com.google.auth.oauth2

Class OAuth2Credentials

java.lang.Object

com.google.auth.Credentials

com.google.auth.oauth2.OAuth2Credentials

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

DownscopedCredentials, GoogleCredentials, IdTokenCredentials, OAuth2CredentialsWithRefresh

public class OAuth2Credentials
extends Credentials

Base type for Credentials using OAuth2.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	OAuth2Credentials.Builder
static interface	OAuth2Credentials.CredentialsChangedListener Listener for changes to credentials.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	OAuth2Credentials() Default constructor.
protected	OAuth2Credentials(AccessToken accessToken) Constructor with explicit access token.
protected	OAuth2Credentials(AccessToken accessToken, Duration refreshMargin, Duration expirationMargin)

Method Summary

Modifier and Type	Method and Description
void	addChangeListener(OAuth2Credentials.CredentialsChangedListener listener) Adds a listener that is notified when the Credentials data changes.
static OAuth2Credentials	create(AccessToken accessToken) Returns the credentials instance from the given access token.
boolean	equals(Object obj)
AccessToken	getAccessToken() Returns the cached access token.
protected Map<String,List<String>>	getAdditionalHeaders() Provide additional headers to return as request metadata.
String	getAuthenticationType() A constant string name describing the authentication technology.
protected static <T> T	getFromServiceLoader(Class<? extends T> clazz, T defaultInstance)
Map<String,List<String>>	getRequestMetadata(URI uri) Provide the request metadata by ensuring there is a current access token and providing it as an authorization bearer token.
void	getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback callback) Get the current request metadata without blocking.
protected Map<String,List<String>>	getRequestMetadataInternal()
int	hashCode()
boolean	hasRequestMetadata() Whether the credentials have metadata entries that should be added to each request.
boolean	hasRequestMetadataOnly() Indicates whether or not the Auth mechanism works purely by including request metadata.
static OAuth2Credentials.Builder	newBuilder()
protected static <T> T	newInstance(String className)
void	refresh() Request a new token regardless of the current token state.
AccessToken	refreshAccessToken() Method to refresh the access token according to the specific type of credentials.
void	refreshIfExpired() Refresh these credentials only if they have expired or are expiring imminently.
void	removeChangeListener(OAuth2Credentials.CredentialsChangedListener listener) Removes a listener that was added previously.
OAuth2Credentials.Builder	toBuilder()
String	toString()

Methods inherited from class com.google.auth.Credentials

blockingGetToCallback, getRequestMetadata

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

OAuth2Credentials

protected OAuth2Credentials()

Default constructor.

OAuth2Credentials

protected OAuth2Credentials(AccessToken accessToken)

Constructor with explicit access token.

Parameters:

accessToken - initial or temporary access token

OAuth2Credentials

protected OAuth2Credentials(AccessToken accessToken,
                            Duration refreshMargin,
                            Duration expirationMargin)

Method Detail

create

public static OAuth2Credentials create(AccessToken accessToken)

Returns the credentials instance from the given access token.

Parameters:

accessToken - the access token

Returns:

the credentials instance

getAuthenticationType

public String getAuthenticationType()

Description copied from class: Credentials

A constant string name describing the authentication technology.

E.g. “OAuth2”, “SSL”. For use by the transport layer to determine whether it supports the type of authentication in the case where Credentials.hasRequestMetadataOnly() is false. Also serves as a debugging helper.

Specified by:

getAuthenticationType in class Credentials

Returns:

The type of authentication used.

hasRequestMetadata

public boolean hasRequestMetadata()

Description copied from class: Credentials

Whether the credentials have metadata entries that should be added to each request.

This should be called by the transport layer to see if Credentials.getRequestMetadata() should be used for each request.

