com.google.auth.oauth2

Class ServiceAccountJwtAccessCredentials

java.lang.Object

com.google.auth.Credentials

com.google.auth.oauth2.ServiceAccountJwtAccessCredentials

All Implemented Interfaces:

JwtProvider, QuotaProjectIdProvider, ServiceAccountSigner, Serializable

public class ServiceAccountJwtAccessCredentials
extends Credentials
implements JwtProvider, ServiceAccountSigner, QuotaProjectIdProvider

Service Account credentials for calling Google APIs using a JWT directly for access.

Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ServiceAccountJwtAccessCredentials.Builder

Nested classes/interfaces inherited from interface com.google.auth.ServiceAccountSigner

ServiceAccountSigner.SigningException

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
static ServiceAccountJwtAccessCredentials	fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId) Factory using PKCS#8 for the private key.
static ServiceAccountJwtAccessCredentials	fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId, URI defaultAudience) Factory using PKCS#8 for the private key.
static ServiceAccountJwtAccessCredentials	fromStream(InputStream credentialsStream) Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
static ServiceAccountJwtAccessCredentials	fromStream(InputStream credentialsStream, URI defaultAudience) Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
String	getAccount()
String	getAuthenticationType()
String	getClientEmail()
String	getClientId()
PrivateKey	getPrivateKey()
String	getPrivateKeyId()
String	getQuotaProjectId()
Map<String,List<String>>	getRequestMetadata(URI uri) Provide the request metadata by putting an access JWT directly in the metadata.
void	getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback callback)
int	hashCode()
boolean	hasRequestMetadata()
boolean	hasRequestMetadataOnly()
JwtCredentials	jwtWithClaims(JwtClaims newClaims) Returns a new JwtCredentials instance with modified claims.
static ServiceAccountJwtAccessCredentials.Builder	newBuilder()
void	refresh() Discard any cached data
byte[]	sign(byte[] toSign)
ServiceAccountJwtAccessCredentials.Builder	toBuilder()
String	toString()

Methods inherited from class com.google.auth.Credentials

blockingGetToCallback, getRequestMetadata

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Detail

fromPkcs8

public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId,
                                                           String clientEmail,
                                                           String privateKeyPkcs8,
                                                           String privateKeyId)
                                                    throws IOException

Factory using PKCS#8 for the private key.

Parameters:

clientId - Client ID of the service account from the console. May be null.

clientEmail - Client email address of the service account from the console.

privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.

privateKeyId - Private key identifier for the service account. May be null.

Returns:

New ServiceAccountJwtAcceessCredentials created from a private key.

Throws:

IOException - if the credential cannot be created from the private key.

fromPkcs8

public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId,
                                                           String clientEmail,
                                                           String privateKeyPkcs8,
                                                           String privateKeyId,
                                                           URI defaultAudience)
                                                    throws IOException

Factory using PKCS#8 for the private key.

Parameters:

clientId - Client ID of the service account from the console. May be null.

clientEmail - Client email address of the service account from the console.

privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.

privateKeyId - Private key identifier for the service account. May be null.

defaultAudience - Audience to use if not provided by transport. May be null.

Returns:

New ServiceAccountJwtAcceessCredentials created from a private key.

Throws:

IOException - if the credential cannot be created from the private key.

fromStream

public static ServiceAccountJwtAccessCredentials fromStream(InputStream credentialsStream)
                                                     throws IOException

Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.

Parameters:

credentialsStream - the stream with the credential definition.

Returns:

the credential defined by the credentialsStream.

Throws:

IOException - if the credential cannot be created from the stream.

fromStream

public static ServiceAccountJwtAccessCredentials fromStream(InputStream credentialsStream,
                                                            URI defaultAudience)
                                                     throws IOException

Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.

Parameters:

credentialsStream - the stream with the credential definition.

defaultAudience - Audience to use if not provided by transport. May be null.

Returns:

the credential defined by the credentialsStream.

Throws:

IOException - if the credential cannot be created from the stream.

jwtWithClaims

public JwtCredentials jwtWithClaims(JwtClaims newClaims)

Returns a new JwtCredentials instance with modified claims.

Specified by:

jwtWithClaims in interface JwtProvider

Parameters:

newClaims - new claims. Any unspecified claim fields will default to the the current values.

Returns:

new credentials

getAuthenticationType

public String getAuthenticationType()

Specified by:

getAuthenticationType in class Credentials

hasRequestMetadata

public boolean hasRequestMetadata()

Specified by:

hasRequestMetadata in class Credentials

hasRequestMetadataOnly

public boolean hasRequestMetadataOnly()

Specified by:

hasRequestMetadataOnly in class Credentials

getRequestMetadata

public void getRequestMetadata(URI uri,
                               Executor executor,
                               RequestMetadataCallback callback)

Overrides:

getRequestMetadata in class Credentials

getRequestMetadata

public Map<String,List<String>> getRequestMetadata(URI uri)
                                            throws IOException

Provide the request metadata by putting an access JWT directly in the metadata.

Specified by:

getRequestMetadata in class Credentials

Throws:

IOException

refresh

public void refresh()

Discard any cached data

Specified by:

refresh in class Credentials

getClientId

public final String getClientId()

getClientEmail

public final String getClientEmail()

getPrivateKey

public final PrivateKey getPrivateKey()

getPrivateKeyId

public final String getPrivateKeyId()

getAccount

public String getAccount()

Specified by:

getAccount in interface ServiceAccountSigner

sign

public byte[] sign(byte[] toSign)

Specified by:

sign in interface ServiceAccountSigner

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

newBuilder

public static ServiceAccountJwtAccessCredentials.Builder newBuilder()

toBuilder

public ServiceAccountJwtAccessCredentials.Builder toBuilder()

getQuotaProjectId

public String getQuotaProjectId()

Specified by:

getQuotaProjectId in interface QuotaProjectIdProvider

Returns:

the quota project ID used for quota and billing purposes