Changelog

1.30.1 (2024-12-11)

Bug Fixes

1.30.0 (2024-11-08)

Features

Bug Fixes

  • Make it explicit that there is a network call to MDS to get SecureSessionAgentConfig (#1573) (18020fe)

1.29.0 (2024-10-22)

Features

  • Service sccount to service account impersonation to support universe domain (#1528) (c498ccf)

Bug Fixes

1.28.0 (2024-10-02)

Features

1.27.0 (2024-09-20)

Features

  • Add api key credential as client library authorization type (#1483) (6401e51)

1.26.0 (2024-09-18)

Features

  • Updates UserAuthorizer to support retrieving token response directly with different client auth types (#1486) (1651006)

1.25.0 (2024-09-03)

Features

  • Support retrieving ID Token from IAM endpoint for ServiceAccountCredentials (#1433) (4fcf83e)

Bug Fixes

  • ComputeEngineCredentials.createScoped should invalidate existing AccessToken (#1428) (079a065)
  • Invalidate the SA's AccessToken when createScoped() is called (#1489) (f26fee7)

1.24.1 (2024-08-13)

Bug Fixes

  • Retry sign blob call with exponential backoff (#1452) (d42f30a)

1.24.0 (2024-07-09)

Features

Bug Fixes

  • Makes default token url universe aware (#1383) (e3caf05)
  • Remove Base64 padding in DefaultPKCEProvider (#1375) (1405378)

Documentation

  • Add supplier sections to table of contents (#1371) (9e11763)
  • Adds docs for supplier based external account credentials (#1362) (bd898c6)
  • Fix readme documentation for workload custom suppliers. (#1382) (75bd749)

1.23.0 (2024-02-05)

Features

  • Add context object to pass to supplier functions (#1363) (1d9efc7)
  • Adds support for user defined subject token suppliers in AWSCredentials and IdentityPoolCredentials (#1336) (64ce8a1)
  • Adds universe domain for DownscopedCredentials and ExternalAccountAuthorizedUserCredentials (#1355) (17ef707)
  • Modify the refresh window to match go/async-token-refresh. Serverless tokens are cached until 4 minutes before expiration, so 4 minutes is the ideal refresh window. (#1352) (a7a8d7a)

Bug Fixes

  • Add missing copyright header (#1364) (a24e563)
  • Issue #1347: ExternalAccountCredentials serialization is broken (#1358) (e3a2e9c)
  • Refactor compute and cloudshell credentials to pass quota project to base class (#1284) (fb75239)

1.22.0 (2024-01-09)

Features

  • Adds universe domain support for compute credentials (#1346) (7e26861)

Bug Fixes

1.21.0 (2023-12-21)

Features

  • Add code sample and test for getting an access token from an impersonated SA (#1289) (826ee40)
  • Multi universe support, adding universe_domain field (#1282) (7eb322e)

Bug Fixes

  • Remove -Xlint:unchecked, suppress all existing violations, add @CanIgnoreReturnValue (#1324) (04dfd40)

Documentation

  • Update README.md to link to Cloud authentication documentation rather than AIPs (98fc7e1)

1.20.0 (2023-09-19)

Features

Bug Fixes

  • Make derived classes of CredentialSource public (#1236) (9bb9e0a)

Documentation

  • Update library definitions in README to the latest version (#1239) (0c5cff2)

1.19.0 (2023-06-27)

Features

  • Expose test-jar and mock classes in oauth2 (12e8db6)

1.18.0 (2023-06-16)

Features

  • Introduce a way to pass additional parameters to auhtorization url (#1134) (3a2c5d3)

1.17.1 (2023-05-25)

Dependencies

1.17.0 (2023-05-20)

Features

  • Adds universe_domain to external account creds (#1199) (608ee87)
  • Expose method to manually obtain ADC from gcloud CLI well-known… (#1188) (2fa9d52)
  • Updating readme for external account authorized user credentials (#1200) (bf25574)

Bug Fixes

  • Do not expose universe_domain yet (#1206) (9cce49c)
  • Improve errors and warnings related to ADC (#1172) (6d2251c)
  • Marking 503 as retryable for Compute credentials (#1205) (8ea9445)

