diff --git a/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java b/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java index 632b495e6..590a422e2 100644 --- a/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java +++ b/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java @@ -199,6 +199,13 @@ public static GoogleCredential getApplicationDefault( * {@link Beta}
* Return a credential defined by a Json file. * + *

Important: If you accept a credential configuration (credential JSON/File/Stream) from an + * external source for authentication to Google Cloud Platform, you must validate it before + * providing it to any Google API or library. Providing an unvalidated credential configuration to + * Google APIs can compromise the security of your systems and data. For more information, refer + * to {@link documentation}. + * * @param credentialStream the stream with the credential definition. * @return the credential defined by the credentialStream. * @throws IOException if the credential cannot be created from the stream. @@ -212,6 +219,13 @@ public static GoogleCredential fromStream(InputStream credentialStream) throws I * {@link Beta}
* Return a credential defined by a Json file. * + *

Important: If you accept a credential configuration (credential JSON/File/Stream) from an + * external source for authentication to Google Cloud Platform, you must validate it before + * providing it to any Google API or library. Providing an unvalidated credential configuration to + * Google APIs can compromise the security of your systems and data. For more information, refer + * to {@link documentation}. + * * @param credentialStream the stream with the credential definition. * @param transport the transport for Http calls. * @param jsonFactory the factory for Json parsing and formatting.