Changelog

1.19.0 (2023-06-27)

Features

• Expose test-jar and mock classes in oauth2 (12e8db6)

1.18.0 (2023-06-16)

Features

• Introduce a way to pass additional parameters to auhtorization url (#1134) (3a2c5d3)

1.17.1 (2023-05-25)

Dependencies

• Update doclet version to v1.9.0 (#1211) (8b6e28e)

1.17.0 (2023-05-20)

Features

• Adds universe_domain to external account creds (#1199) (608ee87)
• Expose method to manually obtain ADC from gcloud CLI well-known… (#1188) (2fa9d52)
• Updating readme for external account authorized user credentials (#1200) (bf25574)

Bug Fixes

• Do not expose universe_domain yet (#1206) (9cce49c)
• Improve errors and warnings related to ADC (#1172) (6d2251c)
• Marking 503 as retryable for Compute credentials (#1205) (8ea9445)

1.16.1 (2023-04-07)

Bug Fixes

• Make supporting classes of AwsCredentials serializable (#1113) (82bf871)
• Remove AWS credential source validation. (#1177) (77a99c9)

1.16.0 (2023-02-15)

Features

• Add PKCE to 3LO exchange. (#1146) (5bf606b)

Bug Fixes

• Create and reuse self signed jwt creds for better performance (#1154) (eaaa8e8)
• Java doc for DefaultPKCEProvider.java (#1148) (154c127)
• Removed url pattern validation for google urls in external account credential configurations (#1150) (35495b1)

Documentation

• Clarified Maven artifact for HTTP-based clients (#1136) (b49fc13)

1.15.0 (2023-01-25)

Features

• Adds external account authorized user credentials (#1129) (06bf21a)
• Expose scopes granted by user (#1107) (240c26b)

Bug Fixes

• AccessToken scopes clean serialization and default as empty list (#1125) (f55d41f)
• Enforce Locale.US for AwsRequestSignerTest (#1111) (aeb1218)
• Ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh (#1131) (326e4a1)

1.14.0 (2022-12-06)

Features

• Add GDCH support (#1087) (cfafb2d)
• Adding functional tests for Compute Engine (#1105) (6f32ac3)
• Introduce Environment Variable for Quota Project Id (#1082) (040acef)
• Next release from main branch is 1.13.0 (#1077) (d56eee0)

Bug Fixes

• AwsCredentials should not call metadata server if security creds and region are retrievable through environment vars (#1100) (1ff5772)
• Not loosing the access token when calling UserCredentials#ToBuil… (#993) (84afdb8)

1.13.0 (2022-11-15)

Features

• Add smbios check for GCE residency detection (#1092) (bfe7d93)

Bug Fixes

• Empty string check for aws url validation (#1089) (6f177a1)
• Validate url domain for aws metadata urls (#1079) (31fe461)

1.12.1 (2022-10-18)

Bug Fixes

• Resolve race condition reported in #692 (#1031) (87a6606)

1.12.0 (2022-10-14)

Features

• Adding validation for psc endpoints (#1042) (b37a565)

Bug Fixes

• Fixed javadoc errors (#945) (1ddc994)

Documentation

• samples: Modified comments in the samples and minor refactor (#990) (669ab04)

1.11.0 (2022-09-08)

Features

• Adds configurable token lifetime support (#982) (0198733)

Bug Fixes

• Add retries to public key fetch (#983) (1200a39)
• Add Test to validate 0x20 in token (#971) (612db0a)
• Change revoke request from get to post (#979) (ead58b2)
• Setting the retry count to default value and enabling ioexceptions to retry (#988) (257071a)
• Updates IdTokenVerifier so that it does not cache a failed public key response (#967) (1f4c9c7)

1.10.0 (2022-08-05)

Features

• workforce identity federation for pluggable auth (#959) (7f2c535)

Bug Fixes

• updates executable response spec for executable-sourced credentials (#955) (48ff83d)

