Lines Matching +full:application +full:- +full:default +full:- +full:credentials
5 [](http://github.com/badges/stab…
6 …n-central/v/com.google.auth/google-auth-library-credentials.svg)](https://img.shields.io/maven-cen…
8 - [API Documentation](https://googleapis.dev/java/google-auth-library/latest)
12 - [*google-auth-library-credentials*](#google-auth-library-credentials): contains base classes and
13 interfaces for Google credentials
14 - [*google-auth-library-appengine*](#google-auth-library-appengine): contains App Engine
15 credentials. This artifact depends on the App Engine SDK.
16 - [*google-auth-library-oauth2-http*](#google-auth-library-oauth2-http): contains a wide variety of
17 credentials as well as utility methods to create them and to get Application Default Credentials
24 * [google-auth-library-oauth2-http](#google-auth-library-oauth2-http)
25 * [Application Default Credentials](#application-default-credentials)
27 * [Workload Identity Federation](#workload-identity-federation)
28 * [Accessing resources from AWS](#accessing-resources-from-aws)
29 * [Accessing resources from Azure](#access-resources-from-microsoft-azure)
30 …cessing resources from an OIDC identity provider](#accessing-resources-from-an-oidc-identity-provi…
31 …* [Accessing resources using Executable-sourced credentials](#using-executable-sourced-credentials…
32 * [Configurable Token Lifetime](#configurable-token-lifetime)
33 * [Workforce Identity Federation](#workforce-identity-federation)
34 …sing an OIDC or SAML 2.0 identity provider](#accessing-resources-using-an-oidc-or-saml-20-identity…
35 …rnal account authorized user workforce credentials](#using-external-account-authorized-user-workfo…
36 …cessing resources using Executable-sourced credentials](#using-executable-sourced-workforce-creden…
37 * [Downscoping with Credential Access Boundaries](#downscoping-with-credential-access-boundaries)
38 * [Configuring a Proxy](#configuring-a-proxy)
39 * [Using Credentials with google-http-client](#using-credentials-with-google-http-client)
40 * [Verifying JWT Tokens](#verifying-a-signature)
41 * [google-auth-library-credentials](#google-auth-library-credentials)
42 * [google-auth-library-appengine](#google-auth-library-appengine)
43 * [CI Status](#ci-status)
51 `google-auth-library-oauth2-http` with any of `google-auth-library-credentials` and
52 `google-auth-library-appengine`, depending on your application needs):
54 [//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
59 <artifactId>google-auth-library-oauth2-http</artifactId>
63 [//]: # ({x-version-update-end})
68 [//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
70 implementation 'com.google.auth:google-auth-library-oauth2-http:1.19.0'
72 [//]: # ({x-version-update-end})
76 [//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
78 libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "1.19.0"
80 [//]: # ({x-version-update-end})
82 ## google-auth-library-oauth2-http
84 ### Application Default Credentials
87 [Application Default Credentials](https://cloud.google.com/docs/authentication/application-default-…
88 for Java. Application Default Credentials provide a simple way to get authorization
89 credentials for use in calling Google APIs.
92 authorization level for the application independent of the user. This is the recommended
93 approach to authorize calls to Cloud APIs, particularly when you're building an application
96 Application Default Credentials also support workload identity federation to access
97 Google Cloud resources from non-Google Cloud platforms including Amazon Web Services (AWS),
99 identity federation is recommended for non-Google Cloud environments as it avoids the
101 [Workload Identity Federation](#workload-identity-federation).
103 #### Getting Application Default Credentials argument
105 To get Application Default Credentials use `GoogleCredentials.getApplicationDefault()` or
107 Application Default Credentials which are used to identify and authorize the whole application. The
108 following are searched (in order) to find the Application Default Credentials:
110 1. Credentials file pointed to by the `GOOGLE_APPLICATION_CREDENTIALS` environment variable
111 2. Credentials provided by the Google Cloud SDK `gcloud auth application-default login` command
112 3. Google App Engine built-in credentials
113 4. Google Cloud Shell built-in credentials
114 5. Google Compute Engine built-in credentials
115 - Skip this check by setting the environment variable `NO_GCE_CHECK=true`
116 …- Customize the GCE metadata server address by setting the environment variable `GCE_METADATA_HOST…
120 To get Credentials from a Service Account JSON key use `GoogleCredentials.fromStream(InputStream)`
121 or `GoogleCredentials.fromStream(InputStream, HttpTransportFactory)`. Note that the credentials must
125 GoogleCredentials credentials = GoogleCredentials.fromStream(new FileInputStream("/path/to/credenti…
126 credentials.refreshIfExpired();
127 AccessToken token = credentials.getAccessToken();
129 AccessToken token = credentials.refreshAccessToken();
134 Allows a credentials issued to a user or service account to
147 "impersonated-[email protected]", null,
150 Storage storage_service = StorageOptions.newBuilder().setProjectId("project-id")
159 Using workload identity federation, your application can access Google Cloud resources from
172 - A workload identity pool needs to be created.
