Send feedback
Stay organized with collections
Save and categorize content based on your preferences.
Version 1.27.0 keyboard_arrow_down
Changelog
1.27.0
(2024-09-20)
Features
Add api key credential as client library authorization type ( #1483
) ( 6401e51
)
1.26.0
(2024-09-18)
Features
Updates UserAuthorizer to support retrieving token response directly with different client auth types ( #1486
) ( 1651006
)
1.25.0
(2024-09-03)
Features
Support retrieving ID Token from IAM endpoint for ServiceAccountCredentials ( #1433
) ( 4fcf83e
)
Bug Fixes
ComputeEngineCredentials.createScoped should invalidate existing AccessToken ( #1428
) ( 079a065
) Invalidate the SA's AccessToken when createScoped() is called ( #1489
) ( f26fee7
)
1.24.1
(2024-08-13)
Bug Fixes
Retry sign blob call with exponential backoff ( #1452
) ( d42f30a
)
1.24.0
(2024-07-09)
Features
[java] allow passing libraries_bom_version from env ( #1967
) ( #1407
) ( d92b421
) Next release from main branch is 1.21.0 ( #1372
) ( 23c3cbe
)
Bug Fixes
Makes default token url universe aware ( #1383
) ( e3caf05
) Remove Base64 padding in DefaultPKCEProvider ( #1375
) ( 1405378
)
Documentation
Add supplier sections to table of contents ( #1371
) ( 9e11763
) Adds docs for supplier based external account credentials ( #1362
) ( bd898c6
) Fix readme documentation for workload custom suppliers. ( #1382
) ( 75bd749
)
1.23.0
(2024-02-05)
Features
Add context object to pass to supplier functions ( #1363
) ( 1d9efc7
) Adds support for user defined subject token suppliers in AWSCredentials and IdentityPoolCredentials ( #1336
) ( 64ce8a1
) Adds universe domain for DownscopedCredentials and ExternalAccountAuthorizedUserCredentials ( #1355
) ( 17ef707
) Modify the refresh window to match go/async-token-refresh. Serverless tokens are cached until 4 minutes before expiration, so 4 minutes is the ideal refresh window. ( #1352
) ( a7a8d7a
)
Bug Fixes
Add missing copyright header ( #1364
) ( a24e563
) Issue #1347
: ExternalAccountCredentials serialization is broken ( #1358
) ( e3a2e9c
) Refactor compute and cloudshell credentials to pass quota project to base class ( #1284
) ( fb75239
)
1.22.0
(2024-01-09)
Features
Adds universe domain support for compute credentials ( #1346
) ( 7e26861
)
Bug Fixes
1.21.0
(2023-12-21)
Features
Add code sample and test for getting an access token from an impersonated SA ( #1289
) ( 826ee40
) Multi universe support, adding universe_domain field ( #1282
) ( 7eb322e
)
Bug Fixes
Remove -Xlint:unchecked, suppress all existing violations, add @CanIgnoreReturnValue ( #1324
) ( 04dfd40
)
Documentation
Update README.md to link to Cloud authentication documentation rather than AIPs ( 98fc7e1
)
1.20.0
(2023-09-19)
Features
Bug Fixes
Make derived classes of CredentialSource public ( #1236
) ( 9bb9e0a
)
Documentation
Update library definitions in README to the latest version ( #1239
) ( 0c5cff2
)
1.19.0
(2023-06-27)
Features
Expose test-jar and mock classes in oauth2 ( 12e8db6
)
1.18.0
(2023-06-16)
Features
Introduce a way to pass additional parameters to auhtorization url ( #1134
) ( 3a2c5d3
)
1.17.1
(2023-05-25)
Dependencies
1.17.0
(2023-05-20)
Features
Adds universe_domain to external account creds ( #1199
) ( 608ee87
) Expose method to manually obtain ADC from gcloud CLI well-known… ( #1188
) ( 2fa9d52
) Updating readme for external account authorized user credentials ( #1200
) ( bf25574
)
Bug Fixes
Do not expose universe_domain yet ( #1206
) ( 9cce49c
) Improve errors and warnings related to ADC ( #1172
) ( 6d2251c
) Marking 503 as retryable for Compute credentials ( #1205
) ( 8ea9445
)
1.16.1
(2023-04-07)
Bug Fixes
Make supporting classes of AwsCredentials serializable ( #1113
) ( 82bf871
) Remove AWS credential source validation. ( #1177
) ( 77a99c9
)
1.16.0
(2023-02-15)
Features
Bug Fixes
