com.google.auth.oauth2

Class IdTokenCredentials

java.lang.Object

com.google.auth.Credentials

com.google.auth.oauth2.OAuth2Credentials

com.google.auth.oauth2.IdTokenCredentials

All Implemented Interfaces:

Serializable

@Beta
public class IdTokenCredentials
extends OAuth2Credentials

IdTokenCredentials provides a Google Issued OpenIdConnect token.
Use an ID token to access services that require presenting an ID token for authentication such as Cloud Functions or Cloud Run.
The following Credential subclasses support IDTokens: ServiceAccountCredentials, ComputeEngineCredentials, ImpersonatedCredentials.

For more information see
Usage:

 String credPath = "/path/to/svc_account.json";
 String targetAudience = "https://example.com";

 // For Application Default Credentials (as ServiceAccountCredentials)
 // export GOOGLE_APPLICATION_CREDENTIALS=/path/to/svc.json
 GoogleCredentials adcCreds = GoogleCredentials.getApplicationDefault();
 if (!adcCreds instanceof IdTokenProvider) {
   // handle error message
 }

 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(adcCreds)
     .setTargetAudience(targetAudience).build();

 // for ServiceAccountCredentials
 ServiceAccountCredentials saCreds = ServiceAccountCredentials.fromStream(new FileInputStream(credPath));
 saCreds = (ServiceAccountCredentials) saCreds.createScoped(Arrays.asList("https://www.googleapis.com/auth/iam"));
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(saCreds)
     .setTargetAudience(targetAudience).build();

 // for ComputeEngineCredentials
 ComputeEngineCredentials caCreds = ComputeEngineCredentials.create();
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(caCreds)
     .setTargetAudience(targetAudience)
     .setOptions(Arrays.asList(ComputeEngineCredentials.ID_TOKEN_FORMAT_FULL))
     .build();

 // for ImpersonatedCredentials
 ImpersonatedCredentials imCreds = ImpersonatedCredentials.create(saCreds,
     "impersonated-account@project.iam.gserviceaccount.com", null,
     Arrays.asList("https://www.googleapis.com/auth/cloud-platform"), 300);
 IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder()
     .setIdTokenProvider(imCreds)
     .setTargetAudience(targetAudience)
     .setOptions(Arrays.asList(ImpersonatedCredentials.INCLUDE_EMAIL))
     .build();

 // Use the IdTokenCredential in an authorized transport
 GenericUrl genericUrl = new GenericUrl("https://example.com");
 HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(tokenCredential);
 HttpTransport transport = new NetHttpTransport();
 HttpRequest request = transport.createRequestFactory(adapter).buildGetRequest(genericUrl);
 HttpResponse response = request.execute();

 // Print the token, expiration and the audience
 System.out.println(tokenCredential.getIdToken().getTokenValue());
 System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getAudienceAsList());
 System.out.println(tokenCredential.getIdToken().getJsonWebSignature().getPayload().getExpirationTimeSeconds());
 

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	IdTokenCredentials.Builder

Nested classes/interfaces inherited from class com.google.auth.oauth2.OAuth2Credentials

OAuth2Credentials.CredentialsChangedListener

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
IdToken	getIdToken()
int	hashCode()
static IdTokenCredentials.Builder	newBuilder()
AccessToken	refreshAccessToken() Method to refresh the access token according to the specific type of credentials.
IdTokenCredentials.Builder	toBuilder()
String	toString()

Methods inherited from class com.google.auth.oauth2.OAuth2Credentials

addChangeListener, create, getAccessToken, getAuthenticationType, getFromServiceLoader, getRequestMetadata, getRequestMetadata, getRequestMetadataInternal, hasRequestMetadata, hasRequestMetadataOnly, newInstance, refresh, refreshIfExpired, removeChangeListener

Methods inherited from class com.google.auth.Credentials

blockingGetToCallback, getRequestMetadata

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Method Detail

refreshAccessToken

public AccessToken refreshAccessToken()
                               throws IOException

Description copied from class: OAuth2Credentials

Method to refresh the access token according to the specific type of credentials.

Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.

Overrides:

refreshAccessToken in class OAuth2Credentials

Returns:

Refreshed access token.

Throws:

IOException - from derived implementations

getIdToken

public IdToken getIdToken()

hashCode

public int hashCode()

Overrides:

hashCode in class OAuth2Credentials

toString

public String toString()

Overrides:

toString in class OAuth2Credentials

equals

public boolean equals(Object obj)

Overrides:

equals in class OAuth2Credentials

toBuilder

public IdTokenCredentials.Builder toBuilder()

Overrides:

toBuilder in class OAuth2Credentials

newBuilder

public static IdTokenCredentials.Builder newBuilder()