CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-com-google-oauth-client--google-oauth-client-java6

Java 6+ extensions to the Google OAuth Client Library providing verification code receivers and credential persistence for OAuth 2.0 flows

Pending
Overview
Eval results
Files

file-credential-storage.mddocs/

File-Based Credential Storage (Deprecated)

Legacy file-based credential storage system for persisting OAuth 2.0 credentials across application restarts. These components are deprecated in favor of FileDataStoreFactory with StoredCredential.

⚠️ Deprecation Notice: All classes in this section are deprecated and will be removed in future versions. Use FileDataStoreFactory with StoredCredential instead.

Capabilities

FileCredentialStore

Thread-safe file implementation of a credential store that persists OAuth 2.0 credentials to disk in JSON format.

/**
 * Thread-safe file implementation of a credential store.
 * @deprecated Use FileDataStoreFactory with StoredCredential instead
 */
@Deprecated
@Beta
public class FileCredentialStore implements CredentialStore {
    
    /**
     * Creates a new file credential store.
     * @param file File to store user credentials
     * @param jsonFactory JSON factory to serialize user credentials
     * @throws IOException if file cannot be created or accessed
     */
    public FileCredentialStore(File file, JsonFactory jsonFactory) throws IOException;
    
    /**
     * Stores a credential for the specified user.
     * @param userId user ID to associate with the credential
     * @param credential credential to store
     * @throws IOException if storage fails
     */
    @Override
    public void store(String userId, Credential credential) throws IOException;
    
    /**
     * Loads a credential for the specified user.
     * @param userId user ID whose credential should be loaded
     * @param credential credential object to populate with stored values
     * @return true if credential was found and loaded, false otherwise
     */
    @Override
    public boolean load(String userId, Credential credential);
    
    /**
     * Deletes a credential for the specified user.
     * @param userId user ID whose credential should be deleted
     * @param credential credential object (not used in deletion)
     * @throws IOException if deletion fails
     */
    @Override
    public void delete(String userId, Credential credential) throws IOException;
    
    /**
     * Migrates to the new FileDataStoreFactory format.
     * @param dataStoreFactory file data store factory for migration target
     * @throws IOException if migration fails
     */
    public final void migrateTo(FileDataStoreFactory dataStoreFactory) throws IOException;
    
    /**
     * Migrates to the new format using DataStore of StoredCredential.
     * @param credentialDataStore credential data store for migration target
     * @throws IOException if migration fails
     */
    public final void migrateTo(DataStore<StoredCredential> credentialDataStore) throws IOException;
    
    /**
     * Returns whether the given file is a symbolic link.
     * @param file file to check for symbolic link
     * @return true if file is a symbolic link, false otherwise
     * @throws IOException if file system check fails
     */
    protected boolean isSymbolicLink(File file) throws IOException;
}

Usage Example (Deprecated):

import com.google.api.client.extensions.java6.auth.oauth2.FileCredentialStore;
import com.google.api.client.json.gson.GsonFactory;
import java.io.File;

// Create credential store (deprecated approach)
File credentialFile = new File(System.getProperty("user.home"), ".oauth_credentials");
FileCredentialStore store = new FileCredentialStore(credentialFile, GsonFactory.getDefaultInstance());

// Store credential
Credential credential = // ... obtained from OAuth flow
store.store("user123", credential);

// Load credential
Credential loadedCredential = new Credential.Builder(BearerToken.authorizationHeaderAccessMethod())
    .setTransport(httpTransport)
    .setJsonFactory(jsonFactory)
    .setTokenServerUrl(tokenServerUrl)
    .setClientAuthentication(clientAuthentication)
    .build();
    
boolean found = store.load("user123", loadedCredential);
if (found) {
    System.out.println("Credential loaded successfully");
}

FilePersistedCredentials

Internal container class that manages multiple user credentials in a single file.

