1 /* 2 * Copyright 2020 The gRPC Authors 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package io.grpc; 18 19 /** 20 * Represents a security configuration to be used for channels. There is no generic mechanism for 21 * processing arbitrary {@code ChannelCredentials}; the consumer of the credential (the channel) 22 * must support each implementation explicitly and separately. Consumers are not required to support 23 * all types or even all possible configurations for types that are partially supported, but they 24 * <em>must</em> at least fully support {@link ChoiceChannelCredentials}. 25 * 26 * <p>A {@code ChannelCredential} provides client identity and authenticates the server. This is 27 * different from {@link CallCredentials}, which only provides client identity. They can also 28 * influence types of encryption used and similar security configuration. 29 * 30 * <p>The concrete credential type should not be relevant to most users of the API and may be an 31 * implementation decision. Users should generally use the {@code ChannelCredentials} type for 32 * variables instead of the concrete type. Freshly-constructed credentials should be returned as 33 * {@code ChannelCredentials} instead of a concrete type to encourage this pattern. Concrete types 34 * would only be used after {@code instanceof} checks (which must consider 35 * {@code ChoiceChannelCredentials}!). 36 */ 37 public abstract class ChannelCredentials { 38 /** 39 * Returns the ChannelCredentials stripped of its CallCredentials. In the future, 40 * this may strip only some of the CallCredentials, preserving call credentials 41 * that are safe from replay attacks (e.g., if the token is bound to the 42 * channel's certificate). 43 * 44 * @since 1.35.0 45 */ withoutBearerTokens()46 public abstract ChannelCredentials withoutBearerTokens(); 47 } 48