents the default system property provider.Interface for long term storage of tokensHandle verification of Google-signed JWT tokens.Custom exception for wrapping all verification errors.Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.Represents the client authentication types as specified in RFC 7591.Represents the response from an OAuth token exchange, including configuration details used to initiate the flow.OAuth2 Credentials representing a user's identity and consent.