Create and reuse self signed jwt creds for better performance ( #1154
) ( eaaa8e8
) Java doc for DefaultPKCEProvider.java ( #1148
) ( 154c127
) Removed url pattern validation for google urls in external account credential configurations ( #1150
) ( 35495b1
)
Documentation
Clarified Maven artifact for HTTP-based clients ( #1136
) ( b49fc13
)
1.15.0
(2023-01-25)
Features
Adds external account authorized user credentials ( #1129
) ( 06bf21a
) Expose scopes granted by user ( #1107
) ( 240c26b
)
Bug Fixes
AccessToken scopes clean serialization and default as empty list ( #1125
) ( f55d41f
) Enforce Locale.US for AwsRequestSignerTest ( #1111
) ( aeb1218
) Ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh ( #1131
) ( 326e4a1
)
1.14.0
(2022-12-06)
Features
Bug Fixes
AwsCredentials should not call metadata server if security creds and region are retrievable through environment vars ( #1100
) ( 1ff5772
) Not loosing the access token when calling UserCredentials#ToBuil… ( #993
) ( 84afdb8
)
1.13.0
(2022-11-15)
Features
Add smbios check for GCE residency detection ( #1092
) ( bfe7d93
)
Bug Fixes
Empty string check for aws url validation ( #1089
) ( 6f177a1
) Validate url domain for aws metadata urls ( #1079
) ( 31fe461
)
1.12.1
(2022-10-18)
Bug Fixes
1.12.0
(2022-10-14)
Features
Bug Fixes
Documentation
samples: Modified comments in the samples and minor refactor ( #990
) ( 669ab04
)
1.11.0
(2022-09-08)
Features
Adds configurable token lifetime support ( #982
) ( 0198733
)
Bug Fixes
Add retries to public key fetch ( #983
) ( 1200a39
) Add Test to validate 0x20 in token ( #971
) ( 612db0a
) Change revoke request from get to post ( #979
) ( ead58b2
) Setting the retry count to default value and enabling ioexceptions to retry ( #988
) ( 257071a
) Updates IdTokenVerifier so that it does not cache a failed public key response ( #967
) ( 1f4c9c7
)
1.10.0
(2022-08-05)
Features
workforce identity federation for pluggable auth ( #959
) ( 7f2c535
)
Bug Fixes
updates executable response spec for executable-sourced credentials ( #955
) ( 48ff83d
)
Documentation
samples: added auth samples and tests ( #927
) ( 32c717f
)
1.9.0
(2022-08-02)
Features
integration tests for pluggable auth ( #939
) ( 22f37aa
)
Bug Fixes
expiration time of the ImpersonatedCredentials token depending on the current host's timezone ( #932
) ( 73af08a
)
Documentation
update wif documentation with enable-imdsv2 flag ( #940
) ( acc1ce3
)
1.8.1
(2022-07-13)
Bug Fixes
1.8.0
(2022-06-27)
Features
add build scripts for native image testing in Java 17 ( #1440
) ( #923
) ( bbb51ce
) Adds Pluggable Auth support (WIF) ( #908
) ( c3e8d16
)
Documentation
1.7.0
(2022-05-12)
Features
Add ability to provide PrivateKey as Pkcs8 encoded string #883
( #889
) ( e0d6996
) Add iam endpoint override to ImpersonatedCredentials ( #910
) ( 97bfc4c
)
Bug Fixes
update branding in ExternalAccountCredentials ( #893
) ( 0200dbb
)
1.6.0
(2022-03-15)
Features
Add AWS Session Token to Metadata Requests ( #850
) ( 577e9a5
)
Bug Fixes
ImmutableSet converted to List for Impersonated Credentials ( #732
) ( 7dcd549
) update library docs ( #868
) ( a081015
)
1.5.3
(2022-02-24)
Bug Fixes
ci: downgrade nexus-staging-maven-plugin to 1.6.8 ( #874
) ( fc331d4
)
1.5.2
(2022-02-24)
Bug Fixes
downgrading nexus staging plugin 1.6.8 ( #871
) ( e87224c
)
1.5.1
(2022-02-22)
Bug Fixes
deps: update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.3.2 ( #852
) ( aa557c7
)
1.5.0
(2022-02-14)
Features
update retries and implement Retryable ( #750
) ( f9a9b8a
)
Dependencies
1.4.0
(2022-01-19)
Features
setting the audience to always point to google token endpoint ( #833
) ( 33bfe7a
)
Bug Fixes
(WIF) remove erroneous check for the subject token field name for text credential source ( #822
) ( 6d35c68
) java: add -ntp flag to native image testing command ( #1299