1.16.1 (2023-04-07)

Bug Fixes

  • Make supporting classes of AwsCredentials serializable (#1113) (82bf871)
  • Remove AWS credential source validation. (#1177) (77a99c9)

1.16.0 (2023-02-15)

Features

Bug Fixes

  • Create and reuse self signed jwt creds for better performance (#1154) (eaaa8e8)
  • Java doc for DefaultPKCEProvider.java (#1148) (154c127)
  • Removed url pattern validation for google urls in external account credential configurations (#1150) (35495b1)

Documentation

  • Clarified Maven artifact for HTTP-based clients (#1136) (b49fc13)

1.15.0 (2023-01-25)

Features

Bug Fixes

  • AccessToken scopes clean serialization and default as empty list (#1125) (f55d41f)
  • Enforce Locale.US for AwsRequestSignerTest (#1111) (aeb1218)
  • Ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh (#1131) (326e4a1)

1.14.0 (2022-12-06)

Features

Bug Fixes

  • AwsCredentials should not call metadata server if security creds and region are retrievable through environment vars (#1100) (1ff5772)
  • Not loosing the access token when calling UserCredentials#ToBuil… (#993) (84afdb8)

1.13.0 (2022-11-15)

Features

  • Add smbios check for GCE residency detection (#1092) (bfe7d93)

Bug Fixes

  • Empty string check for aws url validation (#1089) (6f177a1)
  • Validate url domain for aws metadata urls (#1079) (31fe461)

1.12.1 (2022-10-18)

Bug Fixes

1.12.0 (2022-10-14)

Features

Bug Fixes

Documentation

  • samples: Modified comments in the samples and minor refactor (#990) (669ab04)

1.11.0 (2022-09-08)

Features

  • Adds configurable token lifetime support (#982) (0198733)

Bug Fixes

  • Add retries to public key fetch (#983) (1200a39)
  • Add Test to validate 0x20 in token (#971) (612db0a)
  • Change revoke request from get to post (#979) (ead58b2)
  • Setting the retry count to default value and enabling ioexceptions to retry (#988) (257071a)
  • Updates IdTokenVerifier so that it does not cache a failed public key response (#967) (1f4c9c7)

1.10.0 (2022-08-05)

Features

  • workforce identity federation for pluggable auth (#959) (7f2c535)

Bug Fixes

  • updates executable response spec for executable-sourced credentials (#955) (48ff83d)

Documentation

  • samples: added auth samples and tests (#927) (32c717f)

1.9.0 (2022-08-02)

Features

  • integration tests for pluggable auth (#939) (22f37aa)

Bug Fixes

  • expiration time of the ImpersonatedCredentials token depending on the current host's timezone (#932) (73af08a)

Documentation

  • update wif documentation with enable-imdsv2 flag (#940) (acc1ce3)

1.8.1 (2022-07-13)

Bug Fixes

1.8.0 (2022-06-27)

Features

Documentation

1.7.0 (2022-05-12)

Features

  • Add ability to provide PrivateKey as Pkcs8 encoded string #883 (#889) (e0d6996)
  • Add iam endpoint override to ImpersonatedCredentials (#910) (97bfc4c)

Bug Fixes

  • update branding in ExternalAccountCredentials (#893) (0200dbb)

1.6.0 (2022-03-15)

Features

  • Add AWS Session Token to Metadata Requests (#850) (577e9a5)

Bug Fixes

  • ImmutableSet converted to List for Impersonated Credentials (#732) (7dcd549)
  • update library docs (#868) (a081015)

1.5.3 (2022-02-24)

Bug Fixes

  • ci: downgrade nexus-staging-maven-plugin to 1.6.8 (#874) (fc331d4)

1.5.2 (2022-02-24)

Bug Fixes

  • downgrading nexus staging plugin 1.6.8 (#871) (e87224c)

1.5.1 (2022-02-22)

Bug Fixes

  • deps: update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.3.2 (#852) (aa557c7)

1.5.0 (2022-02-14)

Features

  • update retries and implement Retryable (#750) (f9a9b8a)

Dependencies

1.4.0 (2022-01-19)

