public class IdTokenCredentials extends OAuth2Credentials
IdTokenCredentials provides a Google Issued OpenIdConnect token.
Use an ID token to access services that require presenting an ID token for authentication such as
Cloud Functions or Cloud Run.
The following Credential subclasses support IDTokens: ServiceAccountCredentials,
ComputeEngineCredentials, ImpersonatedCredentials.
For more information see
Usage:
String credPath = "/path/to/svc_account.json"; String targetAudience = "https://example.com";
// For Application Default Credentials (as ServiceAccountCredentials) // export GOOGLE_APPLICATION_CREDENTIALS=/path/to/svc.json GoogleCredentials adcCreds = GoogleCredentials.getApplicationDefault(); if (!adcCreds instanceof IdTokenProvider) { // handle error message }
IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(adcCreds) .setTargetAudience(targetAudience).build();
// for ServiceAccountCredentials ServiceAccountCredentials saCreds = ServiceAccountCredentials.fromStream(new FileInputStream(credPath)); saCreds = (ServiceAccountCredentials) saCreds.createScoped(Arrays.asList("https://www.googleapis.com/auth/iam")); IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(saCreds) .setTargetAudience(targetAudience).build();
// for ComputeEngineCredentials ComputeEngineCredentials caCreds = ComputeEngineCredentials.create(); IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(caCreds) .setTargetAudience(targetAudience) .setOptions(Arrays.asList(ComputeEngineCredentials.ID_TOKEN_FORMAT_FULL)) .build();
// for ImpersonatedCredentials ImpersonatedCredentials imCreds = ImpersonatedCredentials.create(saCreds, "impersonated-account@project.iam.gserviceaccount.com", null, Arrays.asList("https://www.googleapis.com/auth/cloud-platform"), 300); IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(imCreds) .setTargetAudience(targetAudience) .setOptions(Arrays.asList(ImpersonatedCredentials.INCLUDE_EMAIL)) .build();
// Use the IdTokenCredential in an authorized transport GenericUrl genericUrl = new GenericUrl("https://example.com"); HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(tokenCredential); HttpTransport transport = new NetHttpTransport(); HttpRequest request = transport.createRequestFactory(adapter).buildGetRequest(genericUrl); HttpResponse response = request.execute();
// Print the token, expiration and the audience System.out.println(tokenCredential.getIdToken().getTokenValue()); System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getAudienceAsList()); System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getExpirationTimeSeconds());
Static Methods
newBuilder()
public static IdTokenCredentials.Builder newBuilder()
Returns | |
---|---|
Type | Description |
IdTokenCredentials.Builder |
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter | |
---|---|
Name | Description |
obj |
Object |
Returns | |
---|---|
Type | Description |
boolean |
getIdToken()
public IdToken getIdToken()
Returns | |
---|---|
Type | Description |
IdToken |
hashCode()
public int hashCode()
Returns | |
---|---|
Type | Description |
int |
refreshAccessToken()
public AccessToken refreshAccessToken()
Method to refresh the access token according to the specific type of credentials.
Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
Returns | |
---|---|
Type | Description |
AccessToken |
Exceptions | |
---|---|
Type | Description |
IOException |
toBuilder()
public IdTokenCredentials.Builder toBuilder()
Returns | |
---|---|
Type | Description |
IdTokenCredentials.Builder |
toString()
public String toString()
Returns | |
---|---|
Type | Description |
String |