) ( #807
) ( aa6654a
)
java: run Maven in plain console-friendly mode ( #1301
) ( #818
) ( 4df45d0
)
1.3.0
(2021-11-10)
Features
next release from main branch is 1.3.0 ( #780
) ( 1149581
)
Bug Fixes
java: java 17 dependency arguments ( #1266
) ( #779
) ( 9160a53
)
service account impersonation with workforce credentials ( #770
) ( 6449ef0
)
1.2.2
(2021-10-20)
Bug Fixes
environment variable is "AWS_SESSION_TOKEN" and not "Token" ( #772
) ( c8c3073
)
1.2.1
(2021-10-11)
Bug Fixes
disabling self-signed jwt for domain wide delegation ( #754
) ( ac70a27
)
1.2.0
(2021-09-30)
Features
Bug Fixes
allow empty workforce_pool_user_project ( #752
) ( e1cbce1
) timing of stale token refreshes on ComputeEngine ( #749
) ( c813d55
) workforce audience ( #741
) ( a08cacc
)
1.1.0
(2021-08-17)
Features
downscoping with credential access boundaries ( #702
) ( aa7ede1
)
Bug Fixes
add validation for the token URL and service account impersonation URL for Workload Identity Federation ( #717
) ( 23cb8ef
)
Documentation
updates README for downscoping with CAB ( #716
) ( 68bceba
)
1.0.0
(2021-07-28)
⚠ BREAKING CHANGES
updating google-auth-library-java min Java version to 1.8
Features
GA release of google-auth-library-java (ver 1.0.0) ( #704
) ( 3d9874f
) updating google-auth-library-java min Java version to 1.8 ( 3d9874f
)
Bug Fixes
Add shopt -s nullglob to dependencies script ( #693
) ( c5aa708
) Update dependencies.sh to not break on mac ( c5aa708
)
0.27.0
(2021-07-14)
Features
add Id token support for UserCredentials ( #650
) ( 5a8f467
) add impersonation credentials to ADC ( #613
) ( b9823f7
) Adding functional tests for Service Account ( #685
) ( dfe118c
) allow scopes for self signed jwt ( #689
) ( f4980c7
)
0.26.0
(2021-05-20)
Features
add gcf-owl-bot[bot]
to ignoreAuthors
( #674
) ( 359b20f
) added getter for credentials object in HttpCredentialsAdapter ( #658
) ( 5a946ea
) enable pre-emptive async oauth token refreshes ( #646
) ( e3f4c7e
) Returning an issuer claim on request errors ( #656
) ( 95d70ae
)
Bug Fixes
use orginal url as audience for self signed jwt if scheme or host is null ( #642
) ( b4e6f1a
)
0.25.5
(2021-04-22)
Dependencies
0.25.4
(2021-04-15)
Bug Fixes
0.25.3
(2021-04-12)
Dependencies
0.25.2
(2021-03-18)
Bug Fixes
follow up fix service account credentials createScopedRequired ( #605
) ( 7ddac43
) support AWS_DEFAULT_REGION env var ( #599
) ( 3d066ee
)
0.25.1
(2021-03-18)
Bug Fixes
fix service account credentials createScopedRequired ( #601
) ( 0614482
)
0.25.0
(2021-03-16)
Features
0.24.1
(2021-02-25)
Dependencies
update dependency com.google.http-client:google-http-client-bom to v1.39.0 ( #580
) ( 88718b0
)
0.24.0
(2021-02-19)
Features
add workload identity federation support ( #547
) ( b8dde1e
)
Bug Fixes
Documentation
add instructions for using workload identity federation ( #564
) ( 2142db3
)
0.23.0
(2021-01-26)
⚠ BREAKING CHANGES
privatize deprecated constructor (#473)
Features
allow custom lifespan for impersonated creds ( #515
) ( 0707ed4
) allow custom scopes for compute engine creds ( #514
) ( edc8d6e
) allow set lifetime for service account creds ( #516
) ( 427f2d5
) promote IdToken and JWT features ( #538
) ( b514fe0
)
Bug Fixes
per google style, logger is lower case ( #529
) ( ecfc6a2
) privatize deprecated constructor ( #473
) ( 5804ff0
) remove deprecated methods ( #537
) ( 427963e
) replace non-precondition use of Preconditions ( #539
) ( f2ab4f1
) switch to GSON ( #531
) ( 1b98d5c
) use default timeout if given 0 for ImpersonatedCredentials ( #527
) ( ec74870
)
Dependencies
update dependency com.google.appengine:appengine-api-1.0-sdk to v1.9.84 ( #422
) ( b262c45
) update dependency com.google.guava:guava to v30.1-android ( #522
) ( 4090d1c
)
Documentation
fix wording in jwtWithClaims Javadoc ( #536
) ( af21727
)
0.22.2
(2020-12-11)