173 - AWS needs to be added as an identity provider in the workload identity pool (the Google [organiza…
174 - Permission to impersonate a service account needs to be granted to the external identity.
176 Follow the detailed [instructions](https://cloud.google.com/iam/docs/access-resources-aws) on how to
181 configuration file contains non-sensitive metadata to instruct the library on how to
189 gcloud iam workload-identity-pools create-cred-config \
191 --service-account $SERVICE_ACCOUNT_EMAIL \
192 --aws \
193 --output-file /path/to/generated/config.json
197 - `$PROJECT_NUMBER`: The Google Cloud project number.
198 - `$POOL_ID`: The workload identity pool ID.
199 - `$AWS_PROVIDER_ID`: The AWS provider ID.
200 - `$SERVICE_ACCOUNT_EMAIL`: The email of the service account to impersonate.
204 …ring-instance-metadata-service.html), an additional flag `--enable-imdsv2` needs to be added to th…
207 gcloud iam workload-identity-pools create-cred-config \
209 --service-account $SERVICE_ACCOUNT_EMAIL \
210 --aws \
211 --output-file /path/to/generated/config.json \
212 --enable-imdsv2
215 You can now [use the Auth library](#using-external-identities) to call Google Cloud
222 - A workload identity pool needs to be created.
223 - Azure needs to be added as an identity provider in the workload identity pool (the Google [organi…
224 - The Azure tenant needs to be configured for identity federation.
225 - Permission to impersonate a service account needs to be granted to the external identity.
227 Follow the detailed [instructions](https://cloud.google.com/iam/docs/access-resources-azure) on how
232 configuration file contains non-sensitive metadata to instruct the library on how to
240 gcloud iam workload-identity-pools create-cred-config \
242 --service-account $SERVICE_ACCOUNT_EMAIL \
243 --azure \
244 --output-file /path/to/generated/config.json
248 - `$PROJECT_NUMBER`: The Google Cloud project number.
249 - `$POOL_ID`: The workload identity pool ID.
250 - `$AZURE_PROVIDER_ID`: The Azure provider ID.
251 - `$SERVICE_ACCOUNT_EMAIL`: The email of the service account to impersonate.
255 You can now [use the Auth library](#using-external-identities) to call Google Cloud
261 - A workload identity pool needs to be created.
262 - An OIDC identity provider needs to be added in the workload identity pool (the Google [organizati…
263 - Permission to impersonate a service account needs to be granted to the external identity.
265 Follow the detailed [instructions](https://cloud.google.com/iam/docs/access-resources-oidc) on how
270 configuration file contains non-sensitive metadata to instruct the library on how to
275 (file-sourced credentials) or from a local server (URL-sourced credentials).
277 **File-sourced credentials**
278 For file-sourced credentials, a background process needs to be continuously refreshing the file
283 To generate a file-sourced OIDC configuration, run the following command:
286 # Generate an OIDC configuration file for file-sourced credentials.
287 gcloud iam workload-identity-pools create-cred-config \
289 --service-account $SERVICE_ACCOUNT_EMAIL \
290 --credential-source-file $PATH_TO_OIDC_ID_TOKEN \
291 # Optional arguments for file types. Default is "text":
292 # --credential-source-type "json" \
295 # --credential-source-field-name "id_token" \
296 --output-file /path/to/generated/config.json
300 - `$PROJECT_NUMBER`: The Google Cloud project number.
301 - `$POOL_ID`: The workload identity pool ID.
302 - `$OIDC_PROVIDER_ID`: The OIDC provider ID.
303 - `$SERVICE_ACCOUNT_EMAIL`: The email of the service account to impersonate.
304 - `$PATH_TO_OIDC_ID_TOKEN`: The file path used to retrieve the OIDC token.
308 **URL-sourced credentials**
309 For URL-sourced credentials, a local server needs to host a GET endpoint to return the OIDC token.
313 To generate a URL-sourced OIDC workload identity configuration, run the following command:
316 # Generate an OIDC configuration file for URL-sourced credentials.
