or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

authorization-flow.mdfile-credential-storage.mdindex.mdverification-receivers.md

file-credential-storage.mddocs/

0
# File-Based Credential Storage (Deprecated)
1


2
Legacy file-based credential storage system for persisting OAuth 2.0 credentials across application restarts. These components are deprecated in favor of `FileDataStoreFactory` with `StoredCredential`.
3


4
**⚠️ Deprecation Notice**: All classes in this section are deprecated and will be removed in future versions. Use `FileDataStoreFactory` with `StoredCredential` instead.
5


6
## Capabilities
7


8
### FileCredentialStore
9


10
Thread-safe file implementation of a credential store that persists OAuth 2.0 credentials to disk in JSON format.
11


12
```java { .api }
13
/**
14
 * Thread-safe file implementation of a credential store.
15
 * @deprecated Use FileDataStoreFactory with StoredCredential instead
16
 */
17
@Deprecated
18
@Beta
19
public class FileCredentialStore implements CredentialStore {
20
    
21
    /**
22
     * Creates a new file credential store.
23
     * @param file File to store user credentials
24
     * @param jsonFactory JSON factory to serialize user credentials
25
     * @throws IOException if file cannot be created or accessed
26
     */
27
    public FileCredentialStore(File file, JsonFactory jsonFactory) throws IOException;
28
    
29
    /**
30
     * Stores a credential for the specified user.
31
     * @param userId user ID to associate with the credential
32
     * @param credential credential to store
33
     * @throws IOException if storage fails
34
     */
35
    @Override
36
    public void store(String userId, Credential credential) throws IOException;
37
    
38
    /**
39
     * Loads a credential for the specified user.
40
     * @param userId user ID whose credential should be loaded
41
     * @param credential credential object to populate with stored values
42
     * @return true if credential was found and loaded, false otherwise
43
     */
44
    @Override
45
    public boolean load(String userId, Credential credential);
46
    
47
    /**
48
     * Deletes a credential for the specified user.
49
     * @param userId user ID whose credential should be deleted
50
     * @param credential credential object (not used in deletion)
51
     * @throws IOException if deletion fails
52
     */
53
    @Override
54
    public void delete(String userId, Credential credential) throws IOException;
55
    
56
    /**
57
     * Migrates to the new FileDataStoreFactory format.
58
     * @param dataStoreFactory file data store factory for migration target
59
     * @throws IOException if migration fails
60
     */
61
    public final void migrateTo(FileDataStoreFactory dataStoreFactory) throws IOException;
62
    
63
    /**
64
     * Migrates to the new format using DataStore of StoredCredential.
65
     * @param credentialDataStore credential data store for migration target
66
     * @throws IOException if migration fails
67
     */
68
    public final void migrateTo(DataStore<StoredCredential> credentialDataStore) throws IOException;
69
    
70
    /**
71
     * Returns whether the given file is a symbolic link.
72
     * @param file file to check for symbolic link
73
     * @return true if file is a symbolic link, false otherwise
74
     * @throws IOException if file system check fails
75
     */
76
    protected boolean isSymbolicLink(File file) throws IOException;
77
}
78
```
79


80
**Usage Example (Deprecated):**
81


82
```java
83
import com.google.api.client.extensions.java6.auth.oauth2.FileCredentialStore;
84
import com.google.api.client.json.gson.GsonFactory;
85
import java.io.File;
86


87
// Create credential store (deprecated approach)
88
File credentialFile = new File(System.getProperty("user.home"), ".oauth_credentials");
89
FileCredentialStore store = new FileCredentialStore(credentialFile, GsonFactory.getDefaultInstance());
90


91
// Store credential
92
Credential credential = // ... obtained from OAuth flow
93
store.store("user123", credential);
94


95
// Load credential
96
Credential loadedCredential = new Credential.Builder(BearerToken.authorizationHeaderAccessMethod())
97
    .setTransport(httpTransport)
98
    .setJsonFactory(jsonFactory)
99
    .setTokenServerUrl(tokenServerUrl)
100
    .setClientAuthentication(clientAuthentication)
101
    .build();
102
    
103
boolean found = store.load("user123", loadedCredential);
104
if (found) {
105
    System.out.println("Credential loaded successfully");
106
}
107
```
108


109
### FilePersistedCredentials
110


111
Internal container class that manages multiple user credentials in a single file.
112


113
```java { .api }
114
/**
115
 * Persisted credential implementation to be used exclusively with FileCredentialStore.
116
 * @deprecated Use FileDataStoreFactory instead
117
 */
118
@Deprecated
119
@Beta
120
public class FilePersistedCredentials extends GenericJson {
121
    
122
    // Package-visible methods used internally by FileCredentialStore
123
    void store(String userId, Credential credential);
124
    boolean load(String userId, Credential credential);
125
    void delete(String userId);
126
    void migrateTo(DataStore<StoredCredential> typedDataStore) throws IOException;
127
    
128
    // Inherited from GenericJson
129
    @Override
130
    public FilePersistedCredentials set(String fieldName, Object value);
131
    
132
    @Override
133
    public FilePersistedCredentials clone();
134
}
135
```
136