Specified by:

hasRequestMetadata in class Credentials

Returns:

Whether or not the transport layer should call Credentials.getRequestMetadata()

hasRequestMetadataOnly

public boolean hasRequestMetadataOnly()

Description copied from class: Credentials

Indicates whether or not the Auth mechanism works purely by including request metadata.

This is meant for the transport layer. If this is true a transport does not need to take actions other than including the request metadata. If this is false, a transport must specifically know about the authentication technology to support it, and should fail to accept the credentials otherwise.

Specified by:

hasRequestMetadataOnly in class Credentials

Returns:

Whether or not the Auth mechanism works purely by including request metadata.

getAccessToken

public final AccessToken getAccessToken()

Returns the cached access token.

If not set, you should call refresh() to fetch and cache an access token.

Returns:

The cached access token.

getRequestMetadata

public void getRequestMetadata(URI uri,
                               Executor executor,
                               RequestMetadataCallback callback)

Description copied from class: Credentials

Get the current request metadata without blocking.

This should be called by the transport layer on each request, and the data should be populated in headers or other context. The implementation can either call the callback inline or asynchronously. Either way it should never block in this method. The executor is provided for tasks that may block.

The default implementation will just call Credentials.getRequestMetadata(URI) then the callback from the given executor.

The convention for handling binary data is for the key in the returned map to end with "-bin" and for the corresponding values to be base64 encoded.

Overrides:

getRequestMetadata in class Credentials

Parameters:

uri - URI of the entry point for the request.

executor - Executor to perform the request.

callback - Callback to execute when the request is finished.

getRequestMetadata

public Map<String,List<String>> getRequestMetadata(URI uri)
                                            throws IOException

Provide the request metadata by ensuring there is a current access token and providing it as an authorization bearer token.

Specified by:

getRequestMetadata in class Credentials

Parameters:

uri - URI of the entry point for the request.

Returns:

The request metadata used for populating headers or other context.

Throws:

IOException - if there was an error getting up-to-date access. The exception should implement Retryable and isRetryable() will return true if the operation may be retried.

refresh

public void refresh()
             throws IOException

Request a new token regardless of the current token state. If the current token is not expired, it will still be returned during the refresh.

Specified by:

refresh in class Credentials

Throws:

IOException - if there was an error getting up-to-date access.

refreshIfExpired

public void refreshIfExpired()
                      throws IOException

Refresh these credentials only if they have expired or are expiring imminently.

Throws:

IOException - during token refresh.

refreshAccessToken

public AccessToken refreshAccessToken()
                               throws IOException

Method to refresh the access token according to the specific type of credentials.

Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.

Returns:

never

Throws:

IllegalStateException - always. OAuth2Credentials does not support refreshing the access token. An instance with a new access token or a derived type that supports refreshing should be used instead.

IOException

getAdditionalHeaders

protected Map<String,List<String>> getAdditionalHeaders()

Provide additional headers to return as request metadata.

Returns:

additional headers

addChangeListener

public final void addChangeListener(OAuth2Credentials.CredentialsChangedListener listener)

Adds a listener that is notified when the Credentials data changes.

This is called when token content changes, such as when the access token is refreshed. This is typically used by code caching the access token.

Parameters:

listener - the listener to be added

removeChangeListener

public final void removeChangeListener(OAuth2Credentials.CredentialsChangedListener listener)

Removes a listener that was added previously.

Parameters:

listener - The listener to be removed.

hashCode

public int hashCode()

Overrides:

hashCode in class Object

getRequestMetadataInternal

@Nullable
protected Map<String,List<String>> getRequestMetadataInternal()

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

newInstance

protected static <T> T newInstance(String className)
                            throws IOException,
                                   ClassNotFoundException

Throws:

IOException

ClassNotFoundException

getFromServiceLoader

protected static <T> T getFromServiceLoader(Class<? extends T> clazz,
                                            T defaultInstance)

newBuilder

public static OAuth2Credentials.Builder newBuilder()

toBuilder

public OAuth2Credentials.Builder toBuilder()