public interface AppIdentityService
AppIdentityService
allows you to sign an arbitrary byte
array using a per app private key maintained by App Engine, and
to retrieve a list of public certificates which can be used to
verify the signature.
App Engine is responsible for maintaining the per application private key. App Engine will rotate private keys periodically. App Engine never gives these private keys to the outside.
Since private keys are rotated periodically,
getPublicCertificatesForApp()
could return a list of public
certificates. It is the caller's responsibility to try these
certificates one by one when doing signature verification.
Modifier and Type | Interface and Description |
---|---|
static class |
AppIdentityService.GetAccessTokenResult
GetAccessTokenResult is returned by getAccessToken. |
static class |
AppIdentityService.ParsedAppId
Class holding the results of parsing a full application id into its constituent parts.
|
static class |
AppIdentityService.SigningResult
SigningResult is returned by signForApp, which contains
signing key name and signature. |
Modifier and Type | Method and Description |
---|---|
AppIdentityService.GetAccessTokenResult |
getAccessToken(java.lang.Iterable<java.lang.String> scopes)
OAuth2 access token to act on behalf of the application.
|
AppIdentityService.GetAccessTokenResult |
getAccessTokenUncached(java.lang.Iterable<java.lang.String> scopes)
OAuth2 access token to act on behalf of the application, uncached.
|
java.lang.String |
getDefaultGcsBucketName()
Gets the default GS bucket name for the app.
|
java.util.Collection<PublicCertificate> |
getPublicCertificatesForApp()
Retrieves a list of public certificates.
|
java.lang.String |
getServiceAccountName()
Gets service account name of the app.
|
AppIdentityService.ParsedAppId |
parseFullAppId(java.lang.String fullAppId)
Parse a full app id into partition, domain name and display app_id.
|
AppIdentityService.SigningResult |
signForApp(byte[] signBlob)
Requests to sign arbitrary byte array using per app private key.
|
AppIdentityService.SigningResult signForApp(byte[] signBlob)
signBlob
- string blob.AppIdentityServiceFailureException
java.util.Collection<PublicCertificate> getPublicCertificatesForApp()
AppIdentityServiceFailureException
java.lang.String getServiceAccountName()
java.lang.String getDefaultGcsBucketName()
AppIdentityService.GetAccessTokenResult getAccessTokenUncached(java.lang.Iterable<java.lang.String> scopes)
scopes
- iterable of scopes to request.AppIdentityServiceFailureException
AppIdentityService.GetAccessTokenResult getAccessToken(java.lang.Iterable<java.lang.String> scopes)
scopes
- iterable of scopes to request.AppIdentityServiceFailureException
AppIdentityService.ParsedAppId parseFullAppId(java.lang.String fullAppId)
fullAppId
- The full partitioned app id.AppIdentityService.ParsedAppId
instance with the parsing results.