Package com.google.cloud.iam.credentials.v1 (2.1.0)

The interfaces provided are listed below, along with usage samples.

IamCredentialsClient

Service Description: A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

Sample for IamCredentialsClient:


 try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
   ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
   List<String> delegates = new ArrayList<>();
   List<String> scope = new ArrayList<>();
   Duration lifetime = Duration.newBuilder().build();
   GenerateAccessTokenResponse response =
       iamCredentialsClient.generateAccessToken(name, delegates, scope, lifetime);
 }
 

Classes

GenerateAccessTokenRequest

Protobuf type google.iam.credentials.v1.GenerateAccessTokenRequest

GenerateAccessTokenRequest.Builder

Protobuf type google.iam.credentials.v1.GenerateAccessTokenRequest

GenerateAccessTokenResponse

Protobuf type google.iam.credentials.v1.GenerateAccessTokenResponse

GenerateAccessTokenResponse.Builder

Protobuf type google.iam.credentials.v1.GenerateAccessTokenResponse

GenerateIdTokenRequest

Protobuf type google.iam.credentials.v1.GenerateIdTokenRequest

GenerateIdTokenRequest.Builder

Protobuf type google.iam.credentials.v1.GenerateIdTokenRequest

GenerateIdTokenResponse

Protobuf type google.iam.credentials.v1.GenerateIdTokenResponse

GenerateIdTokenResponse.Builder

Protobuf type google.iam.credentials.v1.GenerateIdTokenResponse

IAMCredentialsCommonProto

IAMCredentialsGrpc

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved. Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

IAMCredentialsGrpc.IAMCredentialsBlockingStub

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved. Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

IAMCredentialsGrpc.IAMCredentialsFutureStub

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved. Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

IAMCredentialsGrpc.IAMCredentialsImplBase

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved. Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

IAMCredentialsGrpc.IAMCredentialsStub

A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved. Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

IAMCredentialsProto

IamCredentialsClient

Service Description: A service account is a special type of Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application assumes the identity of the service account to call Google APIs, so that the users aren't directly involved.

Service account credentials are used to temporarily assume the identity of the service account. Supported credential types include OAuth 2.0 access tokens, OpenID Connect ID tokens, self-signed JSON Web Tokens (JWTs), and more.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 try (IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create()) {
   ServiceAccountName name = ServiceAccountName.of("[PROJECT]", "[SERVICE_ACCOUNT]");
   List<String> delegates = new ArrayList<>();
   List<String> scope = new ArrayList<>();
   Duration lifetime = Duration.newBuilder().build();
   GenerateAccessTokenResponse response =
       iamCredentialsClient.generateAccessToken(name, delegates, scope, lifetime);
 }
 

Note: close() needs to be called on the IamCredentialsClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of IamCredentialsSettings to create(). For example:

To customize credentials:


 IamCredentialsSettings iamCredentialsSettings =
     IamCredentialsSettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create(iamCredentialsSettings);
 

To customize the endpoint:


 IamCredentialsSettings iamCredentialsSettings =
     IamCredentialsSettings.newBuilder().setEndpoint(myEndpoint).build();
 IamCredentialsClient iamCredentialsClient = IamCredentialsClient.create(iamCredentialsSettings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

IamCredentialsSettings

Settings class to configure an instance of IamCredentialsClient.

The default instance has everything set to sensible defaults:

  • The default service address (iamcredentials.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of generateAccessToken to 30 seconds:


 IamCredentialsSettings.Builder iamCredentialsSettingsBuilder =
     IamCredentialsSettings.newBuilder();
 iamCredentialsSettingsBuilder
     .generateAccessTokenSettings()
     .setRetrySettings(
         iamCredentialsSettingsBuilder
             .generateAccessTokenSettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 IamCredentialsSettings iamCredentialsSettings = iamCredentialsSettingsBuilder.build();
 

IamCredentialsSettings.Builder

Builder for IamCredentialsSettings.

ServiceAccountName

ServiceAccountName.Builder

Builder for projects/{project}/serviceAccounts/{service_account}.

SignBlobRequest

Protobuf type google.iam.credentials.v1.SignBlobRequest

SignBlobRequest.Builder

Protobuf type google.iam.credentials.v1.SignBlobRequest

SignBlobResponse

Protobuf type google.iam.credentials.v1.SignBlobResponse

SignBlobResponse.Builder

Protobuf type google.iam.credentials.v1.SignBlobResponse

SignJwtRequest

Protobuf type google.iam.credentials.v1.SignJwtRequest

SignJwtRequest.Builder

Protobuf type google.iam.credentials.v1.SignJwtRequest

SignJwtResponse

Protobuf type google.iam.credentials.v1.SignJwtResponse

SignJwtResponse.Builder

Protobuf type google.iam.credentials.v1.SignJwtResponse

Interfaces

GenerateAccessTokenRequestOrBuilder

GenerateAccessTokenResponseOrBuilder

GenerateIdTokenRequestOrBuilder

GenerateIdTokenResponseOrBuilder

SignBlobRequestOrBuilder

SignBlobResponseOrBuilder

SignJwtRequestOrBuilder

SignJwtResponseOrBuilder