diff --git a/samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java b/samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java index 9b69429ef..cf6458269 100644 --- a/samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java +++ b/samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java @@ -16,8 +16,10 @@ // [START auth_cloud_implicit_adc] -import com.google.cloud.compute.v1.Instance; -import com.google.cloud.compute.v1.InstancesClient; +import com.google.api.gax.paging.Page; +import com.google.cloud.storage.Bucket; +import com.google.cloud.storage.Storage; +import com.google.cloud.storage.StorageOptions; import java.io.IOException; public class AuthenticateImplicitWithAdc { @@ -25,10 +27,11 @@ public class AuthenticateImplicitWithAdc { public static void main(String[] args) throws IOException { // TODO(Developer): // 1. Before running this sample, - // set up ADC as described in https://cloud.google.com/docs/authentication/external/set-up-adc + // set up Application Default Credentials as described in + // https://cloud.google.com/docs/authentication/external/set-up-adc // 2. Replace the project variable below. - // 3. Make sure that the user account or service account that you are using - // has the required permissions. For this sample, you must have "compute.instances.list". + // 3. Make sure you have the necessary permission to list storage buckets + // "storage.buckets.list" String projectId = "your-google-cloud-project-id"; authenticateImplicitWithAdc(projectId); } @@ -37,24 +40,20 @@ public static void main(String[] args) throws IOException { // credentials to use. public static void authenticateImplicitWithAdc(String project) throws IOException { - String zone = "us-central1-a"; - // This snippet demonstrates how to list instances. // *NOTE*: Replace the client created below with the client required for your application. // Note that the credentials are not specified when constructing the client. // Hence, the client library will look for credentials using ADC. // // Initialize client that will be used to send requests. This client only needs to be created - // once, and can be reused for multiple requests. After completing all of your requests, call - // the `instancesClient.close()` method on the client to safely - // clean up any remaining background resources. - try (InstancesClient instancesClient = InstancesClient.create()) { - // Set the project and zone to retrieve instances present in the zone. - System.out.printf("Listing instances from %s in %s:", project, zone); - for (Instance zoneInstance : instancesClient.list(project, zone).iterateAll()) { - System.out.println(zoneInstance.getName()); - } - System.out.println("####### Listing instances complete #######"); + // once, and can be reused for multiple requests. + Storage storage = StorageOptions.newBuilder().setProjectId(project).build().getService(); + + System.out.println("Buckets:"); + Page buckets = storage.list(); + for (Bucket bucket : buckets.iterateAll()) { + System.out.println(bucket.toString()); } + System.out.println("Listed all storage buckets."); } } // [END auth_cloud_implicit_adc] diff --git a/samples/snippets/src/main/java/IdTokenFromImpersonatedCredentials.java b/samples/snippets/src/main/java/IdTokenFromImpersonatedCredentials.java index b348e3976..c03274d9d 100644 --- a/samples/snippets/src/main/java/IdTokenFromImpersonatedCredentials.java +++ b/samples/snippets/src/main/java/IdTokenFromImpersonatedCredentials.java @@ -31,14 +31,13 @@ public static void main(String[] args) throws IOException { // Provide the scopes that you might need to request to access Google APIs, // depending on the level of access you need. - // The best practice is to use the cloud-wide scope and use IAM to narrow the permissions. - // https://cloud.google.com/docs/authentication#authorization_for_services + // This example uses the cloud-wide scope and uses IAM to narrow the permissions. + // https://cloud.google.com/docs/authentication/external/authorization-gcp // For more information, see: https://developers.google.com/identity/protocols/oauth2/scopes String scope = "https://www.googleapis.com/auth/cloud-platform"; - // The service name for which the id token is requested. Service name refers to the - // logical identifier of an API service, such as "pubsub.googleapis.com". - String targetAudience = "iap.googleapis.com"; + // The service name for which the id token is requested. + String targetAudience = "https://example.com"; // The name of the privilege-bearing service account for whom the credential is created. String impersonatedServiceAccount = "name@project.service.gserviceaccount.com"; @@ -78,8 +77,8 @@ public