public class ServiceAccountJwtAccessCredentials extends Credentials implements JwtProvider, ServiceAccountSigner, QuotaProjectIdProviderService Account credentials for calling Google APIs using a JWT directly for access.
Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.
Static Methods
fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId)
public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId)Factory using PKCS#8 for the private key.
| Parameters | |
|---|---|
| Name | Description |
clientId | StringClient ID of the service account from the console. May be null. |
clientEmail | StringClient email address of the service account from the console. |
privateKeyPkcs8 | StringRSA private key object for the service account in PKCS#8 format. |
privateKeyId | StringPrivate key identifier for the service account. May be null. |
| Returns | |
|---|---|
| Type | Description |
ServiceAccountJwtAccessCredentials | New ServiceAccountJwtAcceessCredentials created from a private key. |
| Exceptions | |
|---|---|
| Type | Description |
IOException | if the credential cannot be created from the private key. |
fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId, URI defaultAudience)
public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId, URI defaultAudience)Factory using PKCS#8 for the private key.
| Parameters | |
|---|---|
| Name | Description |
clientId | StringClient ID of the service account from the console. May be null. |
clientEmail | StringClient email address of the service account from the console. |
privateKeyPkcs8 | StringRSA private key object for the service account in PKCS#8 format. |
privateKeyId | StringPrivate key identifier for the service account. May be null. |
defaultAudience | URIAudience to use if not provided by transport. May be null. |
| Returns | |
|---|---|
| Type | Description |
ServiceAccountJwtAccessCredentials | New ServiceAccountJwtAcceessCredentials created from a private key. |
| Exceptions | |
|---|---|
| Type | Description |
IOException | if the credential cannot be created from the private key. |
fromStream(InputStream credentialsStream)
public static ServiceAccountJwtAccessCredentials fromStream(InputStream credentialsStream)Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
| Parameter | |
|---|---|
| Name | Description |
credentialsStream | InputStreamthe stream with the credential definition. |
| Returns | |
|---|---|
| Type | Description |
ServiceAccountJwtAccessCredentials | the credential defined by the credentialsStream. |
| Exceptions | |
|---|---|
| Type | Description |
IOException | if the credential cannot be created from the stream. |
fromStream(InputStream credentialsStream, URI defaultAudience)
public static ServiceAccountJwtAccessCredentials fromStream(InputStream credentialsStream, URI defaultAudience)Returns credentials defined by a Service Account key file in JSON format from the Google Developers Console.
| Parameters | |
|---|---|
| Name | Description |
credentialsStream | InputStreamthe stream with the credential definition. |
defaultAudience | URIAudience to use if not provided by transport. May be null. |
| Returns | |
|---|---|
| Type | Description |
ServiceAccountJwtAccessCredentials | the credential defined by the credentialsStream. |
| Exceptions | |
|---|---|
| Type | Description |
IOException | if the credential cannot be created from the stream. |
newBuilder()
public static ServiceAccountJwtAccessCredentials.Builder newBuilder()| Returns | |
|---|---|
| Type | Description |
ServiceAccountJwtAccessCredentials.Builder | |
Methods
equals(Object obj)
public boolean equals(Object obj)| Parameter | |
|---|---|
| Name | Description |
obj | Object |
| Returns | |
|---|---|
| Type | Description |
boolean | |
getAccount()
public String getAccount()Returns the service account associated with the signer.
| Returns | |
|---|---|
| Type | Description |
String | |
getAuthenticationType()
public String getAuthenticationType()A constant string name describing the authentication technology.
E.g. “OAuth2”, “SSL”. For use by the transport layer to determine whether it supports the type of authentication in the case where Credentials#hasRequestMetadataOnly is false. Also serves as a debugging helper.
| Returns | |
|---|---|
| Type | Description |
String | |
getClientEmail()
public final String getClientEmail()| Returns | |
|---|---|
| Type | Description |
String | |
getClientId()
public final String getClientId()| Returns | |
|---|---|
| Type | Description |
String | |
getPrivateKey()
public final PrivateKey getPrivateKey()| Returns | |
|---|---|
| Type | Description |
PrivateKey | |
getPrivateKeyId()
public final String getPrivateKeyId()| Returns | |
|---|---|
| Type | Description |
String | |
getQuotaProjectId()
public String getQuotaProjectId()| Returns | |
|---|---|
| Type | Description |
String | |
getRequestMetadata(URI uri)
public Map<String,List<String>> getRequestMetadata(URI uri)Provide the request metadata by putting an access JWT directly in the metadata.
| Parameter | |
|---|---|
| Name | Description |
uri | URI |
| Returns | |
|---|---|
| Type | Description |
Map<String,List<String>> | |
| Exceptions | |
|---|---|
| Type | Description |
IOException | |
getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback callback)
public void getRequestMetadata(URI uri, Executor executor, RequestMetadataCallback callback)Get the current request metadata without blocking.
This should be called by the transport layer on each request, and the data should be populated in headers or other context. The implementation can either call the callback inline or asynchronously. Either way it should never block in this method. The executor is provided for tasks that may block.
The default implementation will just call #getRequestMetadata(URI) then the callback from the given executor.
The convention for handling binary data is for the key in the returned map to end with
"-bin" and for the corresponding values to be base64 encoded.
| Parameters | |
|---|---|
| Name | Description |
uri | URI |
executor | Executor |
callback | RequestMetadataCallback |
hasRequestMetadata()
public boolean hasRequestMetadata()Whether the credentials have metadata entries that should be added to each request.
This should be called by the transport layer to see if Credentials#getRequestMetadata should be used for each request.
| Returns | |
|---|---|
| Type | Description |
boolean | |
hasRequestMetadataOnly()
public boolean hasRequestMetadataOnly()Indicates whether or not the Auth mechanism works purely by including request metadata.
This is meant for the transport layer. If this is true a transport does not need to take actions other than including the request metadata. If this is false, a transport must specifically know about the authentication technology to support it, and should fail to accept the credentials otherwise.
| Returns | |
|---|---|
| Type | Description |
boolean | |
hashCode()
public int hashCode()| Returns | |
|---|---|
| Type | Description |
int | |
jwtWithClaims(JwtClaims newClaims)
public JwtCredentials jwtWithClaims(JwtClaims newClaims)Returns a new JwtCredentials instance with modified claims.
| Parameter | |
|---|---|
| Name | Description |
newClaims | JwtClaimsnew claims. Any unspecified claim fields will default to the the current values. |
| Returns | |
|---|---|
| Type | Description |
JwtCredentials | new credentials |
refresh()
public void refresh()Discard any cached data
sign(byte[] toSign)
public byte[] sign(byte[] toSign)Signs the provided bytes using the private key associated with the service account.
| Parameter | |
|---|---|
| Name | Description |
toSign | byte[] |
| Returns | |
|---|---|
| Type | Description |
byte[] | |
toBuilder()
public ServiceAccountJwtAccessCredentials.Builder toBuilder()| Returns | |
|---|---|
| Type | Description |
ServiceAccountJwtAccessCredentials.Builder | |
toString()
public String toString()| Returns | |
|---|---|
| Type | Description |
String | |