com.google.auth.oauth2

Class ExternalAccountAuthorizedUserCredentials

java.lang.Object

com.google.auth.Credentials

com.google.auth.oauth2.OAuth2Credentials

com.google.auth.oauth2.GoogleCredentials

com.google.auth.oauth2.ExternalAccountAuthorizedUserCredentials

All Implemented Interfaces:

QuotaProjectIdProvider, Serializable

public class ExternalAccountAuthorizedUserCredentials
extends GoogleCredentials

OAuth2 credentials sourced using external identities through Workforce Identity Federation.

Obtaining the initial access and refresh token can be done through the Google Cloud CLI.

 Example credentials file:
 {
   "type": "external_account_authorized_user",
   "audience": "//iam.googleapis.com/locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID",
   "refresh_token": "refreshToken",
   "token_url": "https://sts.googleapis.com/v1/oauthtoken",
   "token_info_url": "https://sts.googleapis.com/v1/introspect",
   "client_id": "clientId",
   "client_secret": "clientSecret"
 }
 

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ExternalAccountAuthorizedUserCredentials.Builder Builder for ExternalAccountAuthorizedUserCredentials.

Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials

OAuth2Credentials.CredentialsChangedListener

Field Summary

Fields inherited from class com.google.auth.oauth2.GoogleCredentials

quotaProjectId

Fields inherited from class com.google.auth.Credentials

GOOGLE_DEFAULT_UNIVERSE

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
static ExternalAccountAuthorizedUserCredentials	fromStream(InputStream credentialsStream) Returns external account authorized user credentials defined by a JSON file stream.
static ExternalAccountAuthorizedUserCredentials	fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory) Returns external account authorized user credentials defined by a JSON file stream.
String	getAudience()
String	getClientId()
String	getClientSecret()
String	getRefreshToken()
String	getRevokeUrl()
String	getTokenInfoUrl()
String	getTokenUrl()
int	hashCode()
static ExternalAccountAuthorizedUserCredentials.Builder	newBuilder()
AccessToken	refreshAccessToken() Method to refresh the access token according to the specific type of credentials.
ExternalAccountAuthorizedUserCredentials.Builder	toBuilder()
String	toString()

Methods inherited from class com.google.auth.oauth2.GoogleCredentials

create, create, createDelegated, createScoped, createScoped, createScoped, createScopedRequired, createWithCustomRetryStrategy, createWithQuotaProject, getAdditionalHeaders, getApplicationDefault, getApplicationDefault, getCredentialInfo, getQuotaProjectId, getUniverseDomain, isExplicitUniverseDomain, toStringHelper

Methods inherited from class com.google.auth.oauth2.OAuth2Credentials

addChangeListener, getAccessToken, getAuthenticationType, getFromServiceLoader, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener

Methods inherited from class com.google.auth.Credentials

blockingGetToCallback, getMetricsCredentialType, getRequestMetadata

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Detail

fromStream

public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream)
                                                           throws IOException

Returns external account authorized user credentials defined by a JSON file stream.

Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to documentation.

Parameters:

credentialsStream - the stream with the credential definition

Returns:

the credential defined by the credentialsStream

Throws:

IOException - if the credential cannot be created from the stream

fromStream

public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream,
                                                                  HttpTransportFactory transportFactory)
                                                           throws IOException

Returns external account authorized user credentials defined by a JSON file stream.

Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to documentation.

Parameters:

credentialsStream - the stream with the credential definition

transportFactory - the HTTP transport factory used to create the transport to get access tokens

Returns:

the credential defined by the credentialsStream

Throws:

IOException - if the credential cannot be created from the stream

refreshAccessToken

public AccessToken refreshAccessToken()
                               throws IOException

Description copied from class: OAuth2Credentials

Method to refresh the access token according to the specific type of credentials.

Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.

Overrides:

refreshAccessToken in class OAuth2Credentials

Returns:

never

Throws:

IOException

getAudience

@Nullable
public String getAudience()

getClientId

@Nullable
public String getClientId()

getClientSecret

@Nullable
public String getClientSecret()

getRevokeUrl

@Nullable
public String getRevokeUrl()

getTokenUrl

@Nullable
public String getTokenUrl()

getTokenInfoUrl

@Nullable
public String getTokenInfoUrl()

getRefreshToken

@Nullable
public String getRefreshToken()

newBuilder

public static ExternalAccountAuthorizedUserCredentials.Builder newBuilder()

hashCode

public int hashCode()

Overrides:

hashCode in class GoogleCredentials

toString

public String toString()

Overrides:

toString in class GoogleCredentials

equals

public boolean equals(Object obj)

Overrides:

equals in class GoogleCredentials

toBuilder

public ExternalAccountAuthorizedUserCredentials.Builder toBuilder()

Overrides:

toBuilder in class GoogleCredentials