public class Credential extends Object implements HttpExecuteInterceptor, HttpRequestInitializer, HttpUnsuccessfulResponseHandler
Sample usage:
public static Credential createCredentialWithAccessTokenOnly( HttpTransport transport, JsonFactory jsonFactory, TokenResponse tokenResponse) { return new Credential(BearerToken.authorizationHeaderAccessMethod()).setFromTokenResponse( tokenResponse); } public static Credential createCredentialWithRefreshToken( HttpTransport transport, JsonFactory jsonFactory, TokenResponse tokenResponse) { return new Credential.Builder(BearerToken.authorizationHeaderAccessMethod()).setTransport( transport) .setJsonFactory(jsonFactory) .setTokenServerUrl( new GenericUrl("https://server.example.com/token")) .setClientAuthentication(new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw")) .build() .setFromTokenResponse(tokenResponse); }
If you need to persist the access token in a data store, use DataStoreFactory
and
Credential.Builder.addRefreshListener(CredentialRefreshListener)
with
DataStoreCredentialRefreshListener
.
If you have a custom request initializer, request execute interceptor, or unsuccessful response
handler, take a look at the sample usage for HttpExecuteInterceptor
and
HttpUnsuccessfulResponseHandler
, which are interfaces that this class also implements.
Modifier and Type | Class and Description |
---|---|
static interface |
Credential.AccessMethod
Method of presenting the access token to the resource server as specified in Accessing Protected Resources.
|
static class |
Credential.Builder
Credential builder.
|
Modifier | Constructor and Description |
---|---|
|
Credential(Credential.AccessMethod method)
Constructor with the ability to access protected resources, but not refresh tokens.
|
protected |
Credential(Credential.Builder builder) |
Modifier and Type | Method and Description |
---|---|
protected TokenResponse |
executeRefreshToken()
Executes a request for new credentials from the token server.
|
String |
getAccessToken()
Returns the access token or
null for none. |
HttpExecuteInterceptor |
getClientAuthentication()
Returns the client authentication or
null for none. |
Clock |
getClock()
Returns the clock used for expiration checks by this Credential.
|
Long |
getExpirationTimeMilliseconds()
Expected expiration time in milliseconds relative to the
Java epoch , or null for none. |
Long |
getExpiresInSeconds()
Returns the remaining lifetime in seconds of the access token (for example 3600 for an hour
from now, or -3600 if expired an hour ago) or
null if unknown. |
JsonFactory |
getJsonFactory()
Returns the JSON factory to use for parsing response for refresh token request or
null
for none. |
Credential.AccessMethod |
getMethod()
Return the method of presenting the access token to the resource server (for example
BearerToken.AuthorizationHeaderAccessMethod ). |
Collection<CredentialRefreshListener> |
getRefreshListeners()
Returns the unmodifiable collection of listeners for refresh token results.
|
String |
getRefreshToken()
Returns the refresh token associated with the access token to be refreshed or
null for
none. |
HttpRequestInitializer |
getRequestInitializer()
Returns the HTTP request initializer for refresh token requests to the token server or
null for none. |
String |
getTokenServerEncodedUrl()
Returns the encoded authorization server URL or
null for none. |
HttpTransport |
getTransport()
Return the HTTP transport for executing refresh token request or
null for none. |
boolean |
handleResponse(HttpRequest request,
HttpResponse response,
boolean supportsRetry) |
void |
initialize(HttpRequest request) |
void |
intercept(HttpRequest request) |
boolean |
refreshToken()
Request a new access token from the authorization endpoint.
|
Credential |
setAccessToken(String accessToken)
Sets the access token.
|
Credential |
setExpirationTimeMilliseconds(Long expirationTimeMilliseconds)
Sets the expected expiration time in milliseconds relative to the
Java epoch , or null for none. |
Credential |
setExpiresInSeconds(Long expiresIn)
Sets the lifetime in seconds of the access token (for example 3600 for an hour from now)
or
null for none. |
Credential |
setFromTokenResponse(TokenResponse tokenResponse)
Sets the
access token , refresh token (if
available), and expires-in time based on the values from the token
response. |
Credential |
setRefreshToken(String refreshToken)
Sets the refresh token.
|
public Credential(Credential.AccessMethod method)
To use with the ability to refresh tokens, use Credential.Builder
.
method
- method of presenting the access token to the resource server (for example
BearerToken.AuthorizationHeaderAccessMethod
)protected Credential(Credential.Builder builder)
builder
- credential builderpublic void intercept(HttpRequest request) throws IOException
Default implementation is to try to refresh the access token if there is no access token or if
we are 1 minute away from expiration. If token server is unavailable, it will try to use the
access token even if has expired. If a 4xx error is encountered while refreshing the token,
TokenResponseException
is thrown. If successful, it will call getMethod()
and
Credential.AccessMethod.intercept(com.google.api.client.http.HttpRequest, java.lang.String)
.
