Examples of com.google.api.client.googleapis.auth.oauth2.GoogleIdToken

• com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload
  Google ID tokens.

  Google ID tokens contain useful information such as the {@link Payload#getUserId() obfuscatedGoogle user ID}. Google ID tokens are signed and the signature must be verified using {@link #verify(GoogleIdTokenVerifier)}, which also checks that your application's client ID is the intended audience.

  Implementation is not thread-safe.

  @since 1.7 @author Yaniv Inbar

        authorizationFlow.newTokenRequest(authorizationCode);
    tokenRequest.setRedirectUri(CALLBACK_URL);
    GoogleTokenResponse tokenResponse = tokenRequest.execute();

    // Create the OAuth2 credential.
    GoogleCredential credential = new GoogleCredential.Builder()
        .setTransport(new NetHttpTransport())
        .setJsonFactory(new JacksonFactory())
        .setClientSecrets(clientSecrets)
        .build();

    // Set authorized credentials.
    credential.setFromTokenResponse(tokenResponse);

    return credential;
  }

        authorizationFlow.newTokenRequest(authorizationCode);
    tokenRequest.setRedirectUri(CALLBACK_URL);
    GoogleTokenResponse tokenResponse = tokenRequest.execute();

    // Create the OAuth2 credential.
    GoogleCredential credential = new GoogleCredential.Builder()
        .setTransport(new NetHttpTransport())
        .setJsonFactory(new JacksonFactory())
        .setClientSecrets(clientSecrets)
        .build();

    // Set authorized credentials.
    credential.setFromTokenResponse(tokenResponse);

    return credential;
  }

    testHttpServer.setMockResponseBodies(Lists.newArrayList(
        SoapResponseXmlProvider.getTestTokenExpiredResponse(API_VERSION),
        SoapResponseXmlProvider.getTestAuthenticateResponse(API_VERSION, REGENERATED_TOKEN),
        SoapResponseXmlProvider.getTestSoapResponse(API_VERSION)));

    GoogleCredential credential = new GoogleCredential.Builder().setTransport(
        new NetHttpTransport()).setJsonFactory(new JacksonFactory()).build();
    credential.setAccessToken(OAUTH_ACCESS_TOKEN);

    DfaSession session = new DfaSession.Builder()
        .withUsernameAndOAuth2Credential("TEST_USERNAME", credential)
        .withApplicationName("TEST_APP")
        .withEndpoint(testHttpServer.getServerUrl())

   *
   * @return a newly refreshed offline credential.
   * @throws OAuthException if the credential could not be refreshed.
   */
  public Credential generateCredential() throws OAuthException {
    GoogleCredential credential = new GoogleCredential.Builder()
        .setTransport(httpTransport)
        .setJsonFactory(new JacksonFactory())
        .setClientSecrets(clientId, clientSecret)
        .setTokenServerEncodedUrl(tokenServerUrl)
        .build();
    credential.setRefreshToken(refreshToken);
    try {
      if (!oAuth2Helper.callRefreshToken(credential)) {
        throw new OAuthException(
            "Credential could not be refreshed. A newly generated refresh token may be required.");
      }

          if(responseJSON.has("error")) {
            throw new IllegalStateException();
          }

          String idToken = responseJSON.getString("id_token");
          GoogleIdToken userIdToken = GoogleIdToken.parse(new JacksonFactory(), idToken);
          GoogleIdToken.Payload googlePayload = userIdToken.getPayload();
          String userId = googlePayload.getSubject();

          if(googlePayload.getIssuer().equals("accounts.google.com")
          && googlePayload.getAudience().equals(this.clientId)) {
            this.returnSecurityToken(userId, resp);

    HttpResponse googleResponse = PowerMock.createMock(HttpResponse.class);
    expect(fetcher.fetch(isA(HttpRequest.class))).andReturn(googleResponse);
    expect(googleResponse.getResponse()).andReturn(new ByteArrayInputStream("{\"id_token\":\"mocktoken123\"}".getBytes("UTF-8")));

    PowerMock.mockStatic(GoogleIdToken.class);
    GoogleIdToken mockIdToken = createMock(GoogleIdToken.class);
    expect(GoogleIdToken.parse(isA(JacksonFactory.class), eq("mocktoken123"))).andReturn(mockIdToken);