137
### FilePersistedCredential
138


139
Individual credential representation used within the file storage system.
140


141
```java { .api }
142
/**
143
 * Persisted credential implementation to be used exclusively with FileCredentialStore.
144
 * @deprecated Use FileDataStoreFactory instead
145
 */
146
@Deprecated
147
@Beta
148
public class FilePersistedCredential extends GenericJson {
149
    
150
    // Package-visible methods used internally
151
    void store(Credential credential);
152
    void load(Credential credential);
153
    StoredCredential toStoredCredential();
154
    
155
    // Inherited from GenericJson
156
    @Override
157
    public FilePersistedCredential set(String fieldName, Object value);
158
    
159
    @Override
160
    public FilePersistedCredential clone();
161
}
162
```
163


164
## Migration Guide
165


166
### From FileCredentialStore to FileDataStoreFactory
167


168
**Old (Deprecated) Approach:**
169


170
```java
171
// Deprecated approach
172
File credentialFile = new File(".oauth_credentials");
173
FileCredentialStore store = new FileCredentialStore(credentialFile, jsonFactory);
174


175
AuthorizationCodeFlow flow = new AuthorizationCodeFlow.Builder(
176
    // ... other parameters
177
    ).setCredentialStore(store)
178
    .build();
179
```
180


181
**New (Recommended) Approach:**
182


183
```java
184
// Recommended approach
185
File dataStoreDir = new File(System.getProperty("user.home"), ".credentials");
186
FileDataStoreFactory dataStoreFactory = new FileDataStoreFactory(dataStoreDir);
187
DataStore<StoredCredential> dataStore = StoredCredential.getDefaultDataStore(dataStoreFactory);
188


189
AuthorizationCodeFlow flow = new AuthorizationCodeFlow.Builder(
190
    // ... other parameters
191
    ).setCredentialDataStore(dataStore)
192
    .build();
193
```
194


195
### Migration Utility
196


197
Use the built-in migration methods to transfer existing credentials:
198


199
```java
200
// Migrate existing FileCredentialStore to new format
201
FileCredentialStore oldStore = new FileCredentialStore(oldFile, jsonFactory);
202
FileDataStoreFactory newDataStoreFactory = new FileDataStoreFactory(newDataDirectory);
203


204
// Perform migration
205
oldStore.migrateTo(newDataStoreFactory);
206


207
// Or migrate to specific DataStore
208
DataStore<StoredCredential> newDataStore = StoredCredential.getDefaultDataStore(newDataStoreFactory);
209
oldStore.migrateTo(newDataStore);
210
```
211


212
## File Format
213


214
The deprecated file credential store uses JSON format:
215


216
```json
217
{
218
  "credentials": {
219
    "user123": {
220
      "access_token": "ya29.a0AfH6SMC...",
221
      "refresh_token": "1//04...",
222
      "expiration_time_millis": 1635724800000
223
    },
224
    "user456": {
225
      "access_token": "ya29.a0AfH6SMD...",
226
      "refresh_token": "1//05...",
227
      "expiration_time_millis": 1635728400000
228
    }
229
  }
230
}
231
```
232


233
## Security Considerations
234


235
### File Permissions
236
The deprecated `FileCredentialStore` attempts to set restrictive file permissions:
237
- Readable and writable by owner only
238
- Not accessible by other users (on Unix-like systems)
239
- Warns if permission changes fail
240


241
### Symbolic Link Protection
242
The store checks for and rejects symbolic links to prevent security vulnerabilities.
243


244
### Windows Compatibility
245
File permission restrictions may not work on Windows systems. Consider additional security measures for sensitive credentials.
246


247
## Limitations of Deprecated Storage
248


249
1. **Single File**: All credentials stored in one file, creating a single point of failure
250
2. **Limited Concurrency**: File locking may cause issues with concurrent access
251
3. **No Built-in Encryption**: Credentials stored in plain text JSON
252
4. **Platform Dependencies**: File permission handling varies by operating system
253
5. **No Automatic Cleanup**: Expired credentials are not automatically removed
254


255
## Why FileDataStoreFactory is Better
256


257
1. **Per-User Files**: Each credential stored in separate file for better isolation
258
2. **Better Concurrency**: Improved handling of concurrent access
259
3. **Consistent API**: Unified with other Google Client Library storage mechanisms
260
4. **Future-Proof**: Actively maintained and enhanced
261
5. **Type Safety**: Strongly typed with `StoredCredential` class