Open source authentication client library for Java.
- [API Documentation] (https://google.github.io/google-auth-library-java/releases/0.9.0/apidocs)
This project consists of 3 artifacts:
- google-auth-library-credentials: contains base classes and interfaces for Google credentials
- google-auth-library-appengine: contains App Engine credentials. This artifacts depends on the App Engine SDK
- google-auth-library-oauth2-http: contains a wide variety of credentials as well as utility methods to create them and to get Application Default Credentials
Note: This client is a work-in-progress, and may occasionally make backwards-incompatible changes.
If you are using Maven, add this to your pom.xml file (notice that you can replace
google-auth-library-oauth2-http
with any of google-auth-library-credentials
and
google-auth-library-appengine
, depending on your application needs):
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-oauth2-http</artifactId>
<version>0.9.0</version>
</dependency>
If you are using Gradle, add this to your dependencies
compile 'com.google.auth:google-auth-library-oauth2-http:0.9.0'
If you are using SBT, add this to your dependencies
libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "0.9.0"
This artifact contains base classes and interfaces for Google credentials:
Credentials
: base class for an authorized identity. Implementations of this class can be used to authorize your applicationRequestMetadataCallback
: interface for the callback that receives the result of the asynchronousCredentials.getRequestMetadata(URI, Executor, RequestMetadataCallback)
ServiceAccountSigner
: interface for a service account signer. Implementations of this class are capable of signing byte arrays using the credentials associated to a Google Service Account
This artifact depends on the App Engine SDK (appengine-api-1.0-sdk
) and should be used only by
applications running on App Engine. The AppEngineCredentials
class allows to authorize your App
Engine application given an instance of AppIdentityService.
This artifact contains a wide variety of credentials as well as utility methods to create them and to get Application Default Credentials. Credentials classes contained in this artifact are:
CloudShellCredentials
: credentials for Google Cloud Shell built-in service accountCloudShellCredentials
: credentials for Google Compute Engine built-in service accountOAuth2Credentials
: base class for OAuth2-based credentialsServiceAccountCredentials
: credentials for a Service Account - use a JSON Web Token (JWT) to get access tokensServiceAccountJwtAccessCredentials
: credentials for a Service Account - use JSON Web Token (JWT) directly in the request metadata to provide authorizationUserCredentials
: credentials for a user identity and consent
To get Application Default Credentials use GoogleCredentials.getApplicationDefault()
or
GoogleCredentials.getApplicationDefault(HttpTransportFactory)
. These methods return the
Application Default Credentials which are used to identify and authorize the whole application. The
following are searched (in order) to find the Application Default Credentials:
- Credentials file pointed to by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable - Credentials provided by the Google Cloud SDK
gcloud auth application-default login
command - Google App Engine built-in credentials
- Google Cloud Shell built-in credentials
- Google Compute Engine built-in credentials
- Skip this check by setting the environment variable
NO_GCE_CHECK=true
- Customize the GCE metadata server address by setting the environment variable
GCE_METADATA_HOST=<hostname>
- Skip this check by setting the environment variable
To get Credentials from a Service Account JSON key use GoogleCredentials.fromStream(InputStream)
or GoogleCredentials.fromStream(InputStream, HttpTransportFactory)
.
Contributions to this library are always welcome and highly encouraged.
See CONTRIBUTING documentation for more information on how to get started.
Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. See Code of Conduct for more information.
BSD 3-Clause - See LICENSE for more information.