Documentation

• samples: added auth samples and tests (#927) (32c717f)

1.9.0 (2022-08-02)

Features

• integration tests for pluggable auth (#939) (22f37aa)

Bug Fixes

• expiration time of the ImpersonatedCredentials token depending on the current host's timezone (#932) (73af08a)

Documentation

• update wif documentation with enable-imdsv2 flag (#940) (acc1ce3)

1.8.1 (2022-07-13)

Bug Fixes

• enable longpaths support for windows test (#1485) (#943) (c21ec6c)

1.8.0 (2022-06-27)

Features

• add build scripts for native image testing in Java 17 (#1440) (#923) (bbb51ce)
• Adds Pluggable Auth support (WIF) (#908) (c3e8d16)

Documentation

• updates README for Pluggable Auth (#921) (23716b8)

1.7.0 (2022-05-12)

Features

• Add ability to provide PrivateKey as Pkcs8 encoded string #883 (#889) (e0d6996)
• Add iam endpoint override to ImpersonatedCredentials (#910) (97bfc4c)

Bug Fixes

• update branding in ExternalAccountCredentials (#893) (0200dbb)

1.6.0 (2022-03-15)

Features

• Add AWS Session Token to Metadata Requests (#850) (577e9a5)

Bug Fixes

• ImmutableSet converted to List for Impersonated Credentials (#732) (7dcd549)
• update library docs (#868) (a081015)

1.5.3 (2022-02-24)

Bug Fixes

• ci: downgrade nexus-staging-maven-plugin to 1.6.8 (#874) (fc331d4)

1.5.2 (2022-02-24)

Bug Fixes

• downgrading nexus staging plugin 1.6.8 (#871) (e87224c)

1.5.1 (2022-02-22)

Bug Fixes

• deps: update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.3.2 (#852) (aa557c7)

1.5.0 (2022-02-14)

Features

• update retries and implement Retryable (#750) (f9a9b8a)

Dependencies

• java: update actions/github-script action to v5 (#1339) (#843) (ce44591)

1.4.0 (2022-01-19)

Features

• setting the audience to always point to google token endpoint (#833) (33bfe7a)

Bug Fixes

• (WIF) remove erroneous check for the subject token field name for text credential source (#822) (6d35c68)
• java: add -ntp flag to native image testing command (#1299) (#807) (aa6654a)
• java: run Maven in plain console-friendly mode (#1301) (#818) (4df45d0)

1.3.0 (2021-11-10)

Features

• next release from main branch is 1.3.0 (#780) (1149581)

Bug Fixes

• java: java 17 dependency arguments (#1266) (#779) (9160a53)
• service account impersonation with workforce credentials (#770) (6449ef0)

1.2.2 (2021-10-20)

Bug Fixes

• environment variable is "AWS_SESSION_TOKEN" and not "Token" (#772) (c8c3073)

1.2.1 (2021-10-11)

Bug Fixes

• disabling self-signed jwt for domain wide delegation (#754) (ac70a27)

1.2.0 (2021-09-30)

Features

• add support for Workforce Pools (#729) (5f3fed7)

Bug Fixes

• allow empty workforce_pool_user_project (#752) (e1cbce1)
• timing of stale token refreshes on ComputeEngine (#749) (c813d55)
• workforce audience (#741) (a08cacc)

1.1.0 (2021-08-17)

Features

• downscoping with credential access boundaries (#702) (aa7ede1)

Bug Fixes

• add validation for the token URL and service account impersonation URL for Workload Identity Federation (#717) (23cb8ef)

Documentation

• updates README for downscoping with CAB (#716) (68bceba)

1.0.0 (2021-07-28)

⚠ BREAKING CHANGES

• updating google-auth-library-java min Java version to 1.8

Features

• GA release of google-auth-library-java (ver 1.0.0) (#704) (3d9874f)
• updating google-auth-library-java min Java version to 1.8 (3d9874f)

