use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-docs-samples by GoogleCloudPlatform.
the class DownscopingExample method getTokenFromBroker.
/**
* Simulates token broker generating downscoped tokens for specified bucket.
*/
// [START auth_downscoping_token_broker]
public static AccessToken getTokenFromBroker(String bucketName, String objectPrefix) throws IOException {
// Retrieve the source credentials from ADC.
GoogleCredentials sourceCredentials = GoogleCredentials.getApplicationDefault().createScoped("https://www.googleapis.com/auth/cloud-platform");
// [START auth_downscoping_rules]
// Initialize the Credential Access Boundary rules.
String availableResource = "//storage.googleapis.com/projects/_/buckets/" + bucketName;
// Downscoped credentials will have readonly access to the resource.
String availablePermission = "inRole:roles/storage.objectViewer";
// Only objects starting with the specified prefix string in the object name will be allowed
// read access.
String expression = "resource.name.startsWith('projects/_/buckets/" + bucketName + "/objects/" + objectPrefix + "')";
// Build the AvailabilityCondition.
CredentialAccessBoundary.AccessBoundaryRule.AvailabilityCondition availabilityCondition = CredentialAccessBoundary.AccessBoundaryRule.AvailabilityCondition.newBuilder().setExpression(expression).build();
// Define the single access boundary rule using the above properties.
CredentialAccessBoundary.AccessBoundaryRule rule = CredentialAccessBoundary.AccessBoundaryRule.newBuilder().setAvailableResource(availableResource).addAvailablePermission(availablePermission).setAvailabilityCondition(availabilityCondition).build();
// Define the Credential Access Boundary with all the relevant rules.
CredentialAccessBoundary credentialAccessBoundary = CredentialAccessBoundary.newBuilder().addRule(rule).build();
// [END auth_downscoping_rules]
// [START auth_downscoping_initialize_downscoped_cred]
// Create the downscoped credentials.
DownscopedCredentials downscopedCredentials = DownscopedCredentials.newBuilder().setSourceCredential(sourceCredentials).setCredentialAccessBoundary(credentialAccessBoundary).build();
// Retrieve the token.
// This will need to be passed to the Token Consumer.
AccessToken accessToken = downscopedCredentials.refreshAccessToken();
// [END auth_downscoping_initialize_downscoped_cred]
return accessToken;
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-docs-samples by GoogleCloudPlatform.
the class DownscopingExample method tokenConsumer.
// [END auth_downscoping_token_broker]
/**
* Simulates token consumer readonly access to the specified object.
*/
// [START auth_downscoping_token_consumer]
public static void tokenConsumer(final String bucketName, final String objectName) throws IOException {
// You can pass an `OAuth2RefreshHandler` to `OAuth2CredentialsWithRefresh` which will allow the
// library to seamlessly handle downscoped token refreshes on expiration.
OAuth2CredentialsWithRefresh.OAuth2RefreshHandler handler = new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
@Override
public AccessToken refreshAccessToken() throws IOException {
// resources in the bucket is needed, this mechanism can be used.
return getTokenFromBroker(bucketName, objectName.substring(0, 3));
}
};
// Downscoped token retrieved from token broker.
AccessToken downscopedToken = handler.refreshAccessToken();
// Create the OAuth2CredentialsWithRefresh from the downscoped token and pass a refresh handler
// which will handle token expiration.
// This will allow the consumer to seamlessly obtain new downscoped tokens on demand every time
// token expires.
OAuth2CredentialsWithRefresh credentials = OAuth2CredentialsWithRefresh.newBuilder().setAccessToken(downscopedToken).setRefreshHandler(handler).build();
// Use the credentials with the Cloud Storage SDK.
StorageOptions options = StorageOptions.newBuilder().setCredentials(credentials).build();
Storage storage = options.getService();
// Call Cloud Storage APIs.
Blob blob = storage.get(bucketName, objectName);
String content = new String(blob.getContent());
System.out.println("Retrieved object, " + objectName + ", from bucket," + bucketName + ", with content: " + content);
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-docs-samples by GoogleCloudPlatform.
the class TraceSample method createAndRegisterWithToken.
// [END trace_setup_java_create_and_register]
// [START trace_setup_java_create_and_register_with_token]
public static void createAndRegisterWithToken(String accessToken) throws IOException {
Date expirationTime = DateTime.now().plusSeconds(60).toDate();
GoogleCredentials credentials = GoogleCredentials.create(new AccessToken(accessToken, expirationTime));
StackdriverTraceExporter.createAndRegister(StackdriverTraceConfiguration.builder().setProjectId("MyStackdriverProjectId").setCredentials(credentials).build());
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project google-auth-library-java by google.
the class AppEngineCredentials method refreshAccessToken.
/**
* Refresh the access token by getting it from the App Identity service
*/
@Override
public AccessToken refreshAccessToken() throws IOException {
if (createScopedRequired()) {
throw new IOException("AppEngineCredentials requires createScoped call before use.");
}
GetAccessTokenResult accessTokenResponse = appIdentityService.getAccessToken(scopes);
String accessToken = accessTokenResponse.getAccessToken();
Date expirationTime = accessTokenResponse.getExpirationTime();
return new AccessToken(accessToken, expirationTime);
}
use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project google-auth-library-java by google.
the class AppEngineCredentialsTest method refreshAccessToken_sameAs.
@Test
void refreshAccessToken_sameAs() throws IOException {
String expectedAccessToken = "ExpectedAccessToken";
MockAppIdentityService appIdentity = new MockAppIdentityService();
appIdentity.setAccessTokenText(expectedAccessToken);
appIdentity.setExpiration(new Date(System.currentTimeMillis() + 60L * 60L * 100L));
AppEngineCredentials credentials = AppEngineCredentials.newBuilder().setScopes(SCOPES).setAppIdentityService(appIdentity).build();
AccessToken accessToken = credentials.refreshAccessToken();
assertEquals(appIdentity.getAccessTokenText(), accessToken.getTokenValue());
assertEquals(appIdentity.getExpiration(), accessToken.getExpirationTime());
}
Aggregations