Features

  • setting the audience to always point to google token endpoint (#833) (33bfe7a)

Bug Fixes

  • (WIF) remove erroneous check for the subject token field name for text credential source (#822) (6d35c68)
  • java: add -ntp flag to native image testing command (#1299) (#807) (aa6654a)
  • java: run Maven in plain console-friendly mode (#1301) (#818) (4df45d0)

1.3.0 (2021-11-10)

Features

  • next release from main branch is 1.3.0 (#780) (1149581)

Bug Fixes

  • java: java 17 dependency arguments (#1266) (#779) (9160a53)
  • service account impersonation with workforce credentials (#770) (6449ef0)

1.2.2 (2021-10-20)

Bug Fixes

  • environment variable is "AWS_SESSION_TOKEN" and not "Token" (#772) (c8c3073)

1.2.1 (2021-10-11)

Bug Fixes

  • disabling self-signed jwt for domain wide delegation (#754) (ac70a27)

1.2.0 (2021-09-30)

Features

Bug Fixes

1.1.0 (2021-08-17)

Features

  • downscoping with credential access boundaries (#702) (aa7ede1)

Bug Fixes

  • add validation for the token URL and service account impersonation URL for Workload Identity Federation (#717) (23cb8ef)

Documentation

  • updates README for downscoping with CAB (#716) (68bceba)

1.0.0 (2021-07-28)

⚠ BREAKING CHANGES

  • updating google-auth-library-java min Java version to 1.8

Features

  • GA release of google-auth-library-java (ver 1.0.0) (#704) (3d9874f)
  • updating google-auth-library-java min Java version to 1.8 (3d9874f)

Bug Fixes

  • Add shopt -s nullglob to dependencies script (#693) (c5aa708)
  • Update dependencies.sh to not break on mac (c5aa708)

0.27.0 (2021-07-14)

Features

  • add Id token support for UserCredentials (#650) (5a8f467)
  • add impersonation credentials to ADC (#613) (b9823f7)
  • Adding functional tests for Service Account (#685) (dfe118c)
  • allow scopes for self signed jwt (#689) (f4980c7)

0.26.0 (2021-05-20)

Features

  • add gcf-owl-bot[bot] to ignoreAuthors (#674) (359b20f)
  • added getter for credentials object in HttpCredentialsAdapter (#658) (5a946ea)
  • enable pre-emptive async oauth token refreshes (#646) (e3f4c7e)
  • Returning an issuer claim on request errors (#656) (95d70ae)

Bug Fixes

  • use orginal url as audience for self signed jwt if scheme or host is null (#642) (b4e6f1a)

0.25.5 (2021-04-22)

Dependencies

0.25.4 (2021-04-15)

Bug Fixes

0.25.3 (2021-04-12)

Dependencies

0.25.2 (2021-03-18)

Bug Fixes

  • follow up fix service account credentials createScopedRequired (#605) (7ddac43)
  • support AWS_DEFAULT_REGION env var (#599) (3d066ee)

0.25.1 (2021-03-18)

Bug Fixes

  • fix service account credentials createScopedRequired (#601) (0614482)

0.25.0 (2021-03-16)

Features

0.24.1 (2021-02-25)

Dependencies

  • update dependency com.google.http-client:google-http-client-bom to v1.39.0 (#580) (88718b0)

0.24.0 (2021-02-19)

Features

  • add workload identity federation support (#547) (b8dde1e)

Bug Fixes

Documentation

  • add instructions for using workload identity federation (#564) (2142db3)

0.23.0 (2021-01-26)

⚠ BREAKING CHANGES

  • privatize deprecated constructor (#473)

Features

  • allow custom lifespan for impersonated creds (#515) (0707ed4)
  • allow custom scopes for compute engine creds (#514) (edc8d6e)
  • allow set lifetime for service account creds (#516) (427f2d5)
  • promote IdToken and JWT features (#538) (b514fe0)

Bug Fixes

Dependencies

  • update dependency com.google.appengine:appengine-api-1.0-sdk to v1.9.84 (#422) (b262c45)
  • update dependency com.google.guava:guava to v30.1-android (#522) (4090d1c)

Documentation

  • fix wording in jwtWithClaims Javadoc (#536) (af21727)

