or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

batch-operations.mdclient-services.mdhttp-transport.mdindex.mdjson-error-handling.mdmedia-operations.mdoauth2-auth.mdutilities.md

oauth2-auth.mddocs/

0
# OAuth2 Authentication
1


2
The Google API Client provides a complete OAuth 2.0 authentication system supporting various credential types including service accounts, user credentials, and compute engine metadata server authentication.
3


4
## Core Imports
5


6
```java
7
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
8
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
9
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
10
import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken;
11
import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier;
12
import com.google.api.client.googleapis.compute.ComputeCredential;
13
```
14


15
## Service Account Authentication
16


17
### GoogleCredential (Deprecated)
18


19
**Note**: This class is deprecated. Use `com.google.auth.oauth2.ServiceAccountCredentials` from the google-auth-library-oauth2-http library instead.
20


21
```java { .api }
22
@Deprecated
23
public class GoogleCredential extends Credential {
24
    public static GoogleCredential fromStream(InputStream keyStream) throws IOException;
25
    public static GoogleCredential fromStream(InputStream keyStream, HttpTransport transport, JsonFactory jsonFactory) throws IOException;
26
    
27
    public GoogleCredential createScoped(Collection<String> scopes);
28
    public GoogleCredential createScoped(String... scopes);
29
    public GoogleCredential createDelegated(String user);
30
    
31
    public final String getServiceAccountId();
32
    public final PrivateKey getServiceAccountPrivateKey();
33
    public final String getServiceAccountUser();
34
    public final Collection<String> getServiceAccountScopes();
35
    
36
    public static class Builder extends Credential.Builder {
37
        public GoogleCredential build();
38
        public Builder setServiceAccountId(String serviceAccountId);
39
        public Builder setServiceAccountPrivateKey(PrivateKey serviceAccountPrivateKey);
40
        public Builder setServiceAccountScopes(Collection<String> serviceAccountScopes);
41
        public Builder setServiceAccountUser(String serviceAccountUser);
42
    }
43
}
44
```
45


46
**Usage Example:**
47


48
```java
49
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
50
import java.io.FileInputStream;
51
import java.util.Arrays;
52


53
// Load from service account key file
54
GoogleCredential credential = GoogleCredential.fromStream(
55
    new FileInputStream("path/to/service-account-key.json"))
56
    .createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
57


58
// Create with builder
59
GoogleCredential credential = new GoogleCredential.Builder()
60
    .setTransport(httpTransport)
61
    .setJsonFactory(jsonFactory)
62
    .setServiceAccountId("service-account-email@project.iam.gserviceaccount.com")
63
    .setServiceAccountPrivateKey(privateKey)
64
    .setServiceAccountScopes(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"))
65
    .build();
66
```
67


68
## User Authorization Flow
69


70
### GoogleAuthorizationCodeFlow
71


72
OAuth 2.0 authorization code flow implementation for Google APIs.
73


74
```java { .api }
75
public class GoogleAuthorizationCodeFlow extends AuthorizationCodeFlow {
76
    public final Set<String> getScopes();
77
    public final String getAccessType();
78
    public final String getApprovalPrompt();
79
    
80
    public static class Builder extends AuthorizationCodeFlow.Builder {
81
        public GoogleAuthorizationCodeFlow build();
82
        public Builder setAccessType(String accessType);
83
        public Builder setApprovalPrompt(String approvalPrompt);
84
        public Builder setScopes(Collection<String> scopes);
85
    }
86
}
87
```
88


89
### GoogleAuthorizationCodeRequestUrl
90


91
URL builder for Google OAuth 2.0 authorization requests.
92


93
```java { .api }
94
public class GoogleAuthorizationCodeRequestUrl extends AuthorizationCodeRequestUrl {
95
    public GoogleAuthorizationCodeRequestUrl(String clientId, String redirectUri, Collection<String> scopes);
96
    public GoogleAuthorizationCodeRequestUrl(GoogleClientSecrets clientSecrets, String redirectUri, Collection<String> scopes);
97
    
98
    public final String getAccessType();
99
    public GoogleAuthorizationCodeRequestUrl setAccessType(String accessType);
100
    
101
    public final String getApprovalPrompt();
102
    public GoogleAuthorizationCodeRequestUrl setApprovalPrompt(String approvalPrompt);
103
    
104
    public final String getIncludeGrantedScopes();
105
    public GoogleAuthorizationCodeRequestUrl setIncludeGrantedScopes(Boolean includeGrantedScopes);
106
}
107
```
108


