public class ExternalAccountAuthorizedUserCredentials extends GoogleCredentialsOAuth2 credentials sourced using external identities through Workforce Identity Federation.
Obtaining the initial access and refresh token can be done through the Google Cloud CLI.
Example credentials file: { "type": "external_account_authorized_user", "audience": "//iam.googleapis.com/locations/global/workforcePools/$WORKFORCE_POOL_ID/providers/$PROVIDER_ID", "refresh_token": "refreshToken", "token_url": "https://sts.googleapis.com/v1/oauthtoken", "token_info_url": "https://sts.googleapis.com/v1/introspect", "client_id": "clientId", "client_secret": "clientSecret" }
Inheritance
Object > Credentials > OAuth2Credentials > GoogleCredentials > ExternalAccountAuthorizedUserCredentialsStatic Methods
fromStream(InputStream credentialsStream)
public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream)Returns external account authorized user credentials defined by a JSON file stream.
Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to {@see documentation}.
| Parameter | |
|---|---|
| Name | Description |
credentialsStream |
InputStreamthe stream with the credential definition |
| Returns | |
|---|---|
| Type | Description |
ExternalAccountAuthorizedUserCredentials |
the credential defined by the credentialsStream |
| Exceptions | |
|---|---|
| Type | Description |
IOException |
if the credential cannot be created from the stream |
fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory)
public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream credentialsStream, HttpTransportFactory transportFactory)Returns external account authorized user credentials defined by a JSON file stream.
Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information, refer to {@see documentation}.
| Parameters | |
|---|---|
| Name | Description |
credentialsStream |
InputStreamthe stream with the credential definition |
transportFactory |
HttpTransportFactorythe HTTP transport factory used to create the transport to get access tokens |
| Returns | |
|---|---|
| Type | Description |
ExternalAccountAuthorizedUserCredentials |
the credential defined by the credentialsStream |
| Exceptions | |
|---|---|
| Type | Description |
IOException |
if the credential cannot be created from the stream |
newBuilder()
public static ExternalAccountAuthorizedUserCredentials.Builder newBuilder()| Returns | |
|---|---|
| Type | Description |
ExternalAccountAuthorizedUserCredentials.Builder |
|
Methods
equals(Object obj)
public boolean equals(Object obj)| Parameter | |
|---|---|
| Name | Description |
obj |
Object |
| Returns | |
|---|---|
| Type | Description |
boolean |
|
getAudience()
public String getAudience()| Returns | |
|---|---|
| Type | Description |
String |
|
getClientId()
public String getClientId()| Returns | |
|---|---|
| Type | Description |
String |
|
getClientSecret()
public String getClientSecret()| Returns | |
|---|---|
| Type | Description |
String |
|
getRefreshToken()
public String getRefreshToken()| Returns | |
|---|---|
| Type | Description |
String |
|
getRevokeUrl()
public String getRevokeUrl()| Returns | |
|---|---|
| Type | Description |
String |
|
getTokenInfoUrl()
public String getTokenInfoUrl()| Returns | |
|---|---|
| Type | Description |
String |
|
getTokenUrl()
public String getTokenUrl()| Returns | |
|---|---|
| Type | Description |
String |
|
hashCode()
public int hashCode()| Returns | |
|---|---|
| Type | Description |
int |
|
refreshAccessToken()
public AccessToken refreshAccessToken()Method to refresh the access token according to the specific type of credentials.
Throws IllegalStateException if not overridden since direct use of OAuth2Credentials is only for temporary or non-refreshing access tokens.
| Returns | |
|---|---|
| Type | Description |
AccessToken |
|
| Exceptions | |
|---|---|
| Type | Description |
IOException |
|
toBuilder()
public ExternalAccountAuthorizedUserCredentials.Builder toBuilder()| Returns | |
|---|---|
| Type | Description |
ExternalAccountAuthorizedUserCredentials.Builder |
|
toString()
public String toString()Returns a string representation of this credential.
Security Warning: The output of this method includes sensitive fields such as the client secret, refresh token, and request metadata containing the raw Bearer access token. Do not log this output in production environments as it may expose sensitive credentials.
| Returns | |
|---|---|
| Type | Description |
String |
|