Bug Fixes
quotaProjectId should be applied for cached getRequestMetadata(URI, Executor, RequestMetadataCallback)
( #509
) ( 0a8412f
)
0.22.1
(2020-11-05)
Bug Fixes
remove 1 hour limit for impersonated token ( #490
) ( 927e3d5
)
Dependencies
update dependency com.google.guava:guava to v30 ( #497
) ( 0551649
) update dependency com.google.http-client:google-http-client-bom to v1.38.0 ( #503
) ( 46f20bc
)
0.22.0
(2020-10-13)
Features
add logging at FINE level for each step of ADC ( #435
) ( 7d145b2
)
Documentation
Dependencies
update dependency com.google.http-client:google-http-client-bom to v1.37.0 ( #486
) ( 3027fbf
)
0.21.1
(2020-07-07)
Dependencies
0.21.0
(2020-06-24)
Features
add TokenVerifier class that can verify RS256/ES256 tokens ( #420
) ( 5014ac7
)
Dependencies
update autovalue packages to v1.7.2 ( #429
) ( 5758364
) update dependency com.google.http-client:google-http-client-bom to v1.35.0 ( #427
) ( 5494ec0
) update Guava to 29.0-android ( #426
) ( 0cd3c2e
)
0.20.0
(2020-01-15)
Features
updated JwtClaims.Builder
methods to public
( #396
) ( 9e5de14
)
Dependencies
0.19.0
(2019-12-13)
Features
support reading in quotaProjectId for billing ( #383
) ( f38c3c8
)
Dependencies
update appengine-sdk to 1.9.76 ( #366
) ( 590883d
) update autovalue packages to v1.7 ( #365
) ( 42a1694
) update dependency com.google.appengine:appengine to v1.9.77 ( #377
) ( c3c950e
) update dependency com.google.http-client:google-http-client-bom to v1.33.0 ( #374
) ( af0af50
)
Documentation
remove outdated comment on explicit IP address ( #370
) ( 71faa5f
) xml syntax error in bom/README.md ( #372
) ( ff8606a
), closes #371
0.18.0
(2019-10-09)
Bug Fixes
make JwtClaims.newBuilder() public ( #350
) ( 6ab8758
) move autovalue into annotation processor path instead of classpath ( #358
) ( a82d348
)
Dependencies
Documentation
fix include instructions in google-auth-library-bom README ( #352
) ( f649735
)
0.17.4
(2019-10-08)
Bug Fixes
make JwtClaims.newBuilder() public ( #350
) ( 6ab8758
) move autovalue into annotation processor path instead of classpath ( #358
) ( a82d348
)
Dependencies
Documentation
fix include instructions in google-auth-library-bom README ( #352
) ( f649735
)
0.17.2
(2019-09-24)
Bug Fixes
0.17.1
(2019-08-22)
Bug Fixes
allow unset/null privateKeyId for JwtCredentials ( #336
) ( d28a6ed
)
0.17.0
(2019-08-16)
Bug Fixes
cleanup unused code and deprecation warnings ( #315
) ( 7fd94c0
) Fix declared dependencies from merge issue ( #291
) ( 35abf13
) throw SigningException as documented ( #316
) ( a1ab97c
) typo in ComputeEngineCredentials exception message ( #313
) ( 1a16f38
)
Features
add Automatic-Module-Name to manifest ( #326
) ( 29f58b4
), closes #324
#324
add IDTokenCredential support ( #303
) ( a87e3fd
) add JwtCredentials with custom claims ( #290
) ( 3f37172
) allow arbitrary additional claims for JwtClaims ( #331
) ( 888c61c
) Implement ServiceAccountSigner for ImpersonatedCredentials ( #279
) ( 70767e3
)
Reverts
0.16.2
(2019-06-26)
Bug Fixes
Add metadata-flavor header to metadata server ping for compute engine ( #283
)
Dependencies
Import http client bom for dependency management ( #268
)
Documentation
README section for interop with google-http-client ( #275
)
0.16.1
(2019-06-06)
Dependencies
Update dependency com.google.http-client:google-http-client to v1.30.1 ( #265
)
0.16.0
(2019-06-04)
Features
Add google-auth-library-bom artifact ( #256
)
Dependencies
Update dependency com.google.http-client:google-http-client to v1.30.0 ( #261
) Update dependency com.google.http-client:google-http-client to v1.29.2 ( #259
) Update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.8 ( #257
) Update to latest app engine SDK version ( #258
) Update dependency org.apache.maven.plugins:maven-source-plugin to v3.1.0 ( #254