static void getIdTokenUsingOAuth2( .build(); // Get the ID token. - // Once you've obtained the ID token, use it to make an authenticated call - // to the target audience. + // Once you've obtained the ID token, you can use it to make an authenticated call to the + // target audience. String idToken = idTokenCredentials.refreshAccessToken().getTokenValue(); System.out.println("Generated ID token."); } diff --git a/samples/snippets/src/main/java/IdTokenFromMetadataServer.java b/samples/snippets/src/main/java/IdTokenFromMetadataServer.java index 3358ccdbe..c16627e5e 100644 --- a/samples/snippets/src/main/java/IdTokenFromMetadataServer.java +++ b/samples/snippets/src/main/java/IdTokenFromMetadataServer.java @@ -30,14 +30,13 @@ public static void main(String[] args) throws IOException, GeneralSecurityExcept // TODO(Developer): Replace the below variables before running the code. // The url or target audience to obtain the ID token for. - String url = "http://www.abc.com"; + String url = "https://example.com"; getIdTokenFromMetadataServer(url); } - // Use the Google Cloud metadata server in the Cloud Run (or AppEngine or Kubernetes etc.,) - // environment to create an identity token and add it to the HTTP request as part of an - // Authorization header. + // Use the Google Cloud metadata server to create an identity token and add it to the + // HTTP request as part of an Authorization header. public static void getIdTokenFromMetadataServer(String url) throws IOException { // Construct the GoogleCredentials object which obtains the default configuration from your // working environment. @@ -52,8 +51,8 @@ public static void getIdTokenFromMetadataServer(String url) throws IOException { .build(); // Get the ID token. - // Once you've obtained the ID token, use it to make an authenticated call - // to the target audience. + // Once you've obtained the ID token, you can use it to make an authenticated call to the + // target audience. String idToken = idTokenCredentials.refreshAccessToken().getTokenValue(); System.out.println("Generated ID token."); } diff --git a/samples/snippets/src/main/java/IdTokenFromServiceAccount.java b/samples/snippets/src/main/java/IdTokenFromServiceAccount.java index 232288805..a22ca0e2a 100644 --- a/samples/snippets/src/main/java/IdTokenFromServiceAccount.java +++ b/samples/snippets/src/main/java/IdTokenFromServiceAccount.java @@ -44,7 +44,7 @@ public static void main(String[] args) String jsonCredentialPath = "path-to-json-credential-file"; // The url or target audience to obtain the ID token for. - String targetAudience = "http://www.abc.com"; + String targetAudience = "https://example.com"; getIdTokenFromServiceAccount(jsonCredentialPath, targetAudience); } diff --git a/samples/snippets/src/main/java/VerifyGoogleIdToken.java b/samples/snippets/src/main/java/VerifyGoogleIdToken.java index cce6c5aa8..e93eac10a 100644 --- a/samples/snippets/src/main/java/VerifyGoogleIdToken.java +++ b/samples/snippets/src/main/java/VerifyGoogleIdToken.java @@ -26,9 +26,8 @@ public static void main(String[] args) { // The Google ID token to verify. String idToken = "id-token"; - // The service name for which the id token is requested. Service name refers to the - // logical identifier of an API service, such as "pubsub.googleapis.com". - String targetAudience = "pubsub.googleapis.com"; + // The service name for which the id token was requested. + String targetAudience = "https://example.com"; // To verify id tokens, get the Json Web Key endpoint (jwk). // OpenID Connect allows the use of a "Discovery document," a JSON document found at a diff --git a/samples/snippets/src/test/java/SnippetsIT.java b/samples/snippets/src/test/java/SnippetsIT.java index ec7a718ce..2c3e8121c 100644 --- a/samples/snippets/src/test/java/SnippetsIT.java +++ b/samples/snippets/src/test/java/SnippetsIT.java @@ -95,16 +95,16 @@ private static String getIdTokenFromServiceAccount( @Test public void testIdTokenFromServiceAccount() throws IOException { - IdTokenFromServiceAccount.getIdTokenFromServiceAccount(CREDENTIALS, "iap.googleapis.com"); + IdTokenFromServiceAccount.getIdTokenFromServiceAccount(CREDENTIALS, "https://example.com"); assertThat(stdOut.toString()).contains("Generated ID token."); } @Test public void testVerifyGoogleIdToken() throws IOException { - String idToken = getIdTokenFromServiceAccount(CREDENTIALS, "iap.googleapis.com"); + String idToken = getIdTokenFromServiceAccount(CREDENTIALS, "https://example.com"); VerifyGoogleIdToken.verifyGoogleIdToken( - idToken, "iap.googleapis.com", "https://www.googleapis.com/oauth2/v3/certs"); + idToken, "https://example.com", "https://www.googleapis.com/oauth2/v3/certs"); } @Test