AppIdentityService

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.google.appengine.api.appidentity
Interface AppIdentityService

public interface AppIdentityService

AppIdentityService allows you to sign arbitrary string blob using per app private key maintained by App Egnine, and also you can retrieve a list of public certificates which can be used to verify the signature.

App Engine is responsible for maintaining per application private key. AppEngine will keep rotating private keys periodically. App Engine never gives these private keys to outside.

Since private keys are rotated periodically, getPublicCertificatesForApp could return a list of public certificates, it's caller's responsibility to try these certificates one by one when doing signature verification.

Nested Class Summary
`static class`	`AppIdentityService.GetAccessTokenResult` `AppIdentityService.GetAccessTokenResult` is returned by getAccessToken.
`static class`	`AppIdentityService.SigningResult` `AppIdentityService.SigningResult` is returned by signForApp, which contains signing key name and signature.

Method Summary
`AppIdentityService.GetAccessTokenResult`	`getAccessToken(java.lang.Iterable<java.lang.String> scopes)` OAuth2 access token to act on behalf of the application.
`AppIdentityService.GetAccessTokenResult`	`getAccessTokenUncached(java.lang.Iterable<java.lang.String> scopes)` OAuth2 access token to act on behalf of the application, uncached.
`java.util.Collection<PublicCertificate>`	`getPublicCertificatesForApp()` Retrieves a list of public certificates.
`java.lang.String`	`getServiceAccountName()` Gets service account name of the app.
`AppIdentityService.SigningResult`	`signForApp(byte[] signBlob)` Requests to sign arbitrary string blob using per app private key.

Method Detail

signForApp

AppIdentityService.SigningResult signForApp(byte[] signBlob)

Requests to sign arbitrary string blob using per app private key.

Parameters:: signBlob - string blob.
Returns:: a SigningResult object which contains signing key name and signature.
Throws:: AppIdentityServiceFailureException

getPublicCertificatesForApp

java.util.Collection<PublicCertificate> getPublicCertificatesForApp()

Retrieves a list of public certificates.

Returns:: a list of public certificates.
Throws:: AppIdentityServiceFailureException

getServiceAccountName

java.lang.String getServiceAccountName()

Gets service account name of the app.

Returns:: service account name of the app.

getAccessTokenUncached

AppIdentityService.GetAccessTokenResult getAccessTokenUncached(java.lang.Iterable<java.lang.String> scopes)

OAuth2 access token to act on behalf of the application, uncached. Most developers should use getAccessToken instead.

Parameters:: scopes - iterable of scopes to request.
Returns:: a GetAccessTokenResult object with the access token and expiration time.
Throws:: AppIdentityServiceFailureException

getAccessToken

AppIdentityService.GetAccessTokenResult getAccessToken(java.lang.Iterable<java.lang.String> scopes)

OAuth2 access token to act on behalf of the application. Generates and caches an OAuth2 access token for the service account for the appengine application. Each application has an associated Google account. This function returns OAuth2 access token corresponding to the running app. Access tokens are safe to cache and reuse until their expiry time as returned. This method will do that using memcache.

Parameters:: scopes - iterable of scopes to request.
Returns:: a GetAccessTokenResult object with the access token and expiration time.
Throws:: AppIdentityServiceFailureException