public class JwtCredentials extends Credentials implements JwtProvider
Credentials class for calling Google APIs using a JWT with custom claims.
Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.
JwtClaims claims = JwtClaims.newBuilder()
.setAudience("https://example.com/some-audience")
.setIssuer("some-issuer@example.com")
.setSubject("some-subject@example.com")
.build();
Credentials = JwtCredentials.newBuilder()
.setPrivateKey(privateKey)
.setPrivateKeyId("private-key-id")
.setJwtClaims(claims)
.build();
Implements
JwtProviderStatic Methods
newBuilder()
public static JwtCredentials.Builder newBuilder()
Returns | |
---|---|
Type | Description |
JwtCredentials.Builder |
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter | |
---|---|
Name | Description |
obj | Object |
Returns | |
---|---|
Type | Description |
boolean |
getAuthenticationType()
public String getAuthenticationType()
A constant string name describing the authentication technology.
E.g. “OAuth2”, “SSL”. For use by the transport layer to determine whether it supports the type of authentication in the case where Credentials#hasRequestMetadataOnly is false. Also serves as a debugging helper.
Returns | |
---|---|
Type | Description |
String |
getRequestMetadata(URI uri)
public Map<String,List<String>> getRequestMetadata(URI uri)
Get the current request metadata in a blocking manner, refreshing tokens if required.
This should be called by the transport layer on each request, and the data should be populated in headers or other context. The operation can block and fail to complete and may do things such as refreshing access tokens.
The convention for handling binary data is for the key in the returned map to end with
"-bin"
and for the corresponding values to be base64 encoded.
Parameter | |
---|---|
Name | Description |
uri | URI |
Returns | |
---|---|
Type | Description |
Map<String,List<String>> |
Exceptions | |
---|---|
Type | Description |
IOException |
hasRequestMetadata()
public boolean hasRequestMetadata()
Whether the credentials have metadata entries that should be added to each request.
This should be called by the transport layer to see if Credentials#getRequestMetadata should be used for each request.
Returns | |
---|---|
Type | Description |
boolean |
hasRequestMetadataOnly()
public boolean hasRequestMetadataOnly()
Indicates whether or not the Auth mechanism works purely by including request metadata.
This is meant for the transport layer. If this is true a transport does not need to take actions other than including the request metadata. If this is false, a transport must specifically know about the authentication technology to support it, and should fail to accept the credentials otherwise.
Returns | |
---|---|
Type | Description |
boolean |
hashCode()
public int hashCode()
Returns | |
---|---|
Type | Description |
int |
jwtWithClaims(JwtClaims newClaims)
public JwtCredentials jwtWithClaims(JwtClaims newClaims)
Returns a copy of these credentials with modified claims.
Parameter | |
---|---|
Name | Description |
newClaims | JwtClaims new claims. Any unspecified claim fields default to the the current values. |
Returns | |
---|---|
Type | Description |
JwtCredentials | new credentials |
refresh()
public void refresh()
Refresh the token by discarding the cached token and metadata and rebuilding a new one.
Exceptions | |
---|---|
Type | Description |
IOException |