googleapis · lqiu96 · Jan 16, 2025 · Jan 16, 2025 · Jan 17, 2025
@@ -16,6 +16,11 @@ credentials. This artifact depends on the App Engine SDK.
 - [*google-auth-library-oauth2-http*](#google-auth-library-oauth2-http): contains a wide variety of
 credentials as well as utility methods to create them and to get Application Default Credentials
 
+> ⚠️ Important: If you accept a credential configuration (credential JSON/File/Stream) from an external source for
+authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing
+an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more
+information, refer to [documentation](https://cloud.google.com/docs/authentication/external/externally-sourced-credentials).
+
 **Table of contents:**
 
 

@@ -127,6 +127,13 @@ private ExternalAccountAuthorizedUserCredentials(Builder builder) {
   /**
    * Returns external account authorized user credentials defined by a JSON file stream.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition
    * @return the credential defined by the credentialsStream
    * @throws IOException if the credential cannot be created from the stream
@@ -140,6 +147,13 @@ public static ExternalAccountAuthorizedUserCredentials fromStream(InputStream cr
   /**
    * Returns external account authorized user credentials defined by a JSON file stream.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition
    * @param transportFactory the HTTP transport factory used to create the transport to get access
    *     tokens

@@ -349,6 +349,13 @@ public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException
    *
    * <p>Returns {@link IdentityPoolCredentials} or {@link AwsCredentials}.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition
    * @return the credential defined by the credentialsStream
    * @throws IOException if the credential cannot be created from the stream
@@ -363,6 +370,13 @@ public static ExternalAccountCredentials fromStream(InputStream credentialsStrea
    *
    * <p>Returns a {@link IdentityPoolCredentials} or {@link AwsCredentials}.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition
    * @param transportFactory the HTTP transport factory used to create the transport to get access
    *     tokens

@@ -158,6 +158,13 @@ public static GoogleCredentials getApplicationDefault(HttpTransportFactory trans
    * <p>The stream can contain a Service Account key file in JSON format from the Google Developers
    * Console or a stored user credential using the format supported by the Cloud SDK.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @return the credential defined by the credentialsStream.
    * @throws IOException if the credential cannot be created from the stream.
@@ -172,6 +179,13 @@ public static GoogleCredentials fromStream(InputStream credentialsStream) throws
    * <p>The stream can contain a Service Account key file in JSON format from the Google Developers
    * Console or a stored user credential using the format supported by the Cloud SDK.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @param transportFactory HTTP transport factory, creates the transport used to get access
    *     tokens.

@@ -446,6 +446,13 @@ static ServiceAccountCredentials fromPkcs8(
    * Returns credentials defined by a Service Account key file in JSON format from the Google
    * Developers Console.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @return the credential defined by the credentialsStream.
    * @throws IOException if the credential cannot be created from the stream.
@@ -459,6 +466,13 @@ public static ServiceAccountCredentials fromStream(InputStream credentialsStream
    * Returns credentials defined by a Service Account key file in JSON format from the Google
    * Developers Console.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @param transportFactory HTTP transport factory, creates the transport used to get access
    *     tokens.

@@ -227,6 +227,13 @@ static ServiceAccountJwtAccessCredentials fromPkcs8(
    * Returns credentials defined by a Service Account key file in JSON format from the Google
    * Developers Console.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @return the credential defined by the credentialsStream.
    * @throws IOException if the credential cannot be created from the stream.
@@ -240,6 +247,13 @@ public static ServiceAccountJwtAccessCredentials fromStream(InputStream credenti
    * Returns credentials defined by a Service Account key file in JSON format from the Google
    * Developers Console.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @param defaultAudience Audience to use if not provided by transport. May be null.
    * @return the credential defined by the credentialsStream.

@@ -138,6 +138,13 @@ static UserCredentials fromJson(Map<String, Object> json, HttpTransportFactory t
   /**
    * Returns credentials defined by a JSON file stream using the format supported by the Cloud SDK.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @return the credential defined by the credentialsStream.
    * @throws IOException if the credential cannot be created from the stream.
@@ -149,6 +156,13 @@ public static UserCredentials fromStream(InputStream credentialsStream) throws I
   /**
    * Returns credentials defined by a JSON file stream using the format supported by the Cloud SDK.
    *
+   * <p>Important: If you accept a credential configuration (credential JSON/File/Stream) from an
+   * external source for authentication to Google Cloud Platform, you must validate it before
+   * providing it to any Google API or library. Providing an unvalidated credential configuration to
+   * Google APIs can compromise the security of your systems and data. For more information, refer
+   * to {@link <a
+   * href="https://cloud.google.com/docs/authentication/external/externally-sourced-credentials">documentation</a>}.
+   *
    * @param credentialsStream the stream with the credential definition.
    * @param transportFactory HTTP transport factory, creates the transport used to get access
    *     tokens.