317 gcloud iam workload-identity-pools create-cred-config \
319 --service-account $SERVICE_ACCOUNT_EMAIL \
320 --credential-source-url $URL_TO_GET_OIDC_TOKEN \
321 --credential-source-headers $HEADER_KEY=$HEADER_VALUE \
322 # Optional arguments for file types. Default is "text":
323 # --credential-source-type "json" \
326 # --credential-source-field-name "id_token" \
327 --output-file /path/to/generated/config.json
331 - `$PROJECT_NUMBER`: The Google Cloud project number.
332 - `$POOL_ID`: The workload identity pool ID.
333 - `$OIDC_PROVIDER_ID`: The OIDC provider ID.
334 - `$SERVICE_ACCOUNT_EMAIL`: The email of the service account to impersonate.
335 - `$URL_TO_GET_OIDC_TOKEN`: The URL of the local server endpoint to call to retrieve the OIDC token.
336 - `$HEADER_KEY` and `$HEADER_VALUE`: The additional header key/value pairs to pass along the GET
337 request to `$URL_TO_GET_OIDC_TOKEN`, e.g. `Metadata-Flavor=Google`.
339 You can now [use the Auth library](#using-external-identities) to call Google Cloud
342 #### Using Executable-sourced credentials with OIDC and SAML
344 **Executable-sourced credentials**
345 For executable-sourced credentials, a local executable is used to retrieve the 3rd party token.
349 To use executable-sourced credentials, the `GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES`
352 To generate an executable-sourced workload identity configuration, run the following command:
355 # Generate a configuration file for executable-sourced credentials.
356 gcloud iam workload-identity-pools create-cred-config \
358 --service-account=$SERVICE_ACCOUNT_EMAIL \
359 --subject-token-type=$SUBJECT_TOKEN_TYPE \
361 # e.g. --executable-command="/path/to/command --foo=bar"
362 --executable-command=$EXECUTABLE_COMMAND \
364 # --executable-timeout-millis=$EXECUTABLE_TIMEOUT \
367 # --executable-output-file=$EXECUTABLE_OUTPUT_FILE \
368 --output-file /path/to/generated/config.json
371 - `$PROJECT_NUMBER`: The Google Cloud project number.
372 - `$POOL_ID`: The workload identity pool ID.
373 - `$PROVIDER_ID`: The OIDC or SAML provider ID.
374 - `$SERVICE_ACCOUNT_EMAIL`: The email of the service account to impersonate.
375 - `$SUBJECT_TOKEN_TYPE`: The subject token type.
376 - `$EXECUTABLE_COMMAND`: The full command to run, including arguments. Must be an absolute path to …
378 The `--executable-timeout-millis` flag is optional. This is the duration for which
383 The `--executable-output-file` flag is optional. If provided, the file path must
385 for caching the credentials. By specifying this path, the Auth libraries will first
388 until the cached credentials in the output file are expired. The executable must
389 handle writing to this file - the auth libraries will only attempt to read from
402 "token_type": "urn:ietf:params:oauth:token-type:id_token",
413 "token_type": "urn:ietf:params:oauth:token-type:saml2",
438 non-zero value.
439 * `token_type`: The 3rd party subject token type. Must be *urn:ietf:params:oauth:token-type:jwt*,
440 *urn:ietf:params:oauth:token-type:id_token*, or *urn:ietf:params:oauth:token-type:saml2*.
459 These environment variables can be used by the executable to avoid hard-coding these values.
463 …* Access to the script should be restricted as it will be displaying credentials to stdout. This e…
466 Given the complexity of using executable-sourced credentials, it is recommended to use
467 the existing supported mechanisms (file-sourced/URL-sourced) for providing 3rd party
468 credentials unless they do not meet your specific requirements.
470 You can now [use the Auth library](#using-external-identities) to call Google Cloud
479 gcloud iam workload-identity-pools create-cred-config \
481 --service-account $SERVICE_ACCOUNT_EMAIL \
482 --aws \
483 --output-file /path/to/generated/config.json \
484 --service-account-token-lifetime-seconds $TOKEN_LIFETIME
488 - `$PROJECT_NUMBER`: The Google Cloud project number.
489 - `$POOL_ID`: The workload identity pool ID.
490 - `$AWS_PROVIDER_ID`: The AWS provider ID.
491 - `$SERVICE_ACCOUNT_EMAIL`: The email of the service account to impersonate.
