com.google.auth.oauth2

Class ServiceAccountJwtAccessCredentials

java.lang.Object

com.google.auth.Credentials

com.google.auth.oauth2.ServiceAccountJwtAccessCredentials

public class ServiceAccountJwtAccessCredentials
extends Credentials

Service Account credentials for calling Google APIs using a JWT directly for access.

Uses a JSON Web Token (JWT) directly in the request metadata to provide authorization.

Constructor Summary

Constructors

Constructor and Description
ServiceAccountJwtAccessCredentials(String clientId, String clientEmail, PrivateKey privateKey, String privateKeyId) Constructor with minimum identifying information.
ServiceAccountJwtAccessCredentials(String clientId, String clientEmail, PrivateKey privateKey, String privateKeyId, URI defaultAudience) Constructor with full information.

Method Summary

Modifier and Type	Method and Description
static ServiceAccountJwtAccessCredentials	fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId) Factory using PKCS#8 for the private key.
static ServiceAccountJwtAccessCredentials	fromPkcs8(String clientId, String clientEmail, String privateKeyPkcs8, String privateKeyId, URI defaultAudience) Factory using PKCS#8 for the private key.
String	getAuthenticationType()
String	getClientEmail()
String	getClientId()
PrivateKey	getPrivateKey()
String	getPrivateKeyId()
Map<String,List<String>>	getRequestMetadata(URI uri) Provide the request metadata by putting an access JWT directly in the metadata.
boolean	hasRequestMetadata()
boolean	hasRequestMetadataOnly()
void	refresh() Discard any cached data

Methods inherited from class com.google.auth.Credentials

getRequestMetadata

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ServiceAccountJwtAccessCredentials

public ServiceAccountJwtAccessCredentials(String clientId,
                                          String clientEmail,
                                          PrivateKey privateKey,
                                          String privateKeyId)

Constructor with minimum identifying information.

Parameters:

clientId - Client ID of the service account from the console. May be null.

clientEmail - Client email address of the service account from the console.

privateKey - RSA private key object for the service account.

privateKeyId - Private key identifier for the service account. May be null.

ServiceAccountJwtAccessCredentials

public ServiceAccountJwtAccessCredentials(String clientId,
                                          String clientEmail,
                                          PrivateKey privateKey,
                                          String privateKeyId,
                                          URI defaultAudience)

Constructor with full information.

Parameters:

clientId - Client ID of the service account from the console. May be null.

clientEmail - Client email address of the service account from the console.

privateKey - RSA private key object for the service account.

privateKeyId - Private key identifier for the service account. May be null.

defaultAudience - Audience to use if not provided by transport. May be null.

Method Detail

fromPkcs8

public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId,
                                                           String clientEmail,
                                                           String privateKeyPkcs8,
                                                           String privateKeyId)
                                                    throws IOException

Factory using PKCS#8 for the private key.

Parameters:

clientId - Client ID of the service account from the console. May be null.

clientEmail - Client email address of the service account from the console.

privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.

privateKeyId - Private key identifier for the service account. May be null.

Throws:

IOException

fromPkcs8

public static ServiceAccountJwtAccessCredentials fromPkcs8(String clientId,
                                                           String clientEmail,
                                                           String privateKeyPkcs8,
                                                           String privateKeyId,
                                                           URI defaultAudience)
                                                    throws IOException

Factory using PKCS#8 for the private key.

Parameters:

clientId - Client ID of the service account from the console. May be null.

clientEmail - Client email address of the service account from the console.

privateKeyPkcs8 - RSA private key object for the service account in PKCS#8 format.

privateKeyId - Private key identifier for the service account. May be null.

defaultAudience - Audience to use if not provided by transport. May be null.

Throws:

IOException

getAuthenticationType

public String getAuthenticationType()

Specified by:

getAuthenticationType in class Credentials

hasRequestMetadata

public boolean hasRequestMetadata()

Specified by:

hasRequestMetadata in class Credentials

hasRequestMetadataOnly

public boolean hasRequestMetadataOnly()

Specified by:

hasRequestMetadataOnly in class Credentials

getRequestMetadata

public Map<String,List<String>> getRequestMetadata(URI uri)
                                            throws IOException

Provide the request metadata by putting an access JWT directly in the metadata.

Specified by:

getRequestMetadata in class Credentials

Throws:

IOException

refresh

public void refresh()

Discard any cached data

Specified by:

refresh in class Credentials

getClientId

public final String getClientId()

getClientEmail

public final String getClientEmail()

getPrivateKey

public final PrivateKey getPrivateKey()

getPrivateKeyId

public final String getPrivateKeyId()