com.google.auth.oauth2

Class JwtCredentials

java.lang.Object

com.google.auth.Credentials

com.google.auth.oauth2.JwtCredentials

All Implemented Interfaces:

JwtProvider, Serializable

public class JwtCredentials
extends Credentials
implements JwtProvider

Credentials class for calling Google APIs using a JWT with custom claims.

Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.

 JwtClaims claims = JwtClaims.newBuilder()
     .setAudience("https://example.com/some-audience")
     .setIssuer("some-issuer@example.com")
     .setSubject("some-subject@example.com")
     .build();
 Credentials = JwtCredentials.newBuilder()
     .setPrivateKey(privateKey)
     .setPrivateKeyId("private-key-id")
     .setJwtClaims(claims)
     .build();
 

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	JwtCredentials.Builder

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
String	getAuthenticationType() A constant string name describing the authentication technology.
Map<String,List<String>>	getRequestMetadata(URI uri) Get the current request metadata in a blocking manner, refreshing tokens if required.
int	hashCode()
boolean	hasRequestMetadata() Whether the credentials have metadata entries that should be added to each request.
boolean	hasRequestMetadataOnly() Indicates whether or not the Auth mechanism works purely by including request metadata.
JwtCredentials	jwtWithClaims(JwtClaims newClaims) Returns a copy of these credentials with modified claims.
static JwtCredentials.Builder	newBuilder()
void	refresh() Refresh the token by discarding the cached token and metadata and rebuilding a new one.

Methods inherited from class com.google.auth.Credentials

blockingGetToCallback, getRequestMetadata, getRequestMetadata

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Method Detail

newBuilder

public static JwtCredentials.Builder newBuilder()

refresh

public void refresh()
             throws IOException

Refresh the token by discarding the cached token and metadata and rebuilding a new one.

Specified by:

refresh in class Credentials

Throws:

IOException - if there was an error getting up-to-date access.

jwtWithClaims

public JwtCredentials jwtWithClaims(JwtClaims newClaims)

Returns a copy of these credentials with modified claims.

Specified by:

jwtWithClaims in interface JwtProvider

Parameters:

newClaims - new claims. Any unspecified claim fields default to the the current values.

Returns:

new credentials

getAuthenticationType

public String getAuthenticationType()

Description copied from class: Credentials

A constant string name describing the authentication technology.

E.g. “OAuth2”, “SSL”. For use by the transport layer to determine whether it supports the type of authentication in the case where Credentials.hasRequestMetadataOnly() is false. Also serves as a debugging helper.

Specified by:

getAuthenticationType in class Credentials

Returns:

The type of authentication used.

getRequestMetadata

public Map<String,List<String>> getRequestMetadata(URI uri)
                                            throws IOException

Description copied from class: Credentials

Get the current request metadata in a blocking manner, refreshing tokens if required.

This should be called by the transport layer on each request, and the data should be populated in headers or other context. The operation can block and fail to complete and may do things such as refreshing access tokens.

The convention for handling binary data is for the key in the returned map to end with "-bin" and for the corresponding values to be base64 encoded.

Specified by:

getRequestMetadata in class Credentials

Parameters:

uri - URI of the entry point for the request.

Returns:

The request metadata used for populating headers or other context.

Throws:

IOException - if there was an error getting up-to-date access. The exception should implement Retryable and isRetryable() will return true if the operation may be retried.

hasRequestMetadata

public boolean hasRequestMetadata()

Description copied from class: Credentials

Whether the credentials have metadata entries that should be added to each request.

This should be called by the transport layer to see if Credentials.getRequestMetadata() should be used for each request.

Specified by:

hasRequestMetadata in class Credentials

Returns:

Whether or not the transport layer should call Credentials.getRequestMetadata()

hasRequestMetadataOnly

public boolean hasRequestMetadataOnly()

Description copied from class: Credentials

Indicates whether or not the Auth mechanism works purely by including request metadata.

This is meant for the transport layer. If this is true a transport does not need to take actions other than including the request metadata. If this is false, a transport must specifically know about the authentication technology to support it, and should fail to accept the credentials otherwise.

Specified by:

hasRequestMetadataOnly in class Credentials

Returns:

Whether or not the Auth mechanism works purely by including request metadata.

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object