492 - `$TOKEN_LIFETIME`: The desired lifetime duration of the service account access token in seconds.
494 The `service-account-token-lifetime-seconds` flag is optional. If not provided, this defaults to on…
502 [Workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation) le…
505 extends Google Cloud's identity capabilities to support syncless, attribute-based single sign on.
515 - A workforce identity pool needs to be created.
516 - An OIDC or SAML 2.0 identity provider needs to be added in the workforce pool.
518 …ailed [instructions](https://cloud.google.com/iam/docs/configuring-workforce-identity-federation) …
522 file needs to be generated. The generated credential configuration file contains non-sensitive meta…
527 (file-sourced credentials), from a local server (URL-sourced credentials) or by calling an executab…
528 (executable-sourced credentials).
530 **File-sourced credentials**
531 For file-sourced credentials, a background process needs to be continuously refreshing the file
536 To generate a file-sourced OIDC configuration, run the following command:
539 # Generate an OIDC configuration file for file-sourced credentials.
540 gcloud iam workforce-pools create-cred-config \
542 --subject-token-type=urn:ietf:params:oauth:token-type:id_token \
543 --credential-source-file=$PATH_TO_OIDC_ID_TOKEN \
544 --workforce-pool-user-project=$WORKFORCE_POOL_USER_PROJECT \
545 # Optional arguments for file types. Default is "text":
546 # --credential-source-type "json" \
549 # --credential-source-field-name "id_token" \
550 --output-file=/path/to/generated/config.json
553 - `$WORKFORCE_POOL_ID`: The workforce pool ID.
554 - `$PROVIDER_ID`: The provider ID.
555 - `$PATH_TO_OIDC_ID_TOKEN`: The file path used to retrieve the OIDC token.
556 - `$WORKFORCE_POOL_USER_PROJECT`: The project number associated with the [workforce pools user proj…
558 To generate a file-sourced SAML configuration, run the following command:
561 # Generate a SAML configuration file for file-sourced credentials.
562 gcloud iam workforce-pools create-cred-config \
564 --credential-source-file=$PATH_TO_SAML_ASSERTION \
565 --subject-token-type=urn:ietf:params:oauth:token-type:saml2 \
566 --workforce-pool-user-project=$WORKFORCE_POOL_USER_PROJECT \
567 --output-file=/path/to/generated/config.json
571 - `$WORKFORCE_POOL_ID`: The workforce pool ID.
572 - `$PROVIDER_ID`: The provider ID.
573 - `$PATH_TO_SAML_ASSERTION`: The file path used to retrieve the base64-encoded SAML assertion.
574 - `$WORKFORCE_POOL_USER_PROJECT`: The project number associated with the [workforce pools user proj…
578 **URL-sourced credentials**
579 For URL-sourced credentials, a local server needs to host a GET endpoint to return the OIDC token.
583 To generate a URL-sourced OIDC workforce identity configuration, run the following command:
586 # Generate an OIDC configuration file for URL-sourced credentials.
587 gcloud iam workforce-pools create-cred-config \
589 --subject-token-type=urn:ietf:params:oauth:token-type:id_token \
590 --credential-source-url=$URL_TO_RETURN_OIDC_ID_TOKEN \
591 --credential-source-headers $HEADER_KEY=$HEADER_VALUE \
592 --workforce-pool-user-project=$WORKFORCE_POOL_USER_PROJECT \
593 --output-file=/path/to/generated/config.json
597 - `$WORKFORCE_POOL_ID`: The workforce pool ID.
598 - `$PROVIDER_ID`: The provider ID.
599 - `$URL_TO_RETURN_OIDC_ID_TOKEN`: The URL of the local server endpoint.
600 - `$HEADER_KEY` and `$HEADER_VALUE`: The additional header key/value pairs to pass along the GET re…
601 `$URL_TO_GET_OIDC_TOKEN`, e.g. `Metadata-Flavor=Google`.
602 - `$WORKFORCE_POOL_USER_PROJECT`: The project number associated with the [workforce pools user proj…
604 To generate a URL-sourced SAML configuration, run the following command:
607 # Generate a SAML configuration file for file-sourced credentials.
608 gcloud iam workforce-pools create-cred-config \
610 --subject-token-type=urn:ietf:params:oauth:token-type:saml2 \
611 --credential-source-url=$URL_TO_GET_SAML_ASSERTION \
612 --credential-source-headers $HEADER_KEY=$HEADER_VALUE \
613 --workforce-pool-user-project=$WORKFORCE_POOL_USER_PROJECT \
614 --output-file=/path/to/generated/config.json
620 - `$WORKFORCE_POOL_ID`: The workforce pool ID.
