IdTokenCredentials (google-auth-library 1.19.0)

java.lang.Object
- com.google.auth.Credentials
- - com.google.auth.oauth2.OAuth2Credentials
  - - com.google.auth.oauth2.IdTokenCredentials

All Implemented Interfaces:: Serializable

public class IdTokenCredentials
extends OAuth2Credentials

IdTokenCredentials provides a Google Issued OpenIdConnect token.
Use an ID token to access services that require presenting an ID token for authentication such as Cloud Functions or Cloud Run.
The following Credential subclasses support IDTokens: ServiceAccountCredentials, ComputeEngineCredentials, ImpersonatedCredentials.

For more information see
Usage:

 String credPath = "/path/to/svc_account.json";
 String targetAudience = "https://example.com";

 // For Application Default Credentials (as ServiceAccountCredentials)
 // export GOOGLE_APPLICATION_CREDENTIALS=/path/to/svc.json
 GoogleCredentials adcCreds = GoogleCredentials.getApplicationDefault();
 if (!adcCreds instanceof IdTokenProvider) {
   // handle error message
 }

 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(adcCreds)
     .setTargetAudience(targetAudience).build();

 // for ServiceAccountCredentials
 ServiceAccountCredentials saCreds = ServiceAccountCredentials.fromStream(new FileInputStream(credPath));
 saCreds = (ServiceAccountCredentials) saCreds.createScoped(Arrays.asList("https://www.googleapis.com/auth/iam"));
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(saCreds)
     .setTargetAudience(targetAudience).build();

 // for ComputeEngineCredentials
 ComputeEngineCredentials caCreds = ComputeEngineCredentials.create();
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(caCreds)
     .setTargetAudience(targetAudience)
     .setOptions(Arrays.asList(ComputeEngineCredentials.ID_TOKEN_FORMAT_FULL))
     .build();

 // for ImpersonatedCredentials
 ImpersonatedCredentials imCreds = ImpersonatedCredentials.create(saCreds,
     "impersonated-account@project.iam.gserviceaccount.com", null,
     Arrays.asList("https://www.googleapis.com/auth/cloud-platform"), 300);
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(imCreds)
     .setTargetAudience(targetAudience)
     .setOptions(Arrays.asList(ImpersonatedCredentials.INCLUDE_EMAIL))
     .build();

 // Use the IdTokenCredential in an authorized transport
 GenericUrl genericUrl = new GenericUrl("https://example.com");
 HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(tokenCredential);
 HttpTransport transport = new NetHttpTransport();
 HttpRequest request = transport.createRequestFactory(adapter).buildGetRequest(genericUrl);
 HttpResponse response = request.execute();

 // Print the token, expiration and the audience
 System.out.println(tokenCredential.getIdToken().getTokenValue());
 System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getAudienceAsList());
 System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getExpirationTimeSeconds());

See Also:: Serialized Form

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class IdTokenCredentials.Builder
- Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials
  OAuth2Credentials.CredentialsChangedListener

Nested Classes
Modifier and Type	Class and Description
`static class`	`IdTokenCredentials.Builder`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`equals(Object obj)`
`IdToken`	`getIdToken()`
`int`	`hashCode()`
`static IdTokenCredentials.Builder`	`newBuilder()`
`AccessToken`	`refreshAccessToken()` Method to refresh the access token according to the specific type of credentials.
`IdTokenCredentials.Builder`	`toBuilder()`
`String`	`toString()`

Methods inherited from class com.google.auth.oauth2.OAuth2Credentials
addChangeListener, create, getAccessToken, getAdditionalHeaders, getAuthenticationType, getFromServiceLoader, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener

Methods inherited from class com.google.auth.Credentials
blockingGetToCallback, getRequestMetadata

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Method Detail
  - refreshAccessToken
```
public AccessToken refreshAccessToken()
                               throws IOException
```
    Description copied from class: OAuth2Credentials
    
    Method to refresh the access token according to the specific type of credentials.
    Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
    
    Overrides:
    
    refreshAccessToken in class OAuth2Credentials
    
    Returns:
    
    never
    
    Throws:
    
    IOException
  - getIdToken
```
public IdToken getIdToken()
```
  - hashCode
```
public int hashCode()
```
    Overrides:
    
    hashCode in class OAuth2Credentials
  - toString
```
public String toString()
```
    Overrides:
    
    toString in class OAuth2Credentials
  - equals
```
public boolean equals(Object obj)
```
    Overrides:
    
    equals in class OAuth2Credentials
  - toBuilder
```
public IdTokenCredentials.Builder toBuilder()
```
    Overrides:
    
    toBuilder in class OAuth2Credentials
  - newBuilder
```
public static IdTokenCredentials.Builder newBuilder()
```

Class IdTokenCredentials

Nested Class Summary

Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials

Method Summary

Methods inherited from class com.google.auth.oauth2.OAuth2Credentials

Methods inherited from class com.google.auth.Credentials

Methods inherited from class java.lang.Object

Method Detail

refreshAccessToken

getIdToken

hashCode

toString

equals

toBuilder

newBuilder