Package com.google.appengine.api.appidentity

Interface AppIdentityService

  • public interface AppIdentityService
    The AppIdentityService allows you to sign an arbitrary byte array using a per app private key maintained by App Engine, and to retrieve a list of public certificates which can be used to verify the signature.

    App Engine is responsible for maintaining the per application private key. App Engine will rotate private keys periodically. App Engine never gives these private keys to the outside.

    Since private keys are rotated periodically, getPublicCertificatesForApp() could return a list of public certificates. It is the caller's responsibility to try these certificates one by one when doing signature verification.

    • Method Detail

      • getServiceAccountName

        String getServiceAccountName()
        Gets service account name of the app.
        Returns:
        service account name of the app.

      • getDefaultGcsBucketName

        String getDefaultGcsBucketName()
        Gets the default GS bucket name for the app.
        Returns:
        default GS bucket name for the app.

      • getAccessToken

        AppIdentityService.GetAccessTokenResult getAccessToken​(Iterable<String> scopes)
        OAuth2 access token to act on behalf of the application.

        Generates and caches an OAuth2 access token for the service account for the appengine application.

        Each application has an associated Google account. This function returns OAuth2 access token corresponding to the running app. Access tokens are safe to cache and reuse until their expiry time as returned. This method will do that using memcache.

        Parameters:
        scopes - iterable of scopes to request.
        Returns:
        a GetAccessTokenResult object with the access token and expiration time.
        Throws:
        AppIdentityServiceFailureException