com.google.appengine.api.appidentity
Interface AppIdentityService
-
public interface AppIdentityService
TheAppIdentityService
allows you to sign an arbitrary byte array using a per app private key maintained by App Engine, and to retrieve a list of public certificates which can be used to verify the signature.App Engine is responsible for maintaining the per application private key. App Engine will rotate private keys periodically. App Engine never gives these private keys to the outside.
Since private keys are rotated periodically,
getPublicCertificatesForApp()
could return a list of public certificates. It is the caller's responsibility to try these certificates one by one when doing signature verification.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface and Description static class
AppIdentityService.GetAccessTokenResult
GetAccessTokenResult
is returned by getAccessToken.static class
AppIdentityService.ParsedAppId
Class holding the results of parsing a full application id into its constituent parts.static class
AppIdentityService.SigningResult
SigningResult
is returned by signForApp, which contains signing key name and signature.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method and Description AppIdentityService.GetAccessTokenResult
getAccessToken(java.lang.Iterable<java.lang.String> scopes)
OAuth2 access token to act on behalf of the application.AppIdentityService.GetAccessTokenResult
getAccessTokenUncached(java.lang.Iterable<java.lang.String> scopes)
OAuth2 access token to act on behalf of the application, uncached.java.lang.String
getDefaultGcsBucketName()
Gets the default GS bucket name for the app.java.util.Collection<PublicCertificate>
getPublicCertificatesForApp()
Retrieves a list of public certificates.java.lang.String
getServiceAccountName()
Gets service account name of the app.AppIdentityService.ParsedAppId
parseFullAppId(java.lang.String fullAppId)
Parse a full app id into partition, domain name and display app_id.AppIdentityService.SigningResult
signForApp(byte[] signBlob)
Requests to sign arbitrary byte array using per app private key.
-
-
-
Method Detail
-
signForApp
AppIdentityService.SigningResult signForApp(byte[] signBlob)
Requests to sign arbitrary byte array using per app private key.- Parameters:
signBlob
- string blob.- Returns:
- a SigningResult object which contains signing key name and signature.
- Throws:
AppIdentityServiceFailureException
-
getPublicCertificatesForApp
java.util.Collection<PublicCertificate> getPublicCertificatesForApp()
Retrieves a list of public certificates.- Returns:
- a list of public certificates.
- Throws:
AppIdentityServiceFailureException
-
getServiceAccountName
java.lang.String getServiceAccountName()
Gets service account name of the app.- Returns:
- service account name of the app.
-
getDefaultGcsBucketName
java.lang.String getDefaultGcsBucketName()
Gets the default GS bucket name for the app.- Returns:
- default GS bucket name for the app.
-
getAccessTokenUncached
AppIdentityService.GetAccessTokenResult getAccessTokenUncached(java.lang.Iterable<java.lang.String> scopes)
OAuth2 access token to act on behalf of the application, uncached. Most developers should use getAccessToken instead.- Parameters:
scopes
- iterable of scopes to request.- Returns:
- a GetAccessTokenResult object with the access token and expiration time.
- Throws:
AppIdentityServiceFailureException
-
getAccessToken
AppIdentityService.GetAccessTokenResult getAccessToken(java.lang.Iterable<java.lang.String> scopes)
OAuth2 access token to act on behalf of the application. Generates and caches an OAuth2 access token for the service account for the appengine application. Each application has an associated Google account. This function returns OAuth2 access token corresponding to the running app. Access tokens are safe to cache and reuse until their expiry time as returned. This method will do that using memcache.- Parameters:
scopes
- iterable of scopes to request.- Returns:
- a GetAccessTokenResult object with the access token and expiration time.
- Throws:
AppIdentityServiceFailureException
-
parseFullAppId
AppIdentityService.ParsedAppId parseFullAppId(java.lang.String fullAppId)
Parse a full app id into partition, domain name and display app_id.- Parameters:
fullAppId
- The full partitioned app id.- Returns:
- An
AppIdentityService.ParsedAppId
instance with the parsing results.
-
-