Remove AuthCredentials and related classes, use google-auth-library-java instead

README.md

@@ -115,40 +115,63 @@ Most `google-cloud` libraries require a project ID.  There are multiple ways to
 Authentication
 --------------
 
-First, ensure that the necessary Google Cloud APIs are enabled for your project. To do this, follow the instructions on the [authentication document](https://github.com/GoogleCloudPlatform/gcloud-common/blob/master/authentication/readme.md#authentication) shared by all the gcloud language libraries.
+`google-cloud-java` uses
+[https://github.com/google/google-auth-library-java](https://github.com/google/google-auth-library-java)
+to authenticate requests. `google-auth-library-java` supports a wide range of authentication types;
+see the project's [README](https://github.com/google/google-auth-library-java/blob/master/README.md)
+and [javadoc](http://google.github.io/google-auth-library-java/releases/0.6.0/apidocs/) for more
+details.
+
+To access Google Cloud services, you first need to ensure that the necessary Google Cloud APIs are
+enabled for your project. To do this, follow the instructions on the
+[authentication document](https://github.com/GoogleCloudPlatform/gcloud-common/blob/master/authentication/readme.md#authentication)
+shared by all the Google Cloud language libraries.
 
 Next, choose a method for authenticating API requests from within your project:
 
-1. When using `google-cloud` libraries from within Compute/App Engine, no additional authentication steps are necessary.
-2. When using `google-cloud` libraries elsewhere, there are three options:
-  * [Generate a JSON service account key](https://cloud.google.com/storage/docs/authentication?hl=en#service_accounts).  After downloading that key, you must do one of the following:
-    * Define the environment variable GOOGLE_APPLICATION_CREDENTIALS to be the location of the key.  For example:
+1. When using `google-cloud` libraries from within Compute/App Engine, no additional authentication
+steps are necessary. For example:
+```java
+Storage storage = StorageOptions.getDefaultInstance().getService();
+```
+2. When using `google-cloud` libraries elsewhere, there are several options:
+  * [Generate a JSON service account key](https://cloud.google.com/storage/docs/authentication?hl=en#service_accounts).
+  After downloading that key, you must do one of the following:
+    * Define the environment variable GOOGLE_APPLICATION_CREDENTIALS to be the location of the key.
+    For example:
     ```bash
     export GOOGLE_APPLICATION_CREDENTIALS=/path/to/my/key.json
     ```
-    * Supply the JSON credentials file when building the service options.  For example, this Storage object has the necessary permissions to interact with your Google Cloud Storage data:
+    * Supply the JSON credentials file when building the service options. For example, this Storage
+    object has the necessary permissions to interact with your Google Cloud Storage data:
     ```java
     Storage storage = StorageOptions.newBuilder()
-        .setAuthCredentials(AuthCredentials.createForJson(new FileInputStream("/path/to/my/key.json"))
+        .setCredentials(ServiceAccountCredentials.fromStream(new FileInputStream("/path/to/my/key.json"))
         .build()
         .getService();
     ```
-  * If running locally for development/testing, you can use Google Cloud SDK.  Download the SDK if you haven't already, then login using the SDK (`gcloud auth login` in command line).  Be sure to set your project ID as described above.
-  * If you already have an OAuth2 access token, you can use it to authenticate (notice that in this case the access token will not be automatically refreshed):
+  * If running locally for development/testing, you can use the
+  [Google Cloud SDK](https://cloud.google.com/sdk/). Create Application Default Credentials with
+  `gcloud auth application-default login`, and then `google-cloud` will automatically detect such
+  credentials.
+  * If you already have an OAuth2 access token, you can use it to authenticate (notice that in this
+  case, the access token will not be automatically refreshed):
   ```java
   Storage storage = StorageOptions.newBuilder()
-      .setAuthCredentials(AuthCredentials.createFor("your_access_token"))
+      .setCredentials(new GoogleCredentials(new AccessToken(accessToken, expirationTime)))
       .build()
       .getService();
   ```
 
-`google-cloud` looks for credentials in the following order, stopping once it finds credentials:
+If no credentials are provided, `google-cloud` will attempt to detect them from the environment
+using `GoogleCredentials.getApplicationDefault()` which will search for Default Application
+Credentials in the following locations (in order):
 