109
### GoogleAuthorizationCodeTokenRequest
110


111
Token request for Google OAuth 2.0 authorization code flow.
112


113
```java { .api }
114
public class GoogleAuthorizationCodeTokenRequest extends AuthorizationCodeTokenRequest {
115
    public GoogleAuthorizationCodeTokenRequest(HttpTransport transport, JsonFactory jsonFactory, String clientId, String clientSecret, String code, String redirectUri);
116
    public GoogleAuthorizationCodeTokenRequest(HttpTransport transport, JsonFactory jsonFactory, GoogleClientSecrets clientSecrets, String code, String redirectUri);
117
}
118
```
119


120
**Usage Example:**
121


122
```java
123
import com.google.api.client.googleapis.auth.oauth2.*;
124
import com.google.api.client.auth.oauth2.Credential;
125
import java.util.Arrays;
126


127
// Load client secrets
128
GoogleClientSecrets clientSecrets = GoogleClientSecrets.load(jsonFactory, 
129
    new FileReader("client_secrets.json"));
130


131
// Create authorization flow
132
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
133
    httpTransport, jsonFactory, clientSecrets,
134
    Arrays.asList("https://www.googleapis.com/auth/drive"))
135
    .setDataStoreFactory(dataStoreFactory)
136
    .setAccessType("offline")
137
    .build();
138


139
// Generate authorization URL
140
String redirectUri = "urn:ietf:wg:oauth:2.0:oob";
141
GoogleAuthorizationCodeRequestUrl authorizationUrl = flow.newAuthorizationUrl()
142
    .setRedirectUri(redirectUri);
143


144
// Exchange authorization code for tokens
145
GoogleAuthorizationCodeTokenRequest tokenRequest = 
146
    new GoogleAuthorizationCodeTokenRequest(
147
        httpTransport, jsonFactory, clientSecrets, 
148
        authorizationCode, redirectUri);
149
GoogleTokenResponse tokenResponse = tokenRequest.execute();
150
```
151


152
## Client Secrets
153


154
### GoogleClientSecrets
155


156
OAuth 2.0 client secrets for installed applications.
157


158
```java { .api }
159
public final class GoogleClientSecrets extends GenericJson {
160
    public Details getInstalled();
161
    public GoogleClientSecrets setInstalled(Details installed);
162
    
163
    public Details getWeb();
164
    public GoogleClientSecrets setWeb(Details web);
165
    
166
    public static GoogleClientSecrets load(JsonFactory jsonFactory, Reader reader) throws IOException;
167
    public static GoogleClientSecrets load(JsonFactory jsonFactory, InputStream inputStream) throws IOException;
168
    
169
    public static final class Details extends GenericJson {
170
        public String getClientId();
171
        public Details setClientId(String clientId);
172
        
173
        public String getClientSecret();
174
        public Details setClientSecret(String clientSecret);
175
        
176
        public List<String> getRedirectUris();
177
        public Details setRedirectUris(List<String> redirectUris);
178
        
179
        public String getAuthUri();
180
        public Details setAuthUri(String authUri);
181
        
182
        public String getTokenUri();
183
        public Details setTokenUri(String tokenUri);
184
    }
185
}
186
```
187


188
## Token Handling
189


190
### GoogleTokenResponse
191


192
Google OAuth 2.0 token response.
193


194
```java { .api }
195
public class GoogleTokenResponse extends TokenResponse {
196
    public final String getIdToken();
197
    public GoogleTokenResponse setIdToken(String idToken);
198
}
199
```
200


201
### GoogleRefreshTokenRequest
202


203
Refresh token request for Google OAuth 2.0.
204


205
```java { .api }
206
public class GoogleRefreshTokenRequest extends RefreshTokenRequest {
207
    public GoogleRefreshTokenRequest(HttpTransport transport, JsonFactory jsonFactory, String refreshToken, String clientId, String clientSecret);
208
}
209
```
210


