public interface AppIdentityServiceThe AppIdentityService allows you to sign an arbitrary byte array using a per app private
key maintained by App Engine, and to retrieve a list of public certificates which can be used to
verify the signature.
App Engine is responsible for maintaining the per application private key. App Engine will rotate private keys periodically. App Engine never gives these private keys to the outside.
Since private keys are rotated periodically, #getPublicCertificatesForApp could return a list of public certificates. It is the caller's responsibility to try these certificates one by one when doing signature verification.
Methods
getAccessToken(Iterable<String> scopes)
public abstract AppIdentityService.GetAccessTokenResult getAccessToken(Iterable<String> scopes)OAuth2 access token to act on behalf of the application.
Generates and caches an OAuth2 access token for the service account for the appengine application.
Each application has an associated Google account. This function returns OAuth2 access token corresponding to the running app. Access tokens are safe to cache and reuse until their expiry time as returned. This method will do that using memcache.
| Parameter | |
|---|---|
| Name | Description |
scopes | Iterable<String>iterable of scopes to request. |
| Returns | |
|---|---|
| Type | Description |
AppIdentityService.GetAccessTokenResult | a GetAccessTokenResult object with the access token and expiration time. |
getAccessTokenUncached(Iterable<String> scopes)
public abstract AppIdentityService.GetAccessTokenResult getAccessTokenUncached(Iterable<String> scopes)OAuth2 access token to act on behalf of the application, uncached.
Most developers should use getAccessToken instead.
| Parameter | |
|---|---|
| Name | Description |
scopes | Iterable<String>iterable of scopes to request. |
| Returns | |
|---|---|
| Type | Description |
AppIdentityService.GetAccessTokenResult | a GetAccessTokenResult object with the access token and expiration time. |
getDefaultGcsBucketName()
public abstract String getDefaultGcsBucketName()Gets the default GS bucket name for the app.
| Returns | |
|---|---|
| Type | Description |
String | default GS bucket name for the app. |
getPublicCertificatesForApp()
public abstract Collection<PublicCertificate> getPublicCertificatesForApp()Retrieves a list of public certificates.
| Returns | |
|---|---|
| Type | Description |
Collection<PublicCertificate> | a list of public certificates. |
getServiceAccountName()
public abstract String getServiceAccountName()Gets service account name of the app.
| Returns | |
|---|---|
| Type | Description |
String | service account name of the app. |
parseFullAppId(String fullAppId)
public abstract AppIdentityService.ParsedAppId parseFullAppId(String fullAppId)Parse a full app id into partition, domain name and display app_id.
| Parameter | |
|---|---|
| Name | Description |
fullAppId | StringThe full partitioned app id. |
| Returns | |
|---|---|
| Type | Description |
AppIdentityService.ParsedAppId | An ParsedAppId instance with the parsing results. |
signForApp(byte[] signBlob)
public abstract AppIdentityService.SigningResult signForApp(byte[] signBlob)Requests to sign arbitrary byte array using per app private key.
| Parameter | |
|---|---|
| Name | Description |
signBlob | byte[]string blob. |
| Returns | |
|---|---|
| Type | Description |
AppIdentityService.SigningResult | a SigningResult object which contains signing key name and signature. |