Search in sources :

Example 71 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-docs-samples by GoogleCloudPlatform.

the class DownscopingExample method getTokenFromBroker.

/**
 * Simulates token broker generating downscoped tokens for specified bucket.
 */
// [START auth_downscoping_token_broker]
public static AccessToken getTokenFromBroker(String bucketName, String objectPrefix) throws IOException {
    // Retrieve the source credentials from ADC.
    GoogleCredentials sourceCredentials = GoogleCredentials.getApplicationDefault().createScoped("https://www.googleapis.com/auth/cloud-platform");
    // [START auth_downscoping_rules]
    // Initialize the Credential Access Boundary rules.
    String availableResource = "//storage.googleapis.com/projects/_/buckets/" + bucketName;
    // Downscoped credentials will have readonly access to the resource.
    String availablePermission = "inRole:roles/storage.objectViewer";
    // Only objects starting with the specified prefix string in the object name will be allowed
    // read access.
    String expression = "resource.name.startsWith('projects/_/buckets/" + bucketName + "/objects/" + objectPrefix + "')";
    // Build the AvailabilityCondition.
    CredentialAccessBoundary.AccessBoundaryRule.AvailabilityCondition availabilityCondition = CredentialAccessBoundary.AccessBoundaryRule.AvailabilityCondition.newBuilder().setExpression(expression).build();
    // Define the single access boundary rule using the above properties.
    CredentialAccessBoundary.AccessBoundaryRule rule = CredentialAccessBoundary.AccessBoundaryRule.newBuilder().setAvailableResource(availableResource).addAvailablePermission(availablePermission).setAvailabilityCondition(availabilityCondition).build();
    // Define the Credential Access Boundary with all the relevant rules.
    CredentialAccessBoundary credentialAccessBoundary = CredentialAccessBoundary.newBuilder().addRule(rule).build();
    // [END auth_downscoping_rules]
    // [START auth_downscoping_initialize_downscoped_cred]
    // Create the downscoped credentials.
    DownscopedCredentials downscopedCredentials = DownscopedCredentials.newBuilder().setSourceCredential(sourceCredentials).setCredentialAccessBoundary(credentialAccessBoundary).build();
    // Retrieve the token.
    // This will need to be passed to the Token Consumer.
    AccessToken accessToken = downscopedCredentials.refreshAccessToken();
    // [END auth_downscoping_initialize_downscoped_cred]
    return accessToken;
}
Also used : DownscopedCredentials(com.google.auth.oauth2.DownscopedCredentials) CredentialAccessBoundary(com.google.auth.oauth2.CredentialAccessBoundary) AccessToken(com.google.auth.oauth2.AccessToken) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials)

Example 72 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-docs-samples by GoogleCloudPlatform.

the class DownscopingExample method tokenConsumer.

// [END auth_downscoping_token_broker]
/**
 * Simulates token consumer readonly access to the specified object.
 */
// [START auth_downscoping_token_consumer]
public static void tokenConsumer(final String bucketName, final String objectName) throws IOException {
    // You can pass an `OAuth2RefreshHandler` to `OAuth2CredentialsWithRefresh` which will allow the
    // library to seamlessly handle downscoped token refreshes on expiration.
    OAuth2CredentialsWithRefresh.OAuth2RefreshHandler handler = new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {

        @Override
        public AccessToken refreshAccessToken() throws IOException {
            // resources in the bucket is needed, this mechanism can be used.
            return getTokenFromBroker(bucketName, objectName.substring(0, 3));
        }
    };
    // Downscoped token retrieved from token broker.
    AccessToken downscopedToken = handler.refreshAccessToken();
    // Create the OAuth2CredentialsWithRefresh from the downscoped token and pass a refresh handler
    // which will handle token expiration.
    // This will allow the consumer to seamlessly obtain new downscoped tokens on demand every time
    // token expires.
    OAuth2CredentialsWithRefresh credentials = OAuth2CredentialsWithRefresh.newBuilder().setAccessToken(downscopedToken).setRefreshHandler(handler).build();
    // Use the credentials with the Cloud Storage SDK.
    StorageOptions options = StorageOptions.newBuilder().setCredentials(credentials).build();
    Storage storage = options.getService();
    // Call Cloud Storage APIs.
    Blob blob = storage.get(bucketName, objectName);
    String content = new String(blob.getContent());
    System.out.println("Retrieved object, " + objectName + ", from bucket," + bucketName + ", with content: " + content);
}
Also used : Blob(com.google.cloud.storage.Blob) Storage(com.google.cloud.storage.Storage) StorageOptions(com.google.cloud.storage.StorageOptions) AccessToken(com.google.auth.oauth2.AccessToken) OAuth2CredentialsWithRefresh(com.google.auth.oauth2.OAuth2CredentialsWithRefresh)

Example 73 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project java-docs-samples by GoogleCloudPlatform.

the class TraceSample method createAndRegisterWithToken.