-1. Credentials supplied when building the service options
-2. App Engine credentials
-3. Key file pointed to by the GOOGLE_APPLICATION_CREDENTIALS environment variable
-4. Google Cloud SDK credentials
-5. Compute Engine credentials
+1. The credentials file pointed to by the `GOOGLE_APPLICATION_CREDENTIALS` environment variable
+2. Credentials provided by the Google Cloud SDK `gcloud auth application-default login` command
+3. Google App Engine built-in credentials
+4. Google Cloud Shell built-in credentials
+5. Google Compute Engine built-in credentials
 
 Google Cloud BigQuery (Alpha)
 ----------------------

TESTING.md

@@ -102,7 +102,7 @@ You can test against a remote Datastore emulator as well.  To do this, set the `
   DatastoreOptions options = DatastoreOptions.newBuilder()
       .setProjectId("my-project-id") // must match project ID specified on remote machine
       .setHost("http://<hostname of machine>:<port>")
-      .setAuthCredentials(AuthCredentials.noAuth())
+      .setCredentials(NoCredentials.getInstance())
       .build();
   Datastore localDatastore = options.getService();
   ```
@@ -209,7 +209,7 @@ endpoint to the hostname of the remote machine, like the example below.
   PubSubOptions options = PubSubOptions.newBuilder()
       .setProjectId("my-project-id") // must match project ID specified on remote machine
       .setHost("<hostname of machine>:<port>")
-      .setAuthCredentials(AuthCredentials.noAuth())
+      .setCredentials(NoCredentials.getInstance())
       .build();
   PubSub localPubsub = options.getService();
   ```

google-cloud-bigquery/src/main/java/com/google/cloud/bigquery/BigQueryOptions.java

@@ -28,7 +28,7 @@ public class BigQueryOptions extends HttpServiceOptions<BigQuery, BigQueryRpc, B
 
   private static final String BIGQUERY_SCOPE = "https://www.googleapis.com/auth/bigquery";
   private static final Set<String> SCOPES = ImmutableSet.of(BIGQUERY_SCOPE);
-  private static final long serialVersionUID = -8592198255032667206L;
+  private static final long serialVersionUID = -2437598817433266049L;
 
   public static class DefaultBigqueryFactory implements BigQueryFactory {
 

google-cloud-bigquery/src/main/java/com/google/cloud/bigquery/testing/RemoteBigQueryHelper.java

@@ -16,7 +16,7 @@
 
 package com.google.cloud.bigquery.testing;
 
-import com.google.cloud.AuthCredentials;
+import com.google.auth.oauth2.ServiceAccountCredentials;
 import com.google.cloud.RetryParams;
 import com.google.cloud.bigquery.BigQuery;
 import com.google.cloud.bigquery.BigQueryException;
@@ -96,7 +96,7 @@ public static RemoteBigQueryHelper create(String projectId, InputStream keyStrea
       throws BigQueryHelperException {
     try {
       BigQueryOptions bigqueryOptions = BigQueryOptions.newBuilder()
-          .setAuthCredentials(AuthCredentials.createForJson(keyStream))
+          .setCredentials(ServiceAccountCredentials.fromStream(keyStream))
           .setProjectId(projectId)
           .setRetryParams(retryParams())
           .setConnectTimeout(60000)

google-cloud-bigquery/src/test/java/com/google/cloud/bigquery/SerializationTest.java

@@ -16,8 +16,8 @@
 
 package com.google.cloud.bigquery;
 
