Send feedback Stay organized with collections Save and categorize content based on your preferences. Version 1.24.1keyboard_arrow_down Changelog 1.24.1 (2024-08-13)Bug Fixes Retry sign blob call with exponential backoff (#1452 ) (d42f30a ) 1.24.0 (2024-07-09)Features Bug Fixes Documentation Add supplier sections to table of contents (#1371 ) (9e11763 ) Adds docs for supplier based external account credentials (#1362 ) (bd898c6 ) Fix readme documentation for workload custom suppliers. (#1382 ) (75bd749 ) 1.23.0 (2024-02-05)Features Add context object to pass to supplier functions (#1363 ) (1d9efc7 ) Adds support for user defined subject token suppliers in AWSCredentials and IdentityPoolCredentials (#1336 ) (64ce8a1 ) Adds universe domain for DownscopedCredentials and ExternalAccountAuthorizedUserCredentials (#1355 ) (17ef707 ) Modify the refresh window to match go/async-token-refresh. Serverless tokens are cached until 4 minutes before expiration, so 4 minutes is the ideal refresh window. (#1352 ) (a7a8d7a ) Bug Fixes Add missing copyright header (#1364 ) (a24e563 ) Issue #1347 : ExternalAccountCredentials serialization is broken (#1358 ) (e3a2e9c ) Refactor compute and cloudshell credentials to pass quota project to base class (#1284 ) (fb75239 ) 1.22.0 (2024-01-09)Features Adds universe domain support for compute credentials (#1346 ) (7e26861 ) Bug Fixes 1.21.0 (2023-12-21)Features Add code sample and test for getting an access token from an impersonated SA (#1289 ) (826ee40 ) Multi universe support, adding universe_domain field (#1282 ) (7eb322e ) Bug Fixes Remove -Xlint:unchecked, suppress all existing violations, add @CanIgnoreReturnValue (#1324 ) (04dfd40 ) Documentation Update README.md to link to Cloud authentication documentation rather than AIPs (98fc7e1 ) 1.20.0 (2023-09-19)Features Bug Fixes Make derived classes of CredentialSource public (#1236 ) (9bb9e0a ) Documentation Update library definitions in README to the latest version (#1239 ) (0c5cff2 ) 1.19.0 (2023-06-27)Features Expose test-jar and mock classes in oauth2 (12e8db6 ) 1.18.0 (2023-06-16)Features Introduce a way to pass additional parameters to auhtorization url (#1134 ) (3a2c5d3 ) 1.17.1 (2023-05-25)Dependencies 1.17.0 (2023-05-20)Features Adds universe_domain to external account creds (#1199 ) (608ee87 ) Expose method to manually obtain ADC from gcloud CLI well-known… (#1188 ) (2fa9d52 ) Updating readme for external account authorized user credentials (#1200 ) (bf25574 ) Bug Fixes 1.16.1 (2023-04-07)Bug Fixes Make supporting classes of AwsCredentials serializable (#1113 ) (82bf871 ) Remove AWS credential source validation. (#1177 ) (77a99c9 ) 1.16.0 (2023-02-15)Features Bug Fixes Create and reuse self signed jwt creds for better performance (#1154 ) (eaaa8e8 ) Java doc for DefaultPKCEProvider.java (#1148 ) (154c127 ) Removed url pattern validation for google urls in external account credential configurations (#1150 ) (35495b1 ) Documentation Clarified Maven artifact for HTTP-based clients (#1136 ) (b49fc13 ) 1.15.0 (2023-01-25)Features Bug Fixes AccessToken scopes clean serialization and default as empty list (#1125 ) (f55d41f ) Enforce Locale.US for AwsRequestSignerTest (#1111 ) (aeb1218 ) Ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh (#1131 ) (326e4a1 ) 1.14.0 (2022-12-06)Features Bug Fixes AwsCredentials should not call metadata server if security creds and region are retrievable through environment vars (#1100 ) (1ff5772 ) Not loosing the access token when calling UserCredentials#ToBuil… (#993 ) (84afdb8 ) 1.13.0 (2022-11-15)Features Add smbios check for GCE residency detection (#1092 ) (bfe7d93 ) Bug Fixes 1.12.1 (2022-10-18)Bug Fixes 1.12.0 (2022-10-14)Features Bug Fixes Documentation samples: Modified comments in the samples and minor refactor (#990 ) (669ab04 ) 1.11.0 (2022-09-08)Features Adds configurable token lifetime support (#982 ) (0198733 ) Bug Fixes Add retries to public key fetch (#983 ) (1200a39 ) Add Test to validate 0x20 in token (#971 ) (612db0a ) Change revoke