Package com.google.auth.oauth2
Class ExternalAccountCredentials.Builder
- java.lang.Object
-
- com.google.auth.oauth2.OAuth2Credentials.Builder
-
- com.google.auth.oauth2.GoogleCredentials.Builder
-
- com.google.auth.oauth2.ExternalAccountCredentials.Builder
-
- Direct Known Subclasses:
AwsCredentials.Builder,IdentityPoolCredentials.Builder,PluggableAuthCredentials.Builder
- Enclosing class:
- ExternalAccountCredentials
public abstract static class ExternalAccountCredentials.Builder extends GoogleCredentials.Builder
Base builder for external account credentials.
-
-
Field Summary
Fields Modifier and Type Field Description protected Stringaudienceprotected StringclientIdprotected StringclientSecretprotected com.google.auth.oauth2.ExternalAccountCredentials.CredentialSourcecredentialSourceprotected com.google.auth.oauth2.EnvironmentProviderenvironmentProviderprotected Collection<String>scopesprotected com.google.auth.oauth2.ExternalAccountCredentials.ServiceAccountImpersonationOptionsserviceAccountImpersonationOptionsprotected StringserviceAccountImpersonationUrlprotected StringsubjectTokenTypeprotected StringtokenInfoUrlprotected StringtokenUrlprotected HttpTransportFactorytransportFactoryprotected StringuniverseDomainprotected StringworkforcePoolUserProject-
Fields inherited from class com.google.auth.oauth2.GoogleCredentials.Builder
quotaProjectId
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedBuilder()protectedBuilder(ExternalAccountCredentials credentials)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract ExternalAccountCredentialsbuild()ExternalAccountCredentials.BuildersetAudience(String audience)Sets the Security Token Service audience, which is usually the fully specified resource name of the workload/workforce pool provider.ExternalAccountCredentials.BuildersetClientId(String clientId)Sets the optional client ID of the service account from the console.ExternalAccountCredentials.BuildersetClientSecret(String clientSecret)Sets the optional client secret of the service account from the console.ExternalAccountCredentials.BuildersetCredentialSource(com.google.auth.oauth2.ExternalAccountCredentials.CredentialSource credentialSource)Sets the external credential source.ExternalAccountCredentials.BuildersetHttpTransportFactory(HttpTransportFactory transportFactory)Sets the HTTP transport factory, creates the transport used to get access tokens.ExternalAccountCredentials.BuildersetQuotaProjectId(String quotaProjectId)Sets the optional project used for quota and billing purposes.ExternalAccountCredentials.BuildersetScopes(Collection<String> scopes)Sets the optional scopes to request during the authorization grant.ExternalAccountCredentials.BuildersetServiceAccountImpersonationOptions(Map<String,Object> optionsMap)Sets the optional service account impersonation options.ExternalAccountCredentials.BuildersetServiceAccountImpersonationUrl(String serviceAccountImpersonationUrl)Sets the optional URL used for service account impersonation, which is required for some APIs.ExternalAccountCredentials.BuildersetSubjectTokenType(String subjectTokenType)Sets the Security Token Service subject token type based on the OAuth 2.0 token exchange spec.ExternalAccountCredentials.BuildersetTokenInfoUrl(String tokenInfoUrl)Sets the optional endpoint used to retrieve account related information.ExternalAccountCredentials.BuildersetTokenUrl(String tokenUrl)Sets the Security Token Service token exchange endpoint.ExternalAccountCredentials.BuildersetUniverseDomain(String universeDomain)Sets the optional universe domain.ExternalAccountCredentials.BuildersetWorkforcePoolUserProject(String workforcePoolUserProject)Sets the optional workforce pool user project number when the credential corresponds to a workforce pool and not a workload identity pool.-
Methods inherited from class com.google.auth.oauth2.GoogleCredentials.Builder
getQuotaProjectId, setAccessToken
-
Methods inherited from class com.google.auth.oauth2.OAuth2Credentials.Builder
getAccessToken, getExpirationMargin, getRefreshMargin, setExpirationMargin, setRefreshMargin
-
-
-
-
Field Detail
-
audience
protected String audience
-
subjectTokenType
protected String subjectTokenType
-
tokenUrl
protected String tokenUrl
-
tokenInfoUrl
protected String tokenInfoUrl
-
credentialSource
protected com.google.auth.oauth2.ExternalAccountCredentials.CredentialSource credentialSource
-
environmentProvider
protected com.google.auth.oauth2.EnvironmentProvider environmentProvider
-
transportFactory
protected HttpTransportFactory transportFactory
-
scopes
@Nullable protected Collection<String> scopes
-
serviceAccountImpersonationOptions
@Nullable protected com.google.auth.oauth2.ExternalAccountCredentials.ServiceAccountImpersonationOptions serviceAccountImpersonationOptions