    GoogleIdToken.Payload mockPayload = PowerMock.createMock(GoogleIdToken.Payload.class);
    expect(mockIdToken.getPayload()).andReturn(mockPayload);
    expect(mockPayload.getSubject()).andReturn("userId123");
    expect(mockPayload.getIssuer()).andReturn("accounts.google.com");
    expect(mockPayload.getAudience()).andReturn("clientId");

    expect(codec.encodeToken(isA(LoginSecurityToken.class))).andReturn("mockTokenString123");

    HttpResponse googleResponse = PowerMock.createMock(HttpResponse.class);
    expect(fetcher.fetch(isA(HttpRequest.class))).andReturn(googleResponse);
    expect(googleResponse.getResponse()).andReturn(new ByteArrayInputStream("{\"id_token\":\"mocktoken123\"}".getBytes("UTF-8")));

    PowerMock.mockStatic(GoogleIdToken.class);
    GoogleIdToken mockIdToken = createMock(GoogleIdToken.class);
    expect(GoogleIdToken.parse(isA(JacksonFactory.class), eq("mocktoken123"))).andReturn(mockIdToken);

    GoogleIdToken.Payload mockPayload = PowerMock.createMock(GoogleIdToken.Payload.class);
    expect(mockIdToken.getPayload()).andReturn(mockPayload);
    expect(mockPayload.getSubject()).andReturn("userId123");
    expect(mockPayload.getIssuer()).andReturn("accounts.google.com");
    expect(mockPayload.getAudience()).andReturn("clientId");

    expect(codec.encodeToken(isA(LoginSecurityToken.class))).andThrow(new SecurityTokenException("Bad Security Token"));

  private static final String CLIENT_ID = "myClientId";
  private static final String ANOTHER_CLIENT_ID = "anotherClientId";
  private static final String EMAIL_VERIFIED_KEY = "email_verified";

  private static Payload newPayload(String userId, String clientId) {
    Payload payload = new Payload();
    payload.setIssuer("accounts.google.com");
    payload.setAudience(clientId);
    payload.setAuthorizedParty(clientId);
    payload.setSubject(userId);
    payload.setExpirationTimeSeconds(100L);
    payload.setIssuedAtTimeSeconds(0L);
    return payload;
  }

    return payload;
  }

  @SuppressWarnings("deprecation")
  public void testDeprecatedMethods() {
    Payload payload = newPayload(USER_ID, CLIENT_ID);
    assertEquals(USER_ID, payload.getUserId());
    assertEquals(CLIENT_ID, payload.getIssuee());

    payload.setUserId(ANOTHER_USER_ID);
    payload.setIssuee(ANOTHER_CLIENT_ID);
    assertEquals(ANOTHER_USER_ID, payload.getUserId());
    assertEquals(ANOTHER_CLIENT_ID, payload.getIssuee());
    assertEquals(ANOTHER_USER_ID, payload.getSubject());
    assertEquals(ANOTHER_CLIENT_ID, payload.getAuthorizedParty());
  }

    assertEquals(ANOTHER_USER_ID, payload.getSubject());
    assertEquals(ANOTHER_CLIENT_ID, payload.getAuthorizedParty());
  }

  public void testEmailVerified() {
    Payload payload = newPayload(USER_ID, CLIENT_ID);
    assertNull(payload.getEmailVerified());

    payload.setEmailVerified(true);
    assertTrue(payload.getEmailVerified());

    payload.setEmailVerified(false);
    assertFalse(payload.getEmailVerified());

    payload.setEmailVerified(null);
    assertNull(payload.getEmailVerified());

    payload.set(EMAIL_VERIFIED_KEY, "true");
    assertTrue(payload.getEmailVerified());

    payload.set(EMAIL_VERIFIED_KEY, true);
    assertTrue(payload.getEmailVerified());

    payload.set(EMAIL_VERIFIED_KEY, "false");
    assertFalse(payload.getEmailVerified());

    payload.set(EMAIL_VERIFIED_KEY, false);
    assertFalse(payload.getEmailVerified());

    payload.set(EMAIL_VERIFIED_KEY, "RandomString");
    assertFalse(payload.getEmailVerified());

    payload.set(EMAIL_VERIFIED_KEY, "");
    assertFalse(payload.getEmailVerified());

    payload.set(EMAIL_VERIFIED_KEY, null);
    assertNull(payload.getEmailVerified());

    // Wrong type.
    payload.set(EMAIL_VERIFIED_KEY, new Integer(5));
    try {
      payload.getEmailVerified();
      fail();
    } catch (ClassCastException e) {
      // Expected.
    }
  }