// [END trace_setup_java_create_and_register]
// [START trace_setup_java_create_and_register_with_token]
public static void createAndRegisterWithToken(String accessToken) throws IOException {
    Date expirationTime = DateTime.now().plusSeconds(60).toDate();
    GoogleCredentials credentials = GoogleCredentials.create(new AccessToken(accessToken, expirationTime));
    StackdriverTraceExporter.createAndRegister(StackdriverTraceConfiguration.builder().setProjectId("MyStackdriverProjectId").setCredentials(credentials).build());
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Date(java.util.Date)

Example 74 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project google-auth-library-java by google.

the class AppEngineCredentials method refreshAccessToken.

/**
 * Refresh the access token by getting it from the App Identity service
 */
@Override
public AccessToken refreshAccessToken() throws IOException {
    if (createScopedRequired()) {
        throw new IOException("AppEngineCredentials requires createScoped call before use.");
    }
    GetAccessTokenResult accessTokenResponse = appIdentityService.getAccessToken(scopes);
    String accessToken = accessTokenResponse.getAccessToken();
    Date expirationTime = accessTokenResponse.getExpirationTime();
    return new AccessToken(accessToken, expirationTime);
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken) IOException(java.io.IOException) GetAccessTokenResult(com.google.appengine.api.appidentity.AppIdentityService.GetAccessTokenResult) Date(java.util.Date)

Example 75 with AccessToken

use of com.microsoft.identity.common.internal.providers.oauth2.AccessToken in project google-auth-library-java by google.

the class AppEngineCredentialsTest method refreshAccessToken_sameAs.

@Test
void refreshAccessToken_sameAs() throws IOException {
    String expectedAccessToken = "ExpectedAccessToken";
    MockAppIdentityService appIdentity = new MockAppIdentityService();
    appIdentity.setAccessTokenText(expectedAccessToken);
    appIdentity.setExpiration(new Date(System.currentTimeMillis() + 60L * 60L * 100L));
    AppEngineCredentials credentials = AppEngineCredentials.newBuilder().setScopes(SCOPES).setAppIdentityService(appIdentity).build();
    AccessToken accessToken = credentials.refreshAccessToken();
    assertEquals(appIdentity.getAccessTokenText(), accessToken.getTokenValue());
    assertEquals(appIdentity.getExpiration(), accessToken.getExpirationTime());
}
Also used : AccessToken(com.google.auth.oauth2.AccessToken) Date(java.util.Date) BaseSerializationTest(com.google.auth.oauth2.BaseSerializationTest) Test(org.junit.jupiter.api.Test)

Aggregations

AccessToken (com.google.auth.oauth2.AccessToken)78 Test (org.junit.Test)44 GoogleCredentials (com.google.auth.oauth2.GoogleCredentials)33 Date (java.util.Date)23 IOException (java.io.IOException)20 AccessToken (io.vertx.ext.auth.oauth2.AccessToken)16 Instant (java.time.Instant)10 Client (javax.ws.rs.client.Client)10 AccessToken (org.glassfish.jersey.client.oauth1.AccessToken)10 ConsumerCredentials (org.glassfish.jersey.client.oauth1.ConsumerCredentials)10 JsonObject (io.vertx.core.json.JsonObject)9 URI (java.net.URI)9 Feature (javax.ws.rs.core.Feature)8 JerseyTest (org.glassfish.jersey.test.JerseyTest)8 MockHttpTransport (com.google.api.client.testing.http.MockHttpTransport)6 ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)6 Credential (io.cdap.cdap.proto.security.Credential)6 InputStreamReader (java.io.InputStreamReader)6 Clock (java.time.Clock)6 WebTarget (javax.ws.rs.client.WebTarget)6