Cloud Client Libraries for Java uses the
Google Auth Library for Java
to authenticate requests. This library supports multiple authentication types.
For more details, see the project's README.md
and javadoc.
Authentication in a Google Cloud environment
When using Google Cloud libraries from a Google Cloud environment (such as Compute Engine, Google Kubernetes Engine, or App Engine) you don't need to perform additional authentication steps.
An example call without additional authentication:
Storage storage = StorageOptions.getDefaultInstance().getService();
Authentication in non-Google Cloud environments
To authenticate in a non-Google Cloud environment, there are three common options:
- (Recommended) Use a service account.
- Use the Google Cloud SDK with a local test environment.
- Use an existing OAuth2 access token.
Use a service account
After downloading the key, you must do one of the following:
- Define the environment variable
GOOGLE_APPLICATION_CREDENTIALS
to be the location of the key. For example:
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/key.json
- Supply the JSON credentials file when building the service options. For
example, this
Storage
object has the necessary permissions to interact with your Cloud Storage data:
Storage storage = StorageOptions.newBuilder() .setCredentials(ServiceAccountCredentials.fromStream(new FileInputStream("/path/to/my/key.json"))) .build() .getService();
- Define the environment variable
Use the Google Cloud SDK with a local test environment
If you are using a local environment for development or testing, you can use the Google Cloud SDK.
Create Application Default Credentials with
gcloud auth application-default login
. Cloud Client Libraries for Java will
automatically detect these credentials.
Use an existing OAuth2 access token
If you have an OAuth2 access token, you can use it to authenticate. If you do, the access token isn't automatically refreshed:
Credentials credentials = GoogleCredentials.create(new AccessToken(accessToken, expirationTime));
Storage storage = StorageOptions.newBuilder()
.setCredentials(credentials)
.build()
.getService();
Another example:
Credentials credentials = GoogleCredentials.create(new AccessToken(accessToken, expirationTime));
CloudTasksSettings cloudTasksSettings = CloudTasksSettings.newBuilder()
.setCredentialProvider(FixedCredentialsProvider.create(credentials))
.build();
CloudTasksClient cloudTasksClient = CloudTasksClient.create(cloudTasksSettings);
Application Default Credentials
If you don't provide credentials, Cloud Client Libraries for Java will attempt to
detect them from the environment using GoogleCredentials.getApplicationDefault()
.
This method searches for Application Default Credentials in the following
locations, in order:
- The credentials file pointed to by the
GOOGLE_APPLICATION_CREDENTIALS
environment variable. - Credentials provided by the Google Cloud SDK
gcloud auth application-default login
command. - Google App Engine's built-in credentials.
- Google Cloud Shell's built-in credentials.
- Google Compute Engine's built-in service account credentials.
Authentication with an API key
Some Google Cloud APIs support authenticating with API keys.
To use an API key with Cloud Client Libraries for Java, you must manually set the
x-goog-api-key
header for the relevant service client.
For example, to set the API key with the
Language service
:
public LanguageServiceClient createGrpcClientWithApiKey(String apiKey) throws Exception {
// Manually set the API key using the header
Map<String, String> header = new HashMap<String, String>() { {put("x-goog-api-key", apiKey);}};
FixedHeaderProvider headerProvider = FixedHeaderProvider.create(header);
// Create the client
TransportChannelProvider transportChannelProvider = InstantiatingGrpcChannelProvider.newBuilder().setHeaderProvider(headerProvider).build();
LanguageServiceSettings settings = LanguageServiceSettings.newBuilder().setTransportChannelProvider(transportChannelProvider).build();
LanguageServiceClient client = LanguageServiceClient.create(settings);
return client;
}
An example instantiation with the Language Client using REST:
public LanguageServiceClient createRestClientWithApiKey(String apiKey) throws Exception {
// Manually set the API key header
Map<String, String> header = new HashMap<String, String>() { {put("x-goog-api-key", apiKey);}};
FixedHeaderProvider headerProvider = FixedHeaderProvider.create(header);
// Create the client
TransportChannelProvider transportChannelProvider = InstantiatingHttpJsonChannelProvider.newBuilder().setHeaderProvider(headerProvider).build();
LanguageServiceSettings settings = LanguageServiceSettings.newBuilder().setTransportChannelProvider(transportChannelProvider).build();
LanguageServiceClient client = LanguageServiceClient.create(settings);
return client;
}