) Update dependency org.jacoco:jacoco-maven-plugin to v0.8.4 ( #255
) Update dependency org.apache.maven.plugins:maven-jar-plugin to v3.1.2 ( #252
) Update dependency org.apache.maven.plugins:maven-source-plugin to v2.4 ( #253
)
Documentation
Javadoc publish kokoro job uses docpublisher ( #243
)
0.15.0
(2019-03-27)
Bug Fixes
createScoped: make overload call implementation ( #229
)
Reverts
Add back in deprecated methods in ServiceAccountJwtAccessCredentials ( #238
)
0.14.0
(2019-03-26)
Bug Fixes
update default metadata url ( #230
) Remove deprecated methods ( #190
) Update Sign Blob API ( #232
)
Dependencies
Upgrade http client to 1.29.0. ( #235
) update deps ( #234
)
0.13.0
(2019-01-17)
Bug Fixes
Use OutputStream directly instead of PrintWriter ( #220
) Improve log output when detecting GCE ( #214
)
Features
Overload GoogleCredentials.createScoped with variadic arguments ( #218
)
Dependencies
Update google-http-client version, guava, and maven surefire plugin ( #221
)
0.12.0
(2018-12-19)
Bug Fixes
Show error message in case of problems with getting access token ( #206
) Add note about NO_GCE_CHECK
to metadata 404 error message ( #205
)
Features
Add ImpersonatedCredentials ( #211
) Add option to suppress end user credentials warning. ( #207
)
Dependencies
Update google-http-java-client dependency to 1.27.0 ( #208
)
Documentation
README grammar fix ( #192
) Add unstable badge to README ( #184
) Update README with instructions on installing the App Engine SDK and running the tests ( #209
)
0.11.0
(2018-08-23)
Bug Fixes
Update auth token urls (#174)
Dependencies
Update dependencies (guava) (#170)
Bumping google-http-client version to 1.24.1 (#171)
Documentation
Documentation for ComputeEngineCredential signing. (#176)
Fix README link (#169)
0.10.0
(2018-06-12)
Bug Fixes
Read token_uri from service account JSON (#160)
Log warning if default credentials uses a user token from gcloud sdk (#166)
Features
Add OAuth2Credentials#refreshIfExpired() (#163)
ComputeEngineCredentials implements ServiceAccountSigner (#141)
Documentation
Versionless Javadocs (#164)
Fix documentation for getAccessToken()
returning cached value (#162)
0.9.1
(2018-04-09)
Features
Add caching for JWT tokens (#151)
0.9.0
(2017-11-02)
Bug Fixes
Fix NPE deserializing ServiceAccountCredentials (#132)
Features
Surface cleanup (#136)
Providing a method to remove CredentialsChangedListeners (#130)
Implemented in-memory TokenStore and added opportunity to save user credentials into file (#129)
Documentation
Fixes comment typos. (#131)
0.8.0
(2017-09-08)
Bug Fixes
Extracting the project_id field from service account JSON files (#118)
Fixing an Integer Overflow Issue (#121)
use metadata server to get credentials for GAE 8 standard environment (#122)
Features
Switch OAuth2 HTTP surface to use builder pattern (#123)
Add builder pattern to AppEngine credentials (#125)
Documentation
Fix API Documentation link rendering (#112)
0.7.1
(2017-07-14)
Bug Fixes
Mitigate occasional failures in looking up Application Default Credentials on a Google Compute Engine (GCE) Virtual Machine (#110)
0.7.0
(2017-06-06)
Bug Fixes
Retry HTTP errors in ServiceAccountCredentials.refreshAccessToken()
to avoid propagating failures (#100 addresses #91)
Features
Add GoogleCredentials.createDelegated()
method to allow using domain-wide delegation with service accounts (#102) Allow bypassing App Engine credential check using environment variable, to allow Application Default Credentials to detect GCE when running on GAE Flex (#103)
Send feedback
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License
, and code samples are licensed under the Apache 2.0 License
. For details, see the Google Developers Site Policies
. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-04 UTC.
Need to tell us more?
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,[]]