0.22.2 (2020-12-11)

Bug Fixes

  • quotaProjectId should be applied for cached getRequestMetadata(URI, Executor, RequestMetadataCallback) (#509) (0a8412f)

0.22.1 (2020-11-05)

Bug Fixes

  • remove 1 hour limit for impersonated token (#490) (927e3d5)

Dependencies

  • update dependency com.google.guava:guava to v30 (#497) (0551649)
  • update dependency com.google.http-client:google-http-client-bom to v1.38.0 (#503) (46f20bc)

0.22.0 (2020-10-13)

Features

  • add logging at FINE level for each step of ADC (#435) (7d145b2)

Documentation

Dependencies

  • update dependency com.google.http-client:google-http-client-bom to v1.37.0 (#486) (3027fbf)

0.21.1 (2020-07-07)

Dependencies

0.21.0 (2020-06-24)

Features

  • add TokenVerifier class that can verify RS256/ES256 tokens (#420) (5014ac7)

Dependencies

  • update autovalue packages to v1.7.2 (#429) (5758364)
  • update dependency com.google.http-client:google-http-client-bom to v1.35.0 (#427) (5494ec0)
  • update Guava to 29.0-android (#426) (0cd3c2e)

0.20.0 (2020-01-15)

Features

  • updated JwtClaims.Builder methods to public (#396) (9e5de14)

Dependencies

0.19.0 (2019-12-13)

Features

  • support reading in quotaProjectId for billing (#383) (f38c3c8)

Dependencies

  • update appengine-sdk to 1.9.76 (#366) (590883d)
  • update autovalue packages to v1.7 (#365) (42a1694)
  • update dependency com.google.appengine:appengine to v1.9.77 (#377) (c3c950e)
  • update dependency com.google.http-client:google-http-client-bom to v1.33.0 (#374) (af0af50)

Documentation

0.18.0 (2019-10-09)

Bug Fixes

  • make JwtClaims.newBuilder() public (#350) (6ab8758)
  • move autovalue into annotation processor path instead of classpath (#358) (a82d348)

Dependencies

Documentation

  • fix include instructions in google-auth-library-bom README (#352) (f649735)

0.17.4 (2019-10-08)

Bug Fixes

  • make JwtClaims.newBuilder() public (#350) (6ab8758)
  • move autovalue into annotation processor path instead of classpath (#358) (a82d348)

Dependencies

Documentation

  • fix include instructions in google-auth-library-bom README (#352) (f649735)

0.17.2 (2019-09-24)

Bug Fixes

0.17.1 (2019-08-22)

Bug Fixes

  • allow unset/null privateKeyId for JwtCredentials (#336) (d28a6ed)

0.17.0 (2019-08-16)

Bug Fixes

  • cleanup unused code and deprecation warnings (#315) (7fd94c0)
  • Fix declared dependencies from merge issue (#291) (35abf13)
  • throw SigningException as documented (#316) (a1ab97c)
  • typo in ComputeEngineCredentials exception message (#313) (1a16f38)

Features

  • add Automatic-Module-Name to manifest (#326) (29f58b4), closes #324 #324
  • add IDTokenCredential support (#303) (a87e3fd)
  • add JwtCredentials with custom claims (#290) (3f37172)
  • allow arbitrary additional claims for JwtClaims (#331) (888c61c)
  • Implement ServiceAccountSigner for ImpersonatedCredentials (#279) (70767e3)

Reverts

0.16.2 (2019-06-26)

Bug Fixes

  • Add metadata-flavor header to metadata server ping for compute engine (#283)

Dependencies

  • Import http client bom for dependency management (#268)

Documentation

  • README section for interop with google-http-client (#275)

0.16.1 (2019-06-06)

Dependencies

  • Update dependency com.google.http-client:google-http-client to v1.30.1 (#265)

0.16.0 (2019-06-04)

Features

  • Add google-auth-library-bom artifact (#256)

