Credentials google api java

Class GoogleCredential (2.1.2)

Thread-safe Google-specific implementation of the OAuth 2.0 helper for accessing protected resources using an access token, as well as optionally refreshing the access token when it expires using a refresh token.

There are three modes supported: access token only, refresh token flow, and service account flow (with or without impersonating a user).

If all you have is an access token, you simply pass the TokenResponse to the credential using Builder#setFromTokenResponse(TokenResponse) . Google credential uses BearerToken#authorizationHeaderAccessMethod() as the access method. Sample usage:

 public static GoogleCredential createCredentialWithAccessTokenOnly(TokenResponse tokenResponse)

If you have a refresh token, it is similar to the case of access token only, but you additionally need to pass the credential the client secrets using Builder#setClientSecrets(GoogleClientSecrets) or Builder#setClientSecrets(String, String) . Google credential uses GoogleOAuthConstants#TOKEN_SERVER_URL as the token server URL, and ClientParametersAuthentication with the client ID and secret as the client authentication. Sample usage:

 public static GoogleCredential createCredentialWithRefreshToken( HttpTransport transport, JsonFactory jsonFactory, GoogleClientSecrets clientSecrets, TokenResponse tokenResponse)

The service account flow is used when you want to access data owned by your client application. You download the private key in a .p12 file from the Google APIs Console. Use Builder#setServiceAccountId(String) , Builder#setServiceAccountPrivateKeyFromP12File(File) , and Builder#setServiceAccountScopes(Collection) . Sample usage:

 public static GoogleCredential createCredentialForServiceAccount(HttpTransport transport, JsonFactory jsonFactory, String serviceAccountId, Collection serviceAccountScopes, File p12File) throws GeneralSecurityException, IOException

You can also use the service account flow to impersonate a user in a domain that you own. This is very similar to the service account flow above, but you additionally call Builder#setServiceAccountUser(String) . Sample usage:

 public static GoogleCredential createCredentialForServiceAccountImpersonateUser (HttpTransport transport, JsonFactory jsonFactory, String serviceAccountId, Collection serviceAccountScopes, File p12File, String serviceAccountUser) throws GeneralSecurityException, IOException

If you need to persist the access token in a data store, use DataStoreFactory and Builder#addRefreshListener(CredentialRefreshListener) with DataStoreCredentialRefreshListener .

If you have a custom request initializer, request execute interceptor, or unsuccessful response handler, take a look at the sample usage for HttpExecuteInterceptor and HttpUnsuccessfulResponseHandler , which are interfaces that this class also implements.

Источник

Class GoogleCredentials (1.19.0)

Returns the credentials instance from the given access token.

fromStream(InputStream credentialsStream)

public static GoogleCredentials fromStream(InputStream credentialsStream)

Returns credentials defined by a JSON file stream.

The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.

the stream with the credential definition.

the credential defined by the credentialsStream.

if the credential cannot be created from the stream.

fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory)

public static GoogleCredentials fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory)

Returns credentials defined by a JSON file stream.

The stream can contain a Service Account key file in JSON format from the Google Developers Console or a stored user credential using the format supported by the Cloud SDK.

the stream with the credential definition.

HTTP transport factory, creates the transport used to get access tokens.

the credential defined by the credentialsStream.

if the credential cannot be created from the stream.

getApplicationDefault()

public static GoogleCredentials getApplicationDefault()

Returns the Application Default Credentials.

Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:

1. Credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
2. Credentials provided by the Google Cloud SDK.
   1. gcloud auth application-default login for user account credentials.
   2. gcloud auth application-default login —impersonate-service-account for impersonated service account credentials.

   if the credentials cannot be created in the current environment.

   getApplicationDefault(HttpTransportFactory transportFactory)

   public static GoogleCredentials getApplicationDefault(HttpTransportFactory transportFactory)

   Returns the Application Default Credentials.

   Returns the Application Default Credentials which are used to identify and authorize the whole application. The following are searched (in order) to find the Application Default Credentials:

   1. Credentials file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
   2. Credentials provided by the Google Cloud SDK gcloud auth application-default login command
   3. Google App Engine built-in credentials
   4. Google Cloud Shell built-in credentials
   5. Google Compute Engine built-in credentials

   HTTP transport factory, creates the transport used to get access tokens.

   if the credentials cannot be created in the current environment.

   newBuilder()

   public static GoogleCredentials.Builder newBuilder()

   Constructors

   GoogleCredentials()

   protected GoogleCredentials()

   GoogleCredentials(AccessToken accessToken)

   public GoogleCredentials(AccessToken accessToken)

   Constructor with explicit access token.

   initial or temporary access token

   GoogleCredentials(AccessToken accessToken, String quotaProjectId)

   protected GoogleCredentials(AccessToken accessToken, String quotaProjectId)

   Parameters
   Name	Description
   accessToken	AccessToken
   quotaProjectId	String

   GoogleCredentials(AccessToken accessToken, Duration refreshMargin, Duration expirationMargin)

   protected GoogleCredentials(AccessToken accessToken, Duration refreshMargin, Duration expirationMargin)

   Constructor with explicit access token and refresh times

   initial or temporary access token

   GoogleCredentials(GoogleCredentials.Builder builder)

   protected GoogleCredentials(GoogleCredentials.Builder builder)

   Fields

   quotaProjectId

   protected final String quotaProjectId

   Methods

   createDelegated(String user)

   public GoogleCredentials createDelegated(String user)

   If the credentials support domain-wide delegation, creates a copy of the identity so that it impersonates the specified user; otherwise, returns the same instance.

   GoogleCredentials with a delegated user.

   createScoped(String[] scopes)

   public GoogleCredentials createScoped(String[] scopes)

   If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.

   Collection of scopes to request.

   GoogleCredentials with requested scopes.

   createScoped(Collection scopes)

   public GoogleCredentials createScoped(Collection scopes)

   If the credentials support scopes, creates a copy of the identity with the specified scopes; otherwise, returns the same instance.

   Collection of scopes to request.

   GoogleCredentials with requested scopes.

   createScoped(Collection scopes, Collection defaultScopes)

   public GoogleCredentials createScoped(Collection scopes, Collection defaultScopes)

   If the credentials support scopes, creates a copy of the identity with the specified scopes and default scopes; otherwise, returns the same instance. This is mainly used by client libraries.

   Collection of scopes to request.

   Collection of default scopes to request.

   GoogleCredentials with requested scopes.

   createScopedRequired()

   public boolean createScopedRequired()

   Indicates whether the credentials require scopes to be specified via a call to GoogleCredentials#createScoped before use.

   Whether the credentials require scopes to be specified.

   createWithCustomRetryStrategy(boolean defaultRetriesEnabled)

   public GoogleCredentials createWithCustomRetryStrategy(boolean defaultRetriesEnabled)

   If the credentials support automatic retries, creates a copy of the identity with the provided retry strategy

   a flag enabling or disabling default retries

   GoogleCredentials with the new default retries configuration.

   createWithQuotaProject(String quotaProject)

   public GoogleCredentials createWithQuotaProject(String quotaProject)

   Creates a credential with the provided quota project.

   the quota project to set on the credential

   credential with the provided quota project

   getAdditionalHeaders()

   protected Map> getAdditionalHeaders()

   Provide additional headers to return as request metadata.

   getQuotaProjectId()

   public String getQuotaProjectId()

   toBuilder()

   public GoogleCredentials.Builder toBuilder()

   Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

   Last updated 2023-06-28 UTC.

   Источник