211
## ID Token Verification
212


213
### GoogleIdToken
214


215
Google ID token representation and verification.
216


217
```java { .api }
218
public class GoogleIdToken extends JsonWebSignature {
219
    public final Payload getPayload();
220
    
221
    public static GoogleIdToken parse(JsonFactory jsonFactory, String idTokenString) throws IOException;
222
    
223
    public static class Payload extends JsonWebToken.Payload {
224
        public String getEmail();
225
        public Payload setEmail(String email);
226
        
227
        public Boolean getEmailVerified();
228
        public Payload setEmailVerified(Boolean emailVerified);
229
        
230
        public String getHostedDomain();
231
        public Payload setHostedDomain(String hostedDomain);
232
        
233
        public String getName();
234
        public Payload setName(String name);
235
        
236
        public String getPicture();
237
        public Payload setPicture(String picture);
238
        
239
        public String getGivenName();
240
        public Payload setGivenName(String givenName);
241
        
242
        public String getFamilyName();
243
        public Payload setFamilyName(String familyName);
244
        
245
        public String getLocale();
246
        public Payload setLocale(String locale);
247
    }
248
}
249
```
250


251
### GoogleIdTokenVerifier
252


253
Verifier for Google ID tokens.
254


255
```java { .api }
256
public class GoogleIdTokenVerifier extends IdTokenVerifier {
257
    public GoogleIdToken verify(String idTokenString) throws GeneralSecurityException, IOException;
258
    
259
    public static class Builder extends IdTokenVerifier.Builder {
260
        public GoogleIdTokenVerifier build();
261
        public Builder setAudience(Collection<String> audience);
262
        public Builder setIssuer(String issuer); 
263
    }
264
}
265
```
266


267
## Compute Engine Authentication
268


269
### ComputeCredential
270


271
OAuth 2.0 credential for accessing Google APIs using the Compute Engine metadata server.
272


273
```java { .api }
274
public class ComputeCredential extends Credential {
275
    public ComputeCredential();
276
    public ComputeCredential(Builder builder);
277
    
278
    public static class Builder extends Credential.Builder {
279
        public ComputeCredential build();
280
    }
281
}
282
```
283


284
**Usage Example:**
285


286
```java
287
import com.google.api.client.googleapis.compute.ComputeCredential;
288


289
// Create credential for Compute Engine
290
ComputeCredential credential = new ComputeCredential.Builder(httpTransport, jsonFactory)
291
    .build();
292
```
293


294
## Utilities
295


296
### OAuth2Utils
297


298
Utility methods for OAuth 2.0 operations.
299


300
```java { .api }
301
public class OAuth2Utils {
302
    public static final String BEARER_TOKEN_PREFIX = "Bearer ";
303
    
304
    public static void useProxy(HttpExecuteInterceptor proxy);
305
}
306
```
307


308
### GoogleOAuthConstants
309


310
Constants for Google OAuth 2.0 endpoints.
311


312
```java { .api }
313
public class GoogleOAuthConstants {
314
    public static final String AUTHORIZATION_SERVER_URL = "https://accounts.google.com/o/oauth2/v2/auth";
315
    public static final String TOKEN_SERVER_URL = "https://oauth2.googleapis.com/token";
316
    public static final String REVOKE_URL = "https://oauth2.googleapis.com/revoke";
317
    public static final String OOB_REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
318
}
319
```
320


321
## Types
322


323
### Credential
324


325
Base credential class (from google-oauth-client library).
326


327
### HttpTransport
328


329
HTTP transport interface.
330


331
### JsonFactory
332


333
JSON factory interface.
334


335
### PrivateKey
336


337
Java security private key.
338


339
### Collection<String>
340


341
Java collection of strings for scopes.
342


343
### InputStream
344


345
Java input stream for reading credential files.
346


347
### IOException
348


349
Exception for I/O operations.
350


351
### GeneralSecurityException
352


353
Exception for security-related operations.