Bug Fixes

• Add shopt -s nullglob to dependencies script (#693) (c5aa708)
• Update dependencies.sh to not break on mac (c5aa708)

0.27.0 (2021-07-14)

Features

• add Id token support for UserCredentials (#650) (5a8f467)
• add impersonation credentials to ADC (#613) (b9823f7)
• Adding functional tests for Service Account (#685) (dfe118c)
• allow scopes for self signed jwt (#689) (f4980c7)

0.26.0 (2021-05-20)

Features

• add gcf-owl-bot[bot] to ignoreAuthors (#674) (359b20f)
• added getter for credentials object in HttpCredentialsAdapter (#658) (5a946ea)
• enable pre-emptive async oauth token refreshes (#646) (e3f4c7e)
• Returning an issuer claim on request errors (#656) (95d70ae)

Bug Fixes

• use orginal url as audience for self signed jwt if scheme or host is null (#642) (b4e6f1a)

0.25.5 (2021-04-22)

Dependencies

• update autovalue to 1.8.1 (#638) (62cd356)

0.25.4 (2021-04-15)

Bug Fixes

• release scripts from issuing overlapping phases (#634) (b8d851e)
• typo (#632) (d860608)

0.25.3 (2021-04-12)

Dependencies

• update guava patch (#628) (8ff3207)

0.25.2 (2021-03-18)

Bug Fixes

• follow up fix service account credentials createScopedRequired (#605) (7ddac43)
• support AWS_DEFAULT_REGION env var (#599) (3d066ee)

0.25.1 (2021-03-18)

Bug Fixes

• fix service account credentials createScopedRequired (#601) (0614482)

0.25.0 (2021-03-16)

Features

• add self signed jwt support (#572) (efe103a)

0.24.1 (2021-02-25)

Dependencies

• update dependency com.google.http-client:google-http-client-bom to v1.39.0 (#580) (88718b0)

0.24.0 (2021-02-19)

Features

• add workload identity federation support (#547) (b8dde1e)

Bug Fixes

• don't log downloads (#576) (6181030)

Documentation

• add instructions for using workload identity federation (#564) (2142db3)

0.23.0 (2021-01-26)

⚠ BREAKING CHANGES

• privatize deprecated constructor (#473)

Features

• allow custom lifespan for impersonated creds (#515) (0707ed4)
• allow custom scopes for compute engine creds (#514) (edc8d6e)
• allow set lifetime for service account creds (#516) (427f2d5)
• promote IdToken and JWT features (#538) (b514fe0)

Bug Fixes

• per google style, logger is lower case (#529) (ecfc6a2)
• privatize deprecated constructor (#473) (5804ff0)
• remove deprecated methods (#537) (427963e)
• replace non-precondition use of Preconditions (#539) (f2ab4f1)
• switch to GSON (#531) (1b98d5c)
• use default timeout if given 0 for ImpersonatedCredentials (#527) (ec74870)

Dependencies

• update dependency com.google.appengine:appengine-api-1.0-sdk to v1.9.84 (#422) (b262c45)
• update dependency com.google.guava:guava to v30.1-android (#522) (4090d1c)

Documentation

• fix wording in jwtWithClaims Javadoc (#536) (af21727)

0.22.2 (2020-12-11)

Bug Fixes

• quotaProjectId should be applied for cached getRequestMetadata(URI, Executor, RequestMetadataCallback) (#509) (0a8412f)

0.22.1 (2020-11-05)

Bug Fixes

• remove 1 hour limit for impersonated token (#490) (927e3d5)

Dependencies

• update dependency com.google.guava:guava to v30 (#497) (0551649)
• update dependency com.google.http-client:google-http-client-bom to v1.38.0 (#503) (46f20bc)

0.22.0 (2020-10-13)

Features

• add logging at FINE level for each step of ADC (#435) (7d145b2)

Documentation

• remove bad javadoc tags (#478) (a329c41)

Dependencies

• update dependency com.google.http-client:google-http-client-bom to v1.37.0 (#486) (3027fbf)