-
-
Constructor Detail
-
Builder
protected Builder()
-
Builder
protected Builder(ExternalAccountCredentials credentials)
-
-
Method Detail
-
setHttpTransportFactory
public ExternalAccountCredentials.Builder setHttpTransportFactory(HttpTransportFactory transportFactory)
Sets the HTTP transport factory, creates the transport used to get access tokens.- Parameters:
transportFactory- theHttpTransportFactoryto set- Returns:
- this
Builderobject
-
setAudience
public ExternalAccountCredentials.Builder setAudience(String audience)
Sets the Security Token Service audience, which is usually the fully specified resource name of the workload/workforce pool provider.- Parameters:
audience- the Security Token Service audience to set- Returns:
- this
Builderobject
-
setSubjectTokenType
public ExternalAccountCredentials.Builder setSubjectTokenType(String subjectTokenType)
Sets the Security Token Service subject token type based on the OAuth 2.0 token exchange spec. Indicates the type of the security token in the credential file.- Parameters:
subjectTokenType- the Security Token Service subject token type to set- Returns:
- this
Builderobject
-
setTokenUrl
public ExternalAccountCredentials.Builder setTokenUrl(String tokenUrl)
Sets the Security Token Service token exchange endpoint.- Parameters:
tokenUrl- the Security Token Service token exchange url to set- Returns:
- this
Builderobject
-
setCredentialSource
public ExternalAccountCredentials.Builder setCredentialSource(com.google.auth.oauth2.ExternalAccountCredentials.CredentialSource credentialSource)
Sets the external credential source.- Parameters:
credentialSource- theCredentialSourceto set- Returns:
- this
Builderobject
-
setServiceAccountImpersonationUrl
public ExternalAccountCredentials.Builder setServiceAccountImpersonationUrl(String serviceAccountImpersonationUrl)
Sets the optional URL used for service account impersonation, which is required for some APIs. If this URL is not available, the access token from the Security Token Service is used directly.- Parameters:
serviceAccountImpersonationUrl- the service account impersonation url to set- Returns:
- this
Builderobject
-
setTokenInfoUrl
public ExternalAccountCredentials.Builder setTokenInfoUrl(String tokenInfoUrl)
Sets the optional endpoint used to retrieve account related information. Required for gCloud session account identification.- Parameters:
tokenInfoUrl- the token info url to set- Returns:
- this
Builderobject
-
setQuotaProjectId
public ExternalAccountCredentials.Builder setQuotaProjectId(String quotaProjectId)
Sets the optional project used for quota and billing purposes.- Overrides:
setQuotaProjectIdin classGoogleCredentials.Builder- Parameters:
quotaProjectId- the quota and billing project id to set- Returns:
- this
Builderobject
-
setClientId
public ExternalAccountCredentials.Builder setClientId(String clientId)
Sets the optional client ID of the service account from the console.- Parameters:
clientId- the service account client id to set- Returns:
- this
Builderobject
-
setClientSecret
public ExternalAccountCredentials.Builder setClientSecret(String clientSecret)
Sets the optional client secret of the service account from the console.- Parameters:
clientSecret- the service account client secret to set- Returns:
- this
Builderobject
-
setScopes
public ExternalAccountCredentials.Builder setScopes(Collection<String> scopes)
Sets the optional scopes to request during the authorization grant.- Parameters:
scopes- the request scopes to set- Returns:
- this
Builderobject
-
setWorkforcePoolUserProject
public ExternalAccountCredentials.Builder setWorkforcePoolUserProject(String workforcePoolUserProject)
Sets the optional workforce pool user project number when the credential corresponds to a workforce pool and not a workload identity pool. The underlying principal must still have serviceusage.services.use IAM permission to use the project for billing/quota.- Parameters:
workforcePoolUserProject- the workforce pool user project number to set- Returns:
- this
Builderobject
-
setServiceAccountImpersonationOptions
public ExternalAccountCredentials.Builder setServiceAccountImpersonationOptions(Map<String,Object> optionsMap)
Sets the optional service account impersonation options.- Parameters:
optionsMap- the service account impersonation options to set- Returns:
- this
Builderobject
-
setUniverseDomain
public ExternalAccountCredentials.Builder setUniverseDomain(String universeDomain)
Sets the optional universe domain.- Parameters:
universeDomain- the universe domain to set- Returns:
- this
Builderobject
-
build
public abstract ExternalAccountCredentials build()
- Overrides:
buildin classGoogleCredentials.Builder
-
-