Thread-safe Google OAuth 2.0 authorization code flow that manages and persists end-user
credentials.
This is designed to simplify the flow in which an end-user authorizes the application to
access their protected data, and then the application has access to their data based on an access
token and a refresh token to refresh that access token when it expires.
The first step is to call #loadCredential(String) based on the known user ID to check
if the end-user's credentials are already known. If not, call #newAuthorizationUrl() and
direct the end-user's browser to an authorization page. The web browser will then redirect to the
redirect URL with a "code" query parameter which can then be used to request an access
token using #newTokenRequest(String). Finally, use #createAndStoreCredential(TokenResponse, String) to store and obtain a credential for accessing
protected resources.
The default for the approval_prompt and access_type parameters is
null. For web applications that means "approval_prompt=auto&access_type=online" and for
installed applications that means "approval_prompt=force&access_type=offline". To
override the default, you need to explicitly call Builder#setApprovalPrompt(String) and
Builder#setAccessType(String).
Returns the approval prompt behavior ("auto" to request auto-approval or
"force" to force the approval UI to show) or null for the default behavior of
"auto".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-15 UTC."],[],[],null,["# Class GoogleAuthorizationCodeFlow (2.8.1)\n\nVersion latestkeyboard_arrow_down\n\n- [2.8.1 (latest)](/java/docs/reference/google-api-client/latest/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [2.8.0](/java/docs/reference/google-api-client/2.8.0/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [2.7.2](/java/docs/reference/google-api-client/2.7.2/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [2.6.0](/java/docs/reference/google-api-client/2.6.0/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [2.5.1](/java/docs/reference/google-api-client/2.5.1/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [2.4.1](/java/docs/reference/google-api-client/2.4.1/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [2.1.2](/java/docs/reference/google-api-client/2.1.2/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [2.0.1](/java/docs/reference/google-api-client/2.0.1/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [1.35.2](/java/docs/reference/google-api-client/1.35.2/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [1.34.1](/java/docs/reference/google-api-client/1.34.1/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow)\n- [1.33.4](/java/docs/reference/google-api-client/1.33.4/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow) \n\n public class GoogleAuthorizationCodeFlow extends AuthorizationCodeFlow\n\nThread-safe Google OAuth 2.0 authorization code flow that manages and persists end-user\ncredentials.\n\nThis is designed to simplify the flow in which an end-user authorizes the application to\naccess their protected data, and then the application has access to their data based on an access\ntoken and a refresh token to refresh that access token when it expires.\n\nThe first step is to call #loadCredential(String) based on the known user ID to check\nif the end-user's credentials are already known. If not, call [#newAuthorizationUrl()](/java/docs/reference/google-api-client/latest/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow#com_google_api_client_googleapis_auth_oauth2_GoogleAuthorizationCodeFlow_newAuthorizationUrl__) and\ndirect the end-user's browser to an authorization page. The web browser will then redirect to the\nredirect URL with a `\"code\"` query parameter which can then be used to request an access\ntoken using [#newTokenRequest(String)](/java/docs/reference/google-api-client/latest/com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow#com_google_api_client_googleapis_auth_oauth2_GoogleAuthorizationCodeFlow_newTokenRequest_java_lang_String_). Finally, use #createAndStoreCredential(TokenResponse, String) to store and obtain a credential for accessing\nprotected resources.\n\nThe default for the `approval_prompt` and `access_type` parameters is `\nnull`. For web applications that means `\"approval_prompt=auto&access_type=online\"` and for\ninstalled applications that means `\"approval_prompt=force&access_type=offline\"`. To\noverride the default, you need to explicitly call Builder#setApprovalPrompt(String) and\nBuilder#setAccessType(String). \n\nInheritance\n-----------\n\n[java.lang.Object](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html) \\\u003e com.google.api.client.auth.oauth2.AuthorizationCodeFlow \\\u003e GoogleAuthorizationCodeFlow \n\nInherited Members\n-----------------\n\ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.createAndStoreCredential(com.google.api.client.auth.oauth2.TokenResponse,java.lang.String) \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getAuthorizationServerEncodedUrl() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getClientAuthentication() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getClientId() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getClock() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getCredentialDataStore() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getCredentialStore() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getJsonFactory() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getMethod() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getRefreshListeners() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getRequestInitializer() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getScopes() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getScopesAsString() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getTokenServerEncodedUrl() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.getTransport() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.loadCredential(java.lang.String) \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.newAuthorizationUrl() \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.newTokenRequest(java.lang.String) \n[Object.clone()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--) \n[Object.equals(Object)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-) \n[Object.finalize()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--) \n[Object.getClass()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--) \n[Object.hashCode()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--) \n[Object.notify()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--) \n[Object.notifyAll()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--) \n[Object.toString()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--) \n[Object.wait()](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--) \n[Object.wait(long)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-) \n[Object.wait(long,int)](https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-)\n\nConstructors\n------------\n\n### GoogleAuthorizationCodeFlow(GoogleAuthorizationCodeFlow.Builder builder)\n\n protected GoogleAuthorizationCodeFlow(GoogleAuthorizationCodeFlow.Builder builder)\n\n### GoogleAuthorizationCodeFlow(HttpTransport transport, JsonFactory jsonFactory, String clientId, String clientSecret, Collection\\\u003cString\\\u003e scopes)\n\n public GoogleAuthorizationCodeFlow(HttpTransport transport, JsonFactory jsonFactory, String clientId, String clientSecret, Collection\u003cString\u003e scopes)\n\nMethods\n-------\n\n### getAccessType()\n\n public final String getAccessType()\n\nReturns the access type (`\"online\"` to request online access or `\"offline\"` to\nrequest offline access) or `null` for the default behavior of `\"online\"`.\n\n### getApprovalPrompt()\n\n public final String getApprovalPrompt()\n\nReturns the approval prompt behavior (`\"auto\"` to request auto-approval or `\n\"force\"` to force the approval UI to show) or `null` for the default behavior of `\n\"auto\"`.\n\n### newAuthorizationUrl()\n\n public GoogleAuthorizationCodeRequestUrl newAuthorizationUrl()\n\n**Overrides** \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.newAuthorizationUrl()\n\n### newTokenRequest(String authorizationCode)\n\n public GoogleAuthorizationCodeTokenRequest newTokenRequest(String authorizationCode)\n\n**Overrides** \ncom.google.api.client.auth.oauth2.AuthorizationCodeFlow.newTokenRequest(java.lang.String)"]]
