Reputation: 838
Authorization to Google Client
I am writing a class for creating authorization to BigQuery and Google Cloud Storage.
In the past I have used CredentialStore which has been deprecated. I am trying to use DataStoreFactory but I discovered that it allows me to use only StoredCredential while I need a Credential.
I know one can convert from Credential to StoredCredential but I am not sure how to convert them in the opposite direction (StoredCredential to Credential). For example I am creating my connection like this:
Storage.Builder(HttpTransport transport,
JsonFactory jsonFactory,
HttpRequestInitializer httpRequestInitializer);
Could anyone point me in a direction about how to achieve this?
Thank you!
Upvotes: 4
Views: 4948
Answers (2)
Reputation: 901
In most cases, wherever you use Credential, you could use StoredCredential. There is only one point you would work with Credential, which is retrieving the Access Token during the OAuth callback. From there the Credential can be converted to StoreCredential and stored into the DataStore. After that storage and retrieval all works with StoredCredential.
But there are places were StoredCredential can't be used. I just encountered one trying to create the Google Drive API Service wrapper.
There is a way to get around this with the GoogleCredential object, it can be created from StoredCredential as per this answer:
Stored Credential from Google API to be reused using Java
import com.google.api.client.auth.oauth2.StoredCredential;
public static GoogleCredential createGoogleCredential(StoredCredential storedCredential) {
GoogleCredential googleCredential = new GoogleCredential.Builder()
.setTransport(new NetHttpTransport())
.setJsonFactory(new JacksonFactory())
.setClientSecrets("client_id", "client_secret")
.setAccessToken(storedCredential.getAccessToken())
.build();
return googleCredential;
}
Upvotes: 2
Reputation: 15855
I'm using google-oauth-client-1.22.0.jar.
I have a Java server with static Service Account credentials that authenticates with Google Cloud.
Here is the salient code that I use.
The key here is to add a CredentialRefreshListener which, when you successfully authenticate, then the Google OAuth client library will call and give you a StoredCredential object which you can serialize and store. You store it, and retrieve it, to a location of your choice by writing or instantiating an implemenation of the DataStore interface. Your DataStore implementation is constructed using a DataStoreFactory implementation.
After building my GoogleCredential, then I can read the last access token, refresh token and expiration date from my DataStore.
If the access token isn't about to expire, then the Google client API will use it to log in.
When it's about to expire, or this is the first time this code is called, then the Google Client API will invoke the refresh listener and it will store the first access token, refresh token and expiration date.
import com.google.api.client.auth.oauth2.DataStoreCredentialRefreshListener;
import com.google.api.client.auth.oauth2.StoredCredential;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.IOUtils;
import com.google.api.client.util.store.AbstractDataStore;
import com.google.api.client.util.store.AbstractDataStoreFactory;
import com.google.api.client.util.store.DataStore;
import com.google.api.client.util.store.DataStoreFactory;
import com.google.api.services.storage.Storage;
import com.google.api.services.storage.StorageScopes;
import com.google.api.services.storage.model.StorageObject;
import java.io.IOException;
import java.io.Serializable;
import java.util.Base64;
public class StackOverflow {
public static void main(final String... args) throws Exception {
final String clientEmail = "[email protected]";
final HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport();
final JsonFactory jsonFactory = new JacksonFactory();
// This implementation generates an that stores and retrieves StoredCredential objects
final DataStoreFactory dataStoreFactory = new AbstractDataStoreFactory() {
@Override
protected <V extends Serializable> DataStore<V> createDataStore(final String id) {
return new MyDataStore<>(this, id);
}
};
// construct a GoogleCredential object to access Google Cloud
final GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(transport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(clientEmail)
.setServiceAccountScopes(StorageScopes.all())
.setServiceAccountPrivateKey(readEncryptedPemFile())
.setServiceAccountPrivateKeyId("___static_get_this_from_google_console___")
.addRefreshListener(new DataStoreCredentialRefreshListener(clientEmail, dataStoreFactory))
.build();
// See I have an access token, refresh token and expiration date stored in my DataStore.
// If so, set them on the GoogleCredential
final StoredCredential storedCredential = StoredCredential.getDefaultDataStore(dataStoreFactory).get(clientEmail);
if (storedCredential != null) {
credential.setAccessToken(storedCredential.getAccessToken());
credential.setRefreshToken(storedCredential.getRefreshToken());
credential.setExpirationTimeMilliseconds(storedCredential.getExpirationTimeMilliseconds());
}
// Now I can use Google Cloud
final Storage storage = new Storage.Builder(credential.getTransport(), credential.getJsonFactory(), credential).setApplicationName("Aimless").build();
storage.objects().insert("soem bucket", new StorageObject());
}
private static class MyDataStore<V extends Serializable> extends AbstractDataStore<V> {
MyDataStore(DataStoreFactory dataStoreFactory1, String id1) {
super(dataStoreFactory1, id1);
}
@Override
public DataStore<V> set(String key, V value) throws IOException {
final String encoded = Base64.getEncoder().encodeToString(IOUtils.serialize(value));
db.save(key, encoded);
return this;
}
@Override
public V get(String key) throws IOException {
final String encoded = db.get(key);
if (encoded == null) {
return null;
}
return IOUtils.deserialize(Base64.getDecoder().decode(encoded));
}
// etc.
}
Upvotes: 1
Related Questions
- Authorisation when using the BigQuery API clients
- Providing Credentials to Google Cloud Storage API
- how to authenticate `com.google.cloud.bigquery.BigQuery` with service account
- com.google.cloud.storage.StorageException: 401 Unauthorized (from local machine)
- com.google.cloud.storage.StorageException: 401 Unauthorized
- Authenticating Google API with a service account with Java API
- Error 403 Forbidden (insufficient permission) with Google Cloud Storage JSON API Java example
- BigQuery authorization
- Google Cloud Storage - how to authorize?
- Google APIs - App-Level Authorization for Android BigQuery Client