Dependencies

  • Update dependency com.google.http-client:google-http-client to v1.30.0 (#261)
  • Update dependency com.google.http-client:google-http-client to v1.29.2 (#259)
  • Update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.8 (#257)
  • Update to latest app engine SDK version (#258)
  • Update dependency org.apache.maven.plugins:maven-source-plugin to v3.1.0 (#254)
  • Update dependency org.jacoco:jacoco-maven-plugin to v0.8.4 (#255)
  • Update dependency org.apache.maven.plugins:maven-jar-plugin to v3.1.2 (#252)
  • Update dependency org.apache.maven.plugins:maven-source-plugin to v2.4 (#253)

Documentation

  • Javadoc publish kokoro job uses docpublisher (#243)

0.15.0 (2019-03-27)

Bug Fixes

  • createScoped: make overload call implementation (#229)

Reverts

  • Add back in deprecated methods in ServiceAccountJwtAccessCredentials (#238)

0.14.0 (2019-03-26)

Bug Fixes

  • update default metadata url (#230)
  • Remove deprecated methods (#190)
  • Update Sign Blob API (#232)

Dependencies

  • Upgrade http client to 1.29.0. (#235)
  • update deps (#234)

0.13.0 (2019-01-17)

Bug Fixes

  • Use OutputStream directly instead of PrintWriter (#220)
  • Improve log output when detecting GCE (#214)

Features

  • Overload GoogleCredentials.createScoped with variadic arguments (#218)

Dependencies

  • Update google-http-client version, guava, and maven surefire plugin (#221)

0.12.0 (2018-12-19)

Bug Fixes

  • Show error message in case of problems with getting access token (#206)
  • Add note about NO_GCE_CHECK to metadata 404 error message (#205)

Features

  • Add ImpersonatedCredentials (#211)
  • Add option to suppress end user credentials warning. (#207)

Dependencies

  • Update google-http-java-client dependency to 1.27.0 (#208)

Documentation

  • README grammar fix (#192)
  • Add unstable badge to README (#184)
  • Update README with instructions on installing the App Engine SDK and running the tests (#209)

0.11.0 (2018-08-23)

Bug Fixes

  • Update auth token urls (#174)

Dependencies

  • Update dependencies (guava) (#170)
  • Bumping google-http-client version to 1.24.1 (#171)

Documentation

  • Documentation for ComputeEngineCredential signing. (#176)
  • Fix README link (#169)

0.10.0 (2018-06-12)

Bug Fixes

  • Read token_uri from service account JSON (#160)
  • Log warning if default credentials uses a user token from gcloud sdk (#166)

Features

  • Add OAuth2Credentials#refreshIfExpired() (#163)
  • ComputeEngineCredentials implements ServiceAccountSigner (#141)

Documentation

  • Versionless Javadocs (#164)
  • Fix documentation for getAccessToken() returning cached value (#162)

0.9.1 (2018-04-09)

Features

  • Add caching for JWT tokens (#151)

0.9.0 (2017-11-02)

Bug Fixes

  • Fix NPE deserializing ServiceAccountCredentials (#132)

Features

  • Surface cleanup (#136)
  • Providing a method to remove CredentialsChangedListeners (#130)
  • Implemented in-memory TokenStore and added opportunity to save user credentials into file (#129)

Documentation

  • Fixes comment typos. (#131)

0.8.0 (2017-09-08)

Bug Fixes

  • Extracting the project_id field from service account JSON files (#118)
  • Fixing an Integer Overflow Issue (#121)
  • use metadata server to get credentials for GAE 8 standard environment (#122)

Features

  • Switch OAuth2 HTTP surface to use builder pattern (#123)
  • Add builder pattern to AppEngine credentials (#125)

Documentation

  • Fix API Documentation link rendering (#112)

0.7.1 (2017-07-14)

Bug Fixes

  • Mitigate occasional failures in looking up Application Default Credentials on a Google Compute Engine (GCE) Virtual Machine (#110)

0.7.0 (2017-06-06)

Bug Fixes

  • Retry HTTP errors in ServiceAccountCredentials.refreshAccessToken() to avoid propagating failures (#100 addresses #91)

Features

  • Add GoogleCredentials.createDelegated() method to allow using domain-wide delegation with service accounts (#102)
  • Allow bypassing App Engine credential check using environment variable, to allow Application Default Credentials to detect GCE when running on GAE Flex (#103)