-import com.google.cloud.AuthCredentials;
 import com.google.cloud.BaseSerializationTest;
+import com.google.cloud.NoCredentials;
 import com.google.cloud.Restorable;
 import com.google.cloud.bigquery.StandardTableDefinition.StreamingBuffer;
 import com.google.common.collect.ImmutableList;
@@ -229,12 +229,9 @@ public class SerializationTest extends BaseSerializationTest {
   protected Serializable[] serializableObjects() {
     BigQueryOptions options = BigQueryOptions.newBuilder()
         .setProjectId("p1")
-        .setAuthCredentials(AuthCredentials.createForAppEngine())
-        .build();
-    BigQueryOptions otherOptions = options.toBuilder()
-        .setProjectId("p2")
-        .setAuthCredentials(null)
+        .setCredentials(NoCredentials.getInstance())
         .build();
+    BigQueryOptions otherOptions = options.toBuilder().setProjectId("p2").build();
     return new Serializable[]{DOMAIN_ACCESS, GROUP_ACCESS, USER_ACCESS, VIEW_ACCESS, DATASET_ID,
         DATASET_INFO, TABLE_ID, CSV_OPTIONS, STREAMING_BUFFER, TABLE_DEFINITION,
         EXTERNAL_TABLE_DEFINITION, VIEW_DEFINITION, TABLE_SCHEMA, TABLE_INFO, VIEW_INFO,

google-cloud-compute/src/main/java/com/google/cloud/compute/ComputeOptions.java

@@ -28,7 +28,7 @@ public class ComputeOptions extends HttpServiceOptions<Compute, ComputeRpc, Comp
 
   private static final String COMPUTE_SCOPE = "https://www.googleapis.com/auth/compute";
   private static final Set<String> SCOPES = ImmutableSet.of(COMPUTE_SCOPE);
-  private static final long serialVersionUID = 5074781985597996770L;
+  private static final long serialVersionUID = 6983703596543425691L;
 
   public static class DefaultComputeFactory implements ComputeFactory {
 

google-cloud-compute/src/main/java/com/google/cloud/compute/testing/RemoteComputeHelper.java

@@ -16,7 +16,7 @@
 
 package com.google.cloud.compute.testing;
 
-import com.google.cloud.AuthCredentials;
+import com.google.auth.oauth2.ServiceAccountCredentials;
 import com.google.cloud.RetryParams;
 import com.google.cloud.compute.ComputeOptions;
 
@@ -83,7 +83,7 @@ public static String baseResourceName() {
   public static RemoteComputeHelper create(String projectId, InputStream keyStream) {
     try {
       ComputeOptions computeOptions = ComputeOptions.newBuilder()
-          .setAuthCredentials(AuthCredentials.createForJson(keyStream))
+          .setCredentials(ServiceAccountCredentials.fromStream(keyStream))
           .setProjectId(projectId)
           .setRetryParams(retryParams())
           .setConnectTimeout(60000)

google-cloud-compute/src/test/java/com/google/cloud/compute/SerializationTest.java

@@ -16,8 +16,8 @@
 
 package com.google.cloud.compute;
 
-import com.google.cloud.AuthCredentials;
 import com.google.cloud.BaseSerializationTest;
+import com.google.cloud.NoCredentials;
 import com.google.cloud.Restorable;
 import com.google.cloud.RetryParams;
 import com.google.cloud.compute.AttachedDisk.CreateDiskConfiguration;
@@ -265,12 +265,11 @@ public class SerializationTest extends BaseSerializationTest {
   protected Serializable[] serializableObjects() {
     ComputeOptions options = ComputeOptions.newBuilder()
         .setProjectId("p1")
-        .setAuthCredentials(AuthCredentials.createForAppEngine())
+        .setCredentials(NoCredentials.getInstance())
         .build();
     ComputeOptions otherOptions = options.toBuilder()
         .setProjectId("p2")
         .setRetryParams(RetryParams.getDefaultInstance())
-        .setAuthCredentials(null)
         .build();
     return new Serializable[]{DISK_TYPE_ID, DISK_TYPE, MACHINE_TYPE_ID, MACHINE_TYPE, REGION_ID,
         REGION, ZONE_ID, ZONE, LICENSE_ID, LICENSE, DEPRECATION_STATUS, GLOBAL_OPERATION_ID,

google-cloud-core/pom.xml

@@ -20,12 +20,12 @@
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-credentials</artifactId>
-      <version>0.3.1</version>
+      <version>${google.auth.version}</version>
     </dependency>
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-oauth2-http</artifactId>
-      <version>0.3.1</version>
+      <version>${google.auth.version}</version>
       <exclusions>
         <exclusion>
           <groupId>com.google.guava</groupId>