Subclasses may override.
intercept
in interface HttpExecuteInterceptor
IOException
public boolean handleResponse(HttpRequest request, HttpResponse response, boolean supportsRetry)
Default implementation checks if WWW-Authenticate
exists and contains a "Bearer" value
(see rfc6750 section 3.1 for more
details). If so, it calls refreshToken
in case the error code contains
invalid_token
. If there is no "Bearer" in WWW-Authenticate
and the status code
is HttpStatusCodes.STATUS_CODE_UNAUTHORIZED
it calls refreshToken
. If
executeRefreshToken()
throws an I/O exception, this implementation will log the
exception and return false
. Subclasses may override.
handleResponse
in interface HttpUnsuccessfulResponseHandler
public void initialize(HttpRequest request) throws IOException
initialize
in interface HttpRequestInitializer
IOException
public final String getAccessToken()
null
for none. If null
the token needs to be
refreshed using refreshToken().public Credential setAccessToken(String accessToken)
Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.
accessToken
- access token or null
for nonepublic final Credential.AccessMethod getMethod()
BearerToken.AuthorizationHeaderAccessMethod
).public final Clock getClock()
public final HttpTransport getTransport()
null
for none.public final JsonFactory getJsonFactory()
null
for none.public final String getTokenServerEncodedUrl()
null
for none.public final String getRefreshToken()
null
for
none.public Credential setRefreshToken(String refreshToken)
Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.
refreshToken
- refresh token or null
for nonepublic final Long getExpirationTimeMilliseconds()
Java epoch
, or null
for none.public Credential setExpirationTimeMilliseconds(Long expirationTimeMilliseconds)
Java epoch
, or null
for none.
Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.
public final Long getExpiresInSeconds()
null
if unknown.public Credential setExpiresInSeconds(Long expiresIn)
null
for none.
Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.
expiresIn
- lifetime in seconds of the access token (for example 3600 for an hour from
now) or null
for nonepublic final HttpExecuteInterceptor getClientAuthentication()
null
for none.public final HttpRequestInitializer getRequestInitializer()
null
for none.public final boolean refreshToken() throws IOException
On success, it will call setFromTokenResponse(TokenResponse)
, call
CredentialRefreshListener.onTokenResponse(com.google.api.client.auth.oauth2.Credential, com.google.api.client.auth.oauth2.TokenResponse)
with the token response, and return
true
. On error, it will call setAccessToken(String)
and
setExpiresInSeconds(Long)
with null
, call
CredentialRefreshListener.onTokenErrorResponse(com.google.api.client.auth.oauth2.Credential, com.google.api.client.auth.oauth2.TokenErrorResponse)
with the token error response, and
return false
. If a 4xx error is encountered while refreshing the token,
TokenResponseException
is thrown.
If there is no refresh token, it will quietly return false
.
IOException
public Credential setFromTokenResponse(TokenResponse tokenResponse)
access token
, refresh token
(if
available), and expires-in time
based on the values from the token
response.
It does not call the refresh listeners.
Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.
tokenResponse
- successful token responseprotected TokenResponse executeRefreshToken() throws IOException
The default implementation calls TokenRequest.execute()
using the
getTransport()
, getJsonFactory()
, getRequestInitializer()
,
getTokenServerEncodedUrl()
, getRefreshToken()
, and the
getClientAuthentication()
. If getRefreshToken()
is null
, it instead
returns null
.
Subclasses may override for a different implementation. Implementations can assume proper
thread synchronization is already taken care of inside refreshToken()
.
null
if it is not possible to
refresh the access tokenTokenResponseException
- if an error response was received from the token serverIOException
public final Collection<CredentialRefreshListener> getRefreshListeners()
Copyright © 2011–2020 Google. All rights reserved.