621 - `$PROVIDER_ID`: The provider ID.
622 - `$URL_TO_GET_SAML_ASSERTION`: The URL of the local server endpoint.
623 - `$HEADER_KEY` and `$HEADER_VALUE`: The additional header key/value pairs to pass along the GET re…
624 `$URL_TO_GET_SAML_ASSERTION`, e.g. `Metadata-Flavor=Google`.
625 - `$WORKFORCE_POOL_USER_PROJECT`: The project number associated with the [workforce pools user proj…
627 #### Using external account authorized user workforce credentials
629 …ount authorized user credentials](https://cloud.google.com/iam/docs/workforce-obtaining-short-live…
635 gcloud auth application-default login --login-config=$LOGIN_CONFIG
639 - `$LOGIN_CONFIG`: The login config file generated with the cloud console or
640 …[gcloud iam workforce-pools create-login-config](https://cloud.google.com/sdk/gcloud/reference/iam…
647 Note that the default lifetime of the refresh token is one hour, after which a new configuration wi…
650 #### Using Executable-sourced workforce credentials with OIDC and SAML
652 **Executable-sourced credentials**
653 For executable-sourced credentials, a local executable is used to retrieve the 3rd party token.
657 To use executable-sourced credentials, the `GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES`
660 To generate an executable-sourced workforce identity configuration, run the following command:
663 # Generate a configuration file for executable-sourced credentials.
664 gcloud iam workforce-pools create-cred-config \
666 --subject-token-type=$SUBJECT_TOKEN_TYPE \
668 # e.g. --executable-command="/path/to/command --foo=bar"
669 --executable-command=$EXECUTABLE_COMMAND \
671 # --executable-timeout-millis=$EXECUTABLE_TIMEOUT \
674 # --executable-output-file=$EXECUTABLE_OUTPUT_FILE \
675 --workforce-pool-user-project=$WORKFORCE_POOL_USER_PROJECT \
676 --output-file /path/to/generated/config.json
679 - `$WORKFORCE_POOL_ID`: The workforce pool ID.
680 - `$PROVIDER_ID`: The provider ID.
681 - `$SUBJECT_TOKEN_TYPE`: The subject token type.
682 - `$EXECUTABLE_COMMAND`: The full command to run, including arguments. Must be an absolute path to …
683 - `$WORKFORCE_POOL_USER_PROJECT`: The project number associated with the [workforce pools user proj…
685 The `--executable-timeout-millis` flag is optional. This is the duration for which
690 The `--executable-output-file` flag is optional. If provided, the file path must
692 for caching the credentials. By specifying this path, the Auth libraries will first
695 until the cached credentials in the output file are expired. The executable must
696 handle writing to this file - the auth libraries will only attempt to read from
704 … the [using executable-sourced credentials with Workload Identity Federation](#using-executable-so…
709 * Access to the script should be restricted as it will be displaying credentials to stdout. This en…
712 Given the complexity of using executable-sourced credentials, it is recommended to use
713 the existing supported mechanisms (file-sourced/URL-sourced) for providing 3rd party
714 credentials unless they do not meet your specific requirements.
716 You can now [use the Auth library](#using-external-identities) to call Google Cloud
721 External identities can be used with `Application Default Credentials`. In order to use external id…
722 Application Default Credentials, you need to generate the JSON credentials configuration file for y…
729 The library can now choose the right type of client and initialize credentials from the context
735 String projectId = "your-project-id";
752 ExternalAccountCredentials credentials =
753 ExternalAccountCredentials.fromStream(new FileInputStream("/path/to/credentials.json"));
765 …redential Access Boundaries](https://cloud.google.com/iam/docs/downscoping-short-lived-credentials)
767 that a short-lived credential can use for Cloud Storage.
772 are available on each resource. Using downscoped credentials ensures tokens in flight always have
777 "customer-a" in bucket "bucket-123":
780 String availableResource = "//storage.googleapis.com/projects/_/buckets/bucket-123";
782 String expression = "resource.name.startsWith('projects/_/buckets/bucket-123/objects/customer-a')";
798 credentials from higher access source credentials and pass the downscoped short-lived access tokens
804 // Retrieve the source credentials from ADC.
806 .createScoped("https://www.googleapis.com/auth/cloud-platform");
811 .setSourceCredential(credentials)
824 The broker will instantiate downscoped credentials instances that can be used to generate short
829 // Retrieve the source credentials from ADC.
