1 /* 2 * Copyright 2019, Google LLC 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * * Neither the name of Google LLC nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 package com.google.auth.oauth2; 33 34 import java.io.IOException; 35 import java.util.List; 36 37 /** Interface for an Google OIDC token provider. This type represents a google issued OIDC token. */ 38 public interface IdTokenProvider { 39 40 /** 41 * Enum of various credential-specific options to apply to the token. 42 * 43 * <p><b>ComputeEngineCredentials</b> 44 * 45 * <ul> 46 * <li>FORMAT_FULL 47 * <li>LICENSES_TRUE 48 * </ul> 49 * 50 * <br> 51 * <b>ImpersonatedCredential</b> 52 * 53 * <ul> 54 * <li>INCLUDE_EMAIL 55 * </ul> 56 */ 57 public enum Option { 58 FORMAT_FULL("formatFull"), 59 LICENSES_TRUE("licensesTrue"), 60 INCLUDE_EMAIL("includeEmail"); 61 62 private String option; 63 Option(String option)64 private Option(String option) { 65 this.option = option; 66 } 67 getOption()68 public String getOption() { 69 return option; 70 } 71 } 72 73 /** 74 * Returns a Google OpenID Token with the provided audience field. 75 * 76 * @param targetAudience List of audiences the issued ID Token should be valid for. targetAudience 77 * accepts a single string value (multiple audiences are not supported) 78 * @param options List of Credential specific options for for the token. For example, an IDToken 79 * for a ComputeEngineCredential can return platform specific claims if 80 * "ComputeEngineCredentials.ID_TOKEN_FORMAT_FULL" is provided as a list option. 81 * @throws IOException if token creation fails 82 * @return IdToken object which includes the raw id_token, expiration and audience. 83 */ idTokenWithAudience(String targetAudience, List<Option> options)84 IdToken idTokenWithAudience(String targetAudience, List<Option> options) throws IOException; 85 } 86