0.21.1 (2020-07-07)

Dependencies

• update google-http-client to 1.36.0 (#447) (b913d19), closes #446

0.21.0 (2020-06-24)

Features

• add TokenVerifier class that can verify RS256/ES256 tokens (#420) (5014ac7)

Dependencies

• update autovalue packages to v1.7.2 (#429) (5758364)
• update dependency com.google.http-client:google-http-client-bom to v1.35.0 (#427) (5494ec0)
• update Guava to 29.0-android (#426) (0cd3c2e)

0.20.0 (2020-01-15)

Features

• updated JwtClaims.Builder methods to public (#396) (9e5de14)

Dependencies

• update guava to 28.2-android (#389) (70bd8ff)

0.19.0 (2019-12-13)

Features

• support reading in quotaProjectId for billing (#383) (f38c3c8)

Dependencies

• update appengine-sdk to 1.9.76 (#366) (590883d)
• update autovalue packages to v1.7 (#365) (42a1694)
• update dependency com.google.appengine:appengine to v1.9.77 (#377) (c3c950e)
• update dependency com.google.http-client:google-http-client-bom to v1.33.0 (#374) (af0af50)

Documentation

• remove outdated comment on explicit IP address (#370) (71faa5f)
• xml syntax error in bom/README.md (#372) (ff8606a), closes #371

0.18.0 (2019-10-09)

Bug Fixes

• make JwtClaims.newBuilder() public (#350) (6ab8758)
• move autovalue into annotation processor path instead of classpath (#358) (a82d348)

Dependencies

• update Guava to 28.1 (#353) (f4f05be)

Documentation

• fix include instructions in google-auth-library-bom README (#352) (f649735)

0.17.4 (2019-10-08)

Bug Fixes

• make JwtClaims.newBuilder() public (#350) (6ab8758)
• move autovalue into annotation processor path instead of classpath (#358) (a82d348)

Dependencies

• update Guava to 28.1 (#353) (f4f05be)

Documentation

• fix include instructions in google-auth-library-bom README (#352) (f649735)

0.17.2 (2019-09-24)

Bug Fixes

• typo in BOM dependency (#345) (a1d63bb)

0.17.1 (2019-08-22)

Bug Fixes

• allow unset/null privateKeyId for JwtCredentials (#336) (d28a6ed)

0.17.0 (2019-08-16)

Bug Fixes

• cleanup unused code and deprecation warnings (#315) (7fd94c0)
• Fix declared dependencies from merge issue (#291) (35abf13)
• throw SigningException as documented (#316) (a1ab97c)
• typo in ComputeEngineCredentials exception message (#313) (1a16f38)

Features

• add Automatic-Module-Name to manifest (#326) (29f58b4), closes #324 #324
• add IDTokenCredential support (#303) (a87e3fd)
• add JwtCredentials with custom claims (#290) (3f37172)
• allow arbitrary additional claims for JwtClaims (#331) (888c61c)
• Implement ServiceAccountSigner for ImpersonatedCredentials (#279) (70767e3)

Reverts

• "build: run in debug mode (#319)" (#320) (de79e14)

0.16.2 (2019-06-26)

Bug Fixes

• Add metadata-flavor header to metadata server ping for compute engine (#283)

Dependencies

• Import http client bom for dependency management (#268)

Documentation

• README section for interop with google-http-client (#275)

0.16.1 (2019-06-06)

Dependencies

• Update dependency com.google.http-client:google-http-client to v1.30.1 (#265)

0.16.0 (2019-06-04)

Features

• Add google-auth-library-bom artifact (#256)

Dependencies

• Update dependency com.google.http-client:google-http-client to v1.30.0 (#261)
• Update dependency com.google.http-client:google-http-client to v1.29.2 (#259)
• Update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.8 (#257)
• Update to latest app engine SDK version (#258)
• Update dependency org.apache.maven.plugins:maven-source-plugin to v3.1.0 (#254)
• Update dependency org.jacoco:jacoco-maven-plugin to v0.8.4 (#255)
• Update dependency org.apache.maven.plugins:maven-jar-plugin to v3.1.2 (#252)
• Update dependency org.apache.maven.plugins:maven-source-plugin to v2.4 (#253)