831 .createScoped("https://www.googleapis.com/auth/cloud-platform");
834 // access to objects starting with "customer-a" in bucket "bucket-123".
835 String availableResource = "//storage.googleapis.com/projects/_/buckets/bucket-123";
837 String expression = "resource.name.startsWith('projects/_/buckets/bucket-123/objects/customer-a')";
850 .setSourceCredential(credentials)
881 OAuth2CredentialsWithRefresh credentials =
887 // Use the credentials with the Cloud Storage SDK.
888 StorageOptions options = StorageOptions.newBuilder().setCredentials(credentials).build();
893 // starting with "customer-a" in bucket "bucket-123".
906 [`HttpTransportFactory`][http-transport-factory] to [`GoogleCredentials`][google-credentials]:
928 "some-host", 8080, "some-username", "some-password"
961 The above example requires `com.google.http-client:google-http-client-apache-v2`.
963 ## Using Credentials with `google-http-client`
965 Credentials provided by [com.google.auth:google-auth-library-oauth2-http](
966 https://search.maven.org/artifact/com.google.auth/google-auth-library-oauth2-http)
967 can be used with Google's [HTTP-based clients][apiary-clients].
968 We provide a [`HttpCredentialsAdapter`][http-credentials-adapter] which can be used
969 as an [`HttpRequestInitializer`][http-request-initializer], the last argument for
978 GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();
979 HttpRequestInitializer requestInitializer = new HttpCredentialsAdapter(credentials);
988 To verify a JWT token, use the [`TokenVerifier`][token-verifier] class.
992 To verify a signature, use the default [`TokenVerifier`][token-verifier]:
1002 if (!"expected-value".equals(jsonWebSignature.getPayload().get("additional-claim"))) {
1012 To customize a [`TokenVerifier`][token-verifier], instantiate it via its builder:
1019 .setAudience("audience-to-verify")
1020 .setIssuer("issuer-to-verify")
1025 if (!"expected-value".equals(jsonWebSignature.getPayload().get("additional-claim"))) {
1033 For more options, see the [`TokenVerifier.Builder`][token-verifier-builder] documentation.
1036 ## google-auth-library-credentials
1038 This artifact contains base classes and interfaces for Google credentials:
1039 - `Credentials`: base class for an authorized identity. Implementations of this class can be used to
1040 authorize your application
1041 - `RequestMetadataCallback`: interface for the callback that receives the result of the asynchronous
1042 `Credentials.getRequestMetadata(URI, Executor, RequestMetadataCallback)`
1043 - `ServiceAccountSigner`: interface for a service account signer. Implementations of this class are
1044 capable of signing byte arrays using the credentials associated to a Google Service Account
1046 ## google-auth-library-appengine
1048 This artifact depends on the App Engine SDK (`appengine-api-1.0-sdk`) and should be used only by
1050 allows you to authorize your App Engine application given an instance of
1051 [AppIdentityService][appengine-app-identity-service].
1058 import com.google.auth.Credentials;
1063 Credentials credentials =
1076 ------------ | ------
1077 …oud-devrel-public/java/badges/google-auth-library-java/java8.svg)](http://storage.googleapis.com/c…
1078 …-devrel-public/java/badges/google-auth-library-java/java8-osx.svg)](http://storage.googleapis.com/…
1079 …-devrel-public/java/badges/google-auth-library-java/java8-win.svg)](http://storage.googleapis.com/…
1080 …oud-devrel-public/java/badges/google-auth-library-java/java11.svg)](http://storage.googleapis.com/…
1104 BSD 3-Clause - See [LICENSE](LICENSE) for more information.
1106 [appengine-sdk-versions]: https://search.maven.org/search?q=g:com.google.appengine%20AND%20a:appeng…
1107 [appengine-sdk-install]: https://github.com/googleapis/google-auth-library-java/blob/main/README.md…
1108 [appengine-app-identity-service]: https://cloud.google.com/appengine/docs/java/javadoc/com/google/a…
1109 [apiary-clients]: https://search.maven.org/search?q=g:com.google.apis
1110 [http-credentials-adapter]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/g…
1111 [http-request-initializer]: https://googleapis.dev/java/google-http-client/latest/index.html?com/go…
1112 [token-verifier]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/google/auth…
1113 [token-verifier-builder]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/goo…
1114 [http-transport-factory]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/goo…
1115 [google-credentials]: https://googleapis.dev/java/google-auth-library/latest/index.html?com/google/…