/**
 * Persisted credential implementation to be used exclusively with FileCredentialStore.
 * @deprecated Use FileDataStoreFactory instead
 */
@Deprecated
@Beta
public class FilePersistedCredentials extends GenericJson {
    
    // Package-visible methods used internally by FileCredentialStore
    void store(String userId, Credential credential);
    boolean load(String userId, Credential credential);
    void delete(String userId);
    void migrateTo(DataStore<StoredCredential> typedDataStore) throws IOException;
    
    // Inherited from GenericJson
    @Override
    public FilePersistedCredentials set(String fieldName, Object value);
    
    @Override
    public FilePersistedCredentials clone();
}

FilePersistedCredential

Individual credential representation used within the file storage system.

/**
 * Persisted credential implementation to be used exclusively with FileCredentialStore.
 * @deprecated Use FileDataStoreFactory instead
 */
@Deprecated
@Beta
public class FilePersistedCredential extends GenericJson {
    
    // Package-visible methods used internally
    void store(Credential credential);
    void load(Credential credential);
    StoredCredential toStoredCredential();
    
    // Inherited from GenericJson
    @Override
    public FilePersistedCredential set(String fieldName, Object value);
    
    @Override
    public FilePersistedCredential clone();
}

Migration Guide

From FileCredentialStore to FileDataStoreFactory

Old (Deprecated) Approach:

// Deprecated approach
File credentialFile = new File(".oauth_credentials");
FileCredentialStore store = new FileCredentialStore(credentialFile, jsonFactory);

AuthorizationCodeFlow flow = new AuthorizationCodeFlow.Builder(
    // ... other parameters
    ).setCredentialStore(store)
    .build();

New (Recommended) Approach:

// Recommended approach
File dataStoreDir = new File(System.getProperty("user.home"), ".credentials");
FileDataStoreFactory dataStoreFactory = new FileDataStoreFactory(dataStoreDir);
DataStore<StoredCredential> dataStore = StoredCredential.getDefaultDataStore(dataStoreFactory);

AuthorizationCodeFlow flow = new AuthorizationCodeFlow.Builder(
    // ... other parameters
    ).setCredentialDataStore(dataStore)
    .build();

Migration Utility

Use the built-in migration methods to transfer existing credentials:

// Migrate existing FileCredentialStore to new format
FileCredentialStore oldStore = new FileCredentialStore(oldFile, jsonFactory);
FileDataStoreFactory newDataStoreFactory = new FileDataStoreFactory(newDataDirectory);

// Perform migration
oldStore.migrateTo(newDataStoreFactory);

// Or migrate to specific DataStore
DataStore<StoredCredential> newDataStore = StoredCredential.getDefaultDataStore(newDataStoreFactory);
oldStore.migrateTo(newDataStore);

File Format

The deprecated file credential store uses JSON format:

{
  "credentials": {
    "user123": {
      "access_token": "ya29.a0AfH6SMC...",
      "refresh_token": "1//04...",
      "expiration_time_millis": 1635724800000
    },
    "user456": {
      "access_token": "ya29.a0AfH6SMD...",
      "refresh_token": "1//05...",
      "expiration_time_millis": 1635728400000
    }
  }
}

Security Considerations

File Permissions

The deprecated FileCredentialStore attempts to set restrictive file permissions:

  • Readable and writable by owner only
  • Not accessible by other users (on Unix-like systems)
  • Warns if permission changes fail

Symbolic Link Protection

The store checks for and rejects symbolic links to prevent security vulnerabilities.

Windows Compatibility

File permission restrictions may not work on Windows systems. Consider additional security measures for sensitive credentials.

Limitations of Deprecated Storage

  1. Single File: All credentials stored in one file, creating a single point of failure
  2. Limited Concurrency: File locking may cause issues with concurrent access
  3. No Built-in Encryption: Credentials stored in plain text JSON
  4. Platform Dependencies: File permission handling varies by operating system
  5. No Automatic Cleanup: Expired credentials are not automatically removed

Why FileDataStoreFactory is Better

  1. Per-User Files: Each credential stored in separate file for better isolation
  2. Better Concurrency: Improved handling of concurrent access
  3. Consistent API: Unified with other Google Client Library storage mechanisms
  4. Future-Proof: Actively maintained and enhanced
  5. Type Safety: Strongly typed with StoredCredential class

Install with Tessl CLI

npx tessl i tessl/maven-com-google-oauth-client--google-oauth-client-java6

docs

authorization-flow.md

file-credential-storage.md

index.md

verification-receivers.md

tile.json