Important: If you accept a credential configuration (credential JSON/File/Stream) from an + * external source for authentication to Google Cloud Platform, you must validate it before + * providing it to any Google API or library. Providing an unvalidated credential configuration to + * Google APIs can compromise the security of your systems and data. For more information, refer + * to {@link documentation}. + * * @param credentialsStream the stream with the credential definition * @return the credential defined by the credentialsStream * @throws IOException if the credential cannot be created from the stream @@ -140,6 +147,13 @@ public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream cr /** * Returns external account authorized user credentials defined by a JSON file stream. * + *
Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition
* @param transportFactory the HTTP transport factory used to create the transport to get access
* tokens
diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
index a9b3ef9eb..8a5084b98 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
@@ -349,6 +349,13 @@ public Map Returns {@link IdentityPoolCredentials} or {@link AwsCredentials}.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition
* @return the credential defined by the credentialsStream
* @throws IOException if the credential cannot be created from the stream
@@ -363,6 +370,13 @@ public static ExternalAccountCredentials fromStream(InputStream credentialsStrea
*
* Returns a {@link IdentityPoolCredentials} or {@link AwsCredentials}.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition
* @param transportFactory the HTTP transport factory used to create the transport to get access
* tokens
diff --git a/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java b/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java
index 7d94d4e64..4bb5da9ec 100644
--- a/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/GoogleCredentials.java
@@ -158,6 +158,13 @@ public static GoogleCredentials getApplicationDefault(HttpTransportFactory trans
* The stream can contain a Service Account key file in JSON format from the Google Developers
* Console or a stored user credential using the format supported by the Cloud SDK.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @return the credential defined by the credentialsStream.
* @throws IOException if the credential cannot be created from the stream.
@@ -172,6 +179,13 @@ public static GoogleCredentials fromStream(InputStream credentialsStream) throws
* The stream can contain a Service Account key file in JSON format from the Google Developers
* Console or a stored user credential using the format supported by the Cloud SDK.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @param transportFactory HTTP transport factory, creates the transport used to get access
* tokens.
diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
index d998ce671..2df5fc5cb 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java
@@ -446,6 +446,13 @@ static ServiceAccountCredentials fromPkcs8(
* Returns credentials defined by a Service Account key file in JSON format from the Google
* Developers Console.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @return the credential defined by the credentialsStream.
* @throws IOException if the credential cannot be created from the stream.
@@ -459,6 +466,13 @@ public static ServiceAccountCredentials fromStream(InputStream credentialsStream
* Returns credentials defined by a Service Account key file in JSON format from the Google
* Developers Console.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @param transportFactory HTTP transport factory, creates the transport used to get access
* tokens.
diff --git a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java
index 6fc338405..efba6436a 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ServiceAccountJwtAccessCredentials.java
@@ -227,6 +227,13 @@ static ServiceAccountJwtAccessCredentials fromPkcs8(
* Returns credentials defined by a Service Account key file in JSON format from the Google
* Developers Console.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @return the credential defined by the credentialsStream.
* @throws IOException if the credential cannot be created from the stream.
@@ -240,6 +247,13 @@ public static ServiceAccountJwtAccessCredentials fromStream(InputStream credenti
* Returns credentials defined by a Service Account key file in JSON format from the Google
* Developers Console.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @param defaultAudience Audience to use if not provided by transport. May be null.
* @return the credential defined by the credentialsStream.
diff --git a/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java b/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java
index a2ba5a52d..ddabee800 100644
--- a/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java
@@ -138,6 +138,13 @@ static UserCredentials fromJson(Map Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @return the credential defined by the credentialsStream.
* @throws IOException if the credential cannot be created from the stream.
@@ -149,6 +156,13 @@ public static UserCredentials fromStream(InputStream credentialsStream) throws I
/**
* Returns credentials defined by a JSON file stream using the format supported by the Cloud SDK.
*
+ * Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+ * external source for authentication to Google Cloud Platform, you must validate it before
+ * providing it to any Google API or library. Providing an unvalidated credential configuration to
+ * Google APIs can compromise the security of your systems and data. For more information, refer
+ * to {@link documentation}.
+ *
* @param credentialsStream the stream with the credential definition.
* @param transportFactory HTTP transport factory, creates the transport used to get access
* tokens.