Package com.google.api.client.auth.oauth2

Class Credential

  • All Implemented Interfaces:
    com.google.api.client.http.HttpExecuteInterceptor, com.google.api.client.http.HttpRequestInitializer, com.google.api.client.http.HttpUnsuccessfulResponseHandler
    public class Credential
extends Object
implements com.google.api.client.http.HttpExecuteInterceptor, com.google.api.client.http.HttpRequestInitializer, com.google.api.client.http.HttpUnsuccessfulResponseHandler
    Thread-safe OAuth 2.0 helper for accessing protected resources using an access token, as well as optionally refreshing the access token when it expires using a refresh token.

    Sample usage: 

      public static Credential createCredentialWithAccessTokenOnly(
      HttpTransport transport, JsonFactory jsonFactory, TokenResponse tokenResponse) {
    return new Credential(BearerToken.authorizationHeaderAccessMethod()).setFromTokenResponse(
        tokenResponse);
  }

  public static Credential createCredentialWithRefreshToken(
      HttpTransport transport, JsonFactory jsonFactory, TokenResponse tokenResponse) {
    return new Credential.Builder(BearerToken.authorizationHeaderAccessMethod()).setTransport(
        transport)
        .setJsonFactory(jsonFactory)
        .setTokenServerUrl(
            new GenericUrl("https://server.example.com/token"))
        .setClientAuthentication(new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"))
        .build()
        .setFromTokenResponse(tokenResponse);
  }

    If you need to persist the access token in a data store, use DataStoreFactory and Credential.Builder.addRefreshListener(CredentialRefreshListener) with DataStoreCredentialRefreshListener.

    If you have a custom request initializer, request execute interceptor, or unsuccessful response handler, take a look at the sample usage for HttpExecuteInterceptor and HttpUnsuccessfulResponseHandler, which are interfaces that this class also implements.

    Since:
    1.7
    Author:
    Yaniv Inbar

    • Constructor Detail

      • Credential

        public Credential​(Credential.AccessMethod method)
        Constructor with the ability to access protected resources, but not refresh tokens.

        To use with the ability to refresh tokens, use Credential.Builder.

        Parameters:
        method - method of presenting the access token to the resource server (for example BearerToken.AuthorizationHeaderAccessMethod)

      • Credential

        protected Credential​(Credential.Builder builder)
        Parameters:
        builder - credential builder
        Since:
        1.14

    • Method Detail

      • handleResponse

        public boolean handleResponse​(com.google.api.client.http.HttpRequest request,
                              com.google.api.client.http.HttpResponse response,
                              boolean supportsRetry)

        Default implementation checks if WWW-Authenticate exists and contains a "Bearer" value (see rfc6750 section 3.1 for more details). If so, it calls refreshToken in case the error code contains invalid_token. If there is no "Bearer" in WWW-Authenticate and the status code is HttpStatusCodes.STATUS_CODE_UNAUTHORIZED it calls refreshToken. If executeRefreshToken() throws an I/O exception, this implementation will log the exception and return false. Subclasses may override.

        Specified by:
        handleResponse in interface com.google.api.client.http.HttpUnsuccessfulResponseHandler

      • initialize

        public void initialize​(com.google.api.client.http.HttpRequest request)
                throws IOException
        Specified by:
        initialize in interface com.google.api.client.http.HttpRequestInitializer
        Throws:
        IOException

      • getAccessToken

        public final String getAccessToken()
        Returns the access token or null for none.

      • setAccessToken

        public Credential setAccessToken​(String accessToken)
        Sets the access token.

        Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

        Parameters:
        accessToken - access token or null for none

      • getMethod

        public final Credential.AccessMethod getMethod()
        Return the method of presenting the access token to the resource server (for example BearerToken.AuthorizationHeaderAccessMethod).

      • getClock

        public final com.google.api.client.util.Clock getClock()
        Returns the clock used for expiration checks by this Credential. Mostly used for unit-testing.
        Since:
        1.9

      • getTransport

        public final com.google.api.client.http.HttpTransport getTransport()
        Return the HTTP transport for executing refresh token request or null for none.

      • getJsonFactory

        public final com.google.api.client.json.JsonFactory getJsonFactory()
        Returns the JSON factory to use for parsing response for refresh token request or null for none.

      • getTokenServerEncodedUrl

        public final String getTokenServerEncodedUrl()
        Returns the encoded authorization server URL or null for none.

      • getRefreshToken

        public final String getRefreshToken()
        Returns the refresh token associated with the access token to be refreshed or null for none.

      • setRefreshToken

        public Credential setRefreshToken​(String refreshToken)
        Sets the refresh token.

        Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

        Parameters:
        refreshToken - refresh token or null for none

      • getExpirationTimeMilliseconds

        public final Long getExpirationTimeMilliseconds()
        Expected expiration time in milliseconds or null for none.

      • setExpirationTimeMilliseconds

        public Credential setExpirationTimeMilliseconds​(Long expirationTimeMilliseconds)
        Sets the expected expiration time in milliseconds or null for none.

        Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

      • getExpiresInSeconds

        public final Long getExpiresInSeconds()
        Returns the remaining lifetime in seconds of the access token (for example 3600 for an hour, or -3600 if expired an hour ago) or null if unknown.

      • setExpiresInSeconds

        public Credential setExpiresInSeconds​(Long expiresIn)
        Sets the lifetime in seconds of the access token (for example 3600 for an hour) or null for none.

        Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

        Parameters:
        expiresIn - lifetime in seconds of the access token (for example 3600 for an hour) or null for none

      • getClientAuthentication

        public final com.google.api.client.http.HttpExecuteInterceptor getClientAuthentication()
        Returns the client authentication or null for none.

      • getRequestInitializer

        public final com.google.api.client.http.HttpRequestInitializer getRequestInitializer()
        Returns the HTTP request initializer for refresh token requests to the token server or null for none.

      • setFromTokenResponse

        public Credential setFromTokenResponse​(TokenResponse tokenResponse)
        Sets the access token, refresh token (if available), and expires-in time based on the values from the token response.

        It does not call the refresh listeners.

        Overriding is only supported for the purpose of calling the super implementation and changing the return type, but nothing else.

        Parameters:
        tokenResponse - successful token response