Documentation

• Javadoc publish kokoro job uses docpublisher (#243)

0.15.0 (2019-03-27)

Bug Fixes

• createScoped: make overload call implementation (#229)

Reverts

• Add back in deprecated methods in ServiceAccountJwtAccessCredentials (#238)

0.14.0 (2019-03-26)

Bug Fixes

• update default metadata url (#230)
• Remove deprecated methods (#190)
• Update Sign Blob API (#232)

Dependencies

• Upgrade http client to 1.29.0. (#235)
• update deps (#234)

0.13.0 (2019-01-17)

Bug Fixes

• Use OutputStream directly instead of PrintWriter (#220)
• Improve log output when detecting GCE (#214)

Features

• Overload GoogleCredentials.createScoped with variadic arguments (#218)

Dependencies

• Update google-http-client version, guava, and maven surefire plugin (#221)

0.12.0 (2018-12-19)

Bug Fixes

• Show error message in case of problems with getting access token (#206)
• Add note about NO_GCE_CHECK to metadata 404 error message (#205)

Features

• Add ImpersonatedCredentials (#211)
• Add option to suppress end user credentials warning. (#207)

Dependencies

• Update google-http-java-client dependency to 1.27.0 (#208)

Documentation

• README grammar fix (#192)
• Add unstable badge to README (#184)
• Update README with instructions on installing the App Engine SDK and running the tests (#209)

0.11.0 (2018-08-23)

Bug Fixes

• Update auth token urls (#174)

Dependencies

• Update dependencies (guava) (#170)
• Bumping google-http-client version to 1.24.1 (#171)

Documentation

• Documentation for ComputeEngineCredential signing. (#176)
• Fix README link (#169)

0.10.0 (2018-06-12)

Bug Fixes

• Read token_uri from service account JSON (#160)
• Log warning if default credentials uses a user token from gcloud sdk (#166)

Features

• Add OAuth2Credentials#refreshIfExpired() (#163)
• ComputeEngineCredentials implements ServiceAccountSigner (#141)

Documentation

• Versionless Javadocs (#164)
• Fix documentation for getAccessToken() returning cached value (#162)

0.9.1 (2018-04-09)

Features

• Add caching for JWT tokens (#151)

0.9.0 (2017-11-02)

Bug Fixes

• Fix NPE deserializing ServiceAccountCredentials (#132)

Features

• Surface cleanup (#136)
• Providing a method to remove CredentialsChangedListeners (#130)
• Implemented in-memory TokenStore and added opportunity to save user credentials into file (#129)

Documentation

• Fixes comment typos. (#131)

0.8.0 (2017-09-08)

Bug Fixes

• Extracting the project_id field from service account JSON files (#118)
• Fixing an Integer Overflow Issue (#121)
• use metadata server to get credentials for GAE 8 standard environment (#122)

Features

• Switch OAuth2 HTTP surface to use builder pattern (#123)
• Add builder pattern to AppEngine credentials (#125)

Documentation

• Fix API Documentation link rendering (#112)

0.7.1 (2017-07-14)

Bug Fixes

• Mitigate occasional failures in looking up Application Default Credentials on a Google Compute Engine (GCE) Virtual Machine (#110)

0.7.0 (2017-06-06)

Bug Fixes

• Retry HTTP errors in ServiceAccountCredentials.refreshAccessToken() to avoid propagating failures (#100 addresses #91)

Features

• Add GoogleCredentials.createDelegated() method to allow using domain-wide delegation with service accounts (#102)
• Allow bypassing App Engine credential check using environment variable, to allow Application Default Credentials to detect GCE when running on GAE Flex (#103)