request from get to post (#979 ) (ead58b2 ) Setting the retry count to default value and enabling ioexceptions to retry (#988 ) (257071a ) Updates IdTokenVerifier so that it does not cache a failed public key response (#967 ) (1f4c9c7 ) 1.10.0 (2022-08-05)Features workforce identity federation for pluggable auth (#959 ) (7f2c535 ) Bug Fixes updates executable response spec for executable-sourced credentials (#955 ) (48ff83d ) Documentation 1.9.0 (2022-08-02)Features Bug Fixes expiration time of the ImpersonatedCredentials token depending on the current host's timezone (#932 ) (73af08a ) Documentation update wif documentation with enable-imdsv2 flag (#940 ) (acc1ce3 ) 1.8.1 (2022-07-13)Bug Fixes 1.8.0 (2022-06-27)Features Documentation 1.7.0 (2022-05-12)Features Add ability to provide PrivateKey as Pkcs8 encoded string #883 (#889 ) (e0d6996 ) Add iam endpoint override to ImpersonatedCredentials (#910 ) (97bfc4c ) Bug Fixes update branding in ExternalAccountCredentials (#893 ) (0200dbb ) 1.6.0 (2022-03-15)Features Add AWS Session Token to Metadata Requests (#850 ) (577e9a5 ) Bug Fixes ImmutableSet converted to List for Impersonated Credentials (#732 ) (7dcd549 ) update library docs (#868 ) (a081015 ) 1.5.3 (2022-02-24)Bug Fixes ci: downgrade nexus-staging-maven-plugin to 1.6.8 (#874 ) (fc331d4 ) 1.5.2 (2022-02-24)Bug Fixes downgrading nexus staging plugin 1.6.8 (#871 ) (e87224c ) 1.5.1 (2022-02-22)Bug Fixes deps: update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.3.2 (#852 ) (aa557c7 ) 1.5.0 (2022-02-14)Features update retries and implement Retryable (#750 ) (f9a9b8a ) Dependencies 1.4.0 (2022-01-19)Features setting the audience to always point to google token endpoint (#833 ) (33bfe7a ) Bug Fixes (WIF) remove erroneous check for the subject token field name for text credential source (#822 ) (6d35c68 ) java: add -ntp flag to native image testing command (#1299 ) (#807 ) (aa6654a )java: run Maven in plain console-friendly mode (#1301 ) (#818 ) (4df45d0 ) 1.3.0 (2021-11-10)Features next release from main branch is 1.3.0 (#780 ) (1149581 ) Bug Fixes 1.2.2 (2021-10-20)Bug Fixes environment variable is "AWS_SESSION_TOKEN" and not "Token" (#772 ) (c8c3073 ) 1.2.1 (2021-10-11)Bug Fixes disabling self-signed jwt for domain wide delegation (#754 ) (ac70a27 ) 1.2.0 (2021-09-30)Features Bug Fixes 1.1.0 (2021-08-17)Features downscoping with credential access boundaries (#702 ) (aa7ede1 ) Bug Fixes add validation for the token URL and service account impersonation URL for Workload Identity Federation (#717 ) (23cb8ef ) Documentation updates README for downscoping with CAB (#716 ) (68bceba ) 1.0.0 (2021-07-28)⚠ BREAKING CHANGES updating google-auth-library-java min Java version to 1.8 Features GA release of google-auth-library-java (ver 1.0.0) (#704 ) (3d9874f ) updating google-auth-library-java min Java version to 1.8 (3d9874f ) Bug Fixes Add shopt -s nullglob to dependencies script (#693 ) (c5aa708 ) Update dependencies.sh to not break on mac (c5aa708 ) 0.27.0 (2021-07-14)Features add Id token support for UserCredentials (#650 ) (5a8f467 ) add impersonation credentials to ADC (#613 ) (b9823f7 ) Adding functional tests for Service Account (#685 ) (dfe118c ) allow scopes for self signed jwt (#689 ) (f4980c7 ) 0.26.0 (2021-05-20)Features add gcf-owl-bot[bot] to ignoreAuthors (#674 ) (359b20f ) added getter for credentials object in HttpCredentialsAdapter (#658 ) (5a946ea ) enable pre-emptive async oauth token refreshes (#646 ) (e3f4c7e ) Returning an issuer claim on request errors (#656 ) (95d70ae ) Bug Fixes use orginal url as audience for self signed jwt if scheme or host is null (#642 ) (b4e6f1a ) 0.25.5 (2021-04-22)Dependencies 0.25.4 (2021-04-15)Bug Fixes 0.25.3 (2021-04-12)Dependencies 0.25.2 (2021-03-18)Bug Fixes follow up fix service account credentials createScopedRequired (#605 ) (7ddac43 ) support AWS_DEFAULT_REGION env var (#599 ) (3d066ee ) 0.25.1 (2021-03-18)Bug Fixes fix service account credentials createScopedRequired (#601 ) (0614482 ) 0.25.0 (2021-03-16)Features 0.24.1 (2021-02-25)Dependencies update dependency com.google.http-client:google-http-client-bom to v1.39.0 (#580 ) (88718b0 ) 0.24.0 (2021-02-19)Features add workload identity federation support (#547 ) (b8dde1e ) Bug Fixes Documentation add instructions for using workload identity federation (#564 ) (2142db3 ) 0.23.0 (2021-01-26)⚠ BREAKING CHANGES privatize deprecated constructor (#473) Features allow custom lifespan for impersonated creds (#515 ) (0707ed4 ) allow custom scopes for compute engine creds (#514 ) (edc8d6e ) allow set lifetime for service account creds (#516 ) (427f2d5 ) promote IdToken and JWT features (#538 ) (b514fe0 ) Bug Fixes Dependencies update dependency com.google.appengine:appengine-api-1.0-sdk to v1.9.84 (#422 ) (b262c45 ) update dependency com.google.guava:guava to v30.1-android (#522 ) (4090d1c ) Documentation 0.22.2 (2020-12-11)Bug Fixes quotaProjectId should be applied for cached getRequestMetadata(URI, Executor, RequestMetadataCallback) (#509 ) (0a8412f ) 0.22.1 (2020-11-05)Bug Fixes remove 1 hour limit for impersonated token (#490 ) (927e3d5 ) Dependencies update dependency com.google.guava:guava to v30 (#497 ) (0551649 ) update dependency com.google.http-client:google-http-client-bom to v1.38.0 (#503 ) (46f20bc ) 0.22.0 (2020-10-13)Features add logging at FINE level for each step of ADC (#435 ) (7d145b2 ) Documentation Dependencies update dependency com.google.http-client:google-http-client-bom to v1.37.0 (#486 ) (3027fbf ) 0.21.1 (2020-07-07)Dependencies 0.21.0 (2020-06-24)Features add TokenVerifier class that can verify RS256/ES256 tokens (#420 ) (5014ac7 ) Dependencies update autovalue packages to v1.7.2 (#429 ) (5758364 ) update dependency com.google.http-client:google-http-client-bom to v1.35.0 (#427 ) (5494ec0 ) update Guava to 29.0-android (#426 ) (0cd3c2e ) 0.20.0 (2020-01-15)Features updated JwtClaims.Builder methods to public (#396 ) (9e5de14 ) Dependencies 0.19.0 (2019-12-13)Features support reading in quotaProjectId for billing (#383 ) (f38c3c8 ) Dependencies update appengine-sdk to 1.9.76 (#366 ) (590883d ) update autovalue packages to v1.7 (#365 ) (42a1694 ) update dependency com.google.appengine:appengine to v1.9.77 (#377 ) (c3c950e ) update dependency com.google.http-client:google-http-client-bom to v1.33.0 (#374 ) (af0af50 ) Documentation 0.18.0 (2019-10-09)Bug Fixes make JwtClaims.newBuilder() public (#350 ) (6ab8758 ) move autovalue into annotation processor path instead of classpath (#358 ) (a82d348 ) Dependencies Documentation fix include instructions in google-auth-library-bom README (#352 ) (f649735 ) 0.17.4 (2019-10-08)Bug Fixes make JwtClaims.newBuilder() public (#350 ) (6ab8758 ) move autovalue into annotation processor path instead of classpath (#358 ) (a82d348 ) Dependencies Documentation fix include instructions in google-auth-library-bom README (#352 ) (f649735 ) 0.17.2 (2019-09-24)Bug Fixes 0.17.1 (2019-08-22)Bug Fixes allow unset/null privateKeyId for JwtCredentials (#336 ) (d28a6ed ) 0.17.0 (2019-08-16)Bug Fixes cleanup unused code and deprecation warnings (#315 ) (7fd94c0 ) Fix declared dependencies from merge issue (#291 ) (35abf13 ) throw SigningException as documented (#316 ) (a1ab97c ) typo in ComputeEngineCredentials exception message (#313 ) (1a16f38 ) Features add Automatic-Module-Name to manifest (#326 ) (29f58b4 ), closes #324 #324 add IDTokenCredential support (#303 ) (a87e3fd ) add JwtCredentials with custom claims (#290 ) (3f37172 ) allow arbitrary additional claims for JwtClaims (#331 ) (888c61c ) Implement ServiceAccountSigner for ImpersonatedCredentials (#279 ) (70767e3 ) Reverts 0.16.2 (2019-06-26)Bug Fixes Add metadata-flavor header to metadata server ping for compute engine (#283 ) Dependencies Import http client bom for dependency management (#268 ) Documentation README section for interop with google-http-client (#275 ) 0.16.1 (2019-06-06)Dependencies Update dependency com.google.http-client:google-http-client to v1.30.1 (#265 ) 0.16.0 (2019-06-04)Features Add google-auth-library-bom artifact (#256 ) Dependencies Update dependency com.google.http-client:google-http-client to v1.30.0 (#261 ) Update dependency com.google.http-client:google-http-client to v1.29.2 (#259 ) Update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.8 (#257 ) Update to latest app engine SDK version (#258 ) Update dependency org.apache.maven.plugins:maven-source-plugin to v3.1.0 (#254 ) Update dependency org.jacoco:jacoco-maven-plugin to v0.8.4 (#255 ) Update dependency org.apache.maven.plugins:maven-jar-plugin to v3.1.2 (#252 ) Update dependency org.apache.maven.plugins:maven-source-plugin to v2.4 (#253 ) Documentation Javadoc publish kokoro job uses docpublisher (#243 ) 0.15.0 (2019-03-27)Bug Fixes createScoped: make overload call implementation (#229 ) Reverts Add back in deprecated methods in ServiceAccountJwtAccessCredentials (#238 ) 0.14.0 (2019-03-26)Bug Fixes update default metadata url (#230 ) Remove deprecated methods (#190 ) Update Sign Blob API (#232 ) Dependencies Upgrade http client to 1.29.0. (#235 ) update deps (#234 ) 0.13.0 (2019-01-17)Bug Fixes Use OutputStream directly instead of PrintWriter (#220 ) Improve log output when detecting GCE (#214 ) Features Overload GoogleCredentials.createScoped with variadic arguments (#218 ) Dependencies Update google-http-client version, guava, and maven surefire plugin (#221 ) 0.12.0 (2018-12-19)Bug Fixes Show error message in case of problems with getting access token (#206 ) Add note about NO_GCE_CHECK to metadata 404 error message (#205 ) Features Add ImpersonatedCredentials (#211 ) Add option to suppress end user credentials warning. (#207 ) Dependencies Update google-http-java-client dependency to 1.27.0 (#208 ) Documentation README grammar fix (#192 ) Add unstable badge to README (#184 ) Update README with instructions on installing the App Engine SDK and running the tests (#209 ) 0.11.0 (2018-08-23)Bug Fixes Update auth token urls (#174) Dependencies Update dependencies (guava) (#170) Bumping google-http-client version to 1.24.1 (#171) Documentation Documentation for ComputeEngineCredential signing. (#176) Fix README link (#169) 0.10.0 (2018-06-12)Bug Fixes Read token_uri from service account JSON (#160) Log warning if default credentials uses a user token from gcloud sdk (#166) Features Add OAuth2Credentials#refreshIfExpired() (#163) ComputeEngineCredentials implements ServiceAccountSigner (#141) Documentation Versionless Javadocs (#164) Fix documentation for getAccessToken() returning cached value (#162) 0.9.1 (2018-04-09)Features Add caching for JWT tokens (#151) 0.9.0 (2017-11-02)Bug Fixes Fix NPE deserializing ServiceAccountCredentials (#132) Features Surface cleanup (#136) Providing a method to remove CredentialsChangedListeners (#130) Implemented in-memory TokenStore and added opportunity to save user credentials into file (#129) Documentation Fixes comment typos. (#131) 0.8.0 (2017-09-08)Bug Fixes Extracting the project_id field from service account JSON files (#118) Fixing an Integer Overflow Issue (#121) use metadata server to get credentials for GAE 8 standard environment (#122) Features Switch OAuth2 HTTP surface to use builder pattern (#123) Add builder pattern to AppEngine credentials (#125) Documentation Fix API Documentation link rendering (#112) 0.7.1 (2017-07-14)Bug Fixes Mitigate occasional failures in looking up Application Default Credentials on a Google Compute Engine (GCE) Virtual Machine (#110) 0.7.0 (2017-06-06)Bug Fixes Retry HTTP errors in ServiceAccountCredentials.refreshAccessToken() to avoid propagating failures (#100 addresses #91) Features Add GoogleCredentials.createDelegated() method to allow using domain-wide delegation with service accounts (#102) Allow bypassing App Engine credential check using environment variable, to allow Application Default Credentials to detect GCE when running on GAE Flex (#103) Send feedback
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-30 UTC.
Need to tell us more? [[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-30 UTC."],[],[]]
