diff --git a/samples/snippets/pom.xml b/samples/snippets/pom.xml
new file mode 100644
index 000000000..d0ff21c82
--- /dev/null
+++ b/samples/snippets/pom.xml
@@ -0,0 +1,83 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.google.auth.samples</groupId>
+  <artifactId>authsamples</artifactId>
+  <version>1.0.0</version>
+  <name>auth-samples</name>
+
+
+  <!--
+    The parent pom defines common style checks and testing strategies for our samples.
+    Removing or replacing it should not affect the execution of the samples in any way.
+  -->
+  <parent>
+    <groupId>com.google.cloud.samples</groupId>
+    <artifactId>shared-configuration</artifactId>
+    <version>1.2.0</version>
+  </parent>
+
+  <properties>
+    <maven.compiler.target>1.8</maven.compiler.target>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <!-- START dependencies -->
+  <!--  Using libraries-bom to manage versions.
+  See https://github.com/GoogleCloudPlatform/cloud-opensource-java/wiki/The-Google-Cloud-Platform-Libraries-BOM -->
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>com.google.cloud</groupId>
+        <artifactId>libraries-bom</artifactId>
+        <version>25.0.0</version>
+        <type>pom</type>
+        <scope>import</scope>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+
+  <dependencies>
+<!--    OAuth dependency-->
+    <dependency>
+      <groupId>com.google.auth</groupId>
+      <artifactId>google-auth-library-oauth2-http</artifactId>
+      <version>1.3.0</version>
+    </dependency>
+
+<!--    IAM dependency-->
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-iam-admin</artifactId>
+      <version>1.2.1</version>
+    </dependency>
+
+<!--    GCloud dependency-->
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-compute</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.google.cloud</groupId>
+      <artifactId>google-cloud-storage</artifactId>
+    </dependency>
+
+<!--    Test dependencies-->
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.13.1</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <artifactId>truth</artifactId>
+      <groupId>com.google.truth</groupId>
+      <scope>test</scope>
+      <version>1.1.3</version>
+    </dependency>
+
+  </dependencies>
+
+</project>
+
diff --git a/samples/snippets/src/main/java/AuthenticateExplicit.java b/samples/snippets/src/main/java/AuthenticateExplicit.java
new file mode 100644
index 000000000..ccd189db9
--- /dev/null
+++ b/samples/snippets/src/main/java/AuthenticateExplicit.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// [START auth_cloud_explicit_adc]
+
+import com.google.api.gax.paging.Page;
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.cloud.storage.Bucket;
+import com.google.cloud.storage.Storage;
+import com.google.cloud.storage.StorageOptions;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+public class AuthenticateExplicit {
+
+  public static void main(String[] args) throws IOException, GeneralSecurityException {
+    // TODO(Developer):
+    //  1. Replace the project variable below.
+    //  2. Make sure you have the necessary permission to list storage buckets
+    // "storage.buckets.list"
+
+    String projectId = "your-google-cloud-project-id";
+
+    authenticateExplicit(projectId);
+  }
+
+  // List storage buckets by authenticating with ADC.
+  public static void authenticateExplicit(String projectId) throws IOException {
+    // Construct the GoogleCredentials object which obtains the default configuration from your
+    // working environment.
+    // GoogleCredentials.getApplicationDefault() will give you ComputeEngineCredentials
+    // if you are on a GCE (or other metadata server supported environments).
+    GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();
+    // If you are authenticating to a Cloud API, you can let the library include the default scope,
+    // https://www.googleapis.com/auth/cloud-platform, because IAM is used to provide fine-grained
+    // permissions for Cloud.
+    // If you need to provide a scope, specify it as follows:
+    // GoogleCredentials credentials = GoogleCredentials.getApplicationDefault()
+    //     .createScoped(scope);
+    // For more information on scopes to use,
+    // see: https://developers.google.com/identity/protocols/oauth2/scopes
+
+    // Construct the Storage client.
+    Storage storage =
+        StorageOptions.newBuilder()
+            .setCredentials(credentials)
+            .setProjectId(projectId)
+            .build()
+            .getService();
+
+    System.out.println("Buckets:");
+    Page<Bucket> buckets = storage.list();
+    for (Bucket bucket : buckets.iterateAll()) {
+      System.out.println(bucket.toString());
+    }
+    System.out.println("Listed all storage buckets.");
+  }
+}
+// [END auth_cloud_explicit_adc]
diff --git a/samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java b/samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java
new file mode 100644
index 000000000..9b69429ef
--- /dev/null
+++ b/samples/snippets/src/main/java/AuthenticateImplicitWithAdc.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// [START auth_cloud_implicit_adc]
+
+import com.google.cloud.compute.v1.Instance;
+import com.google.cloud.compute.v1.InstancesClient;
+import java.io.IOException;
+
+public class AuthenticateImplicitWithAdc {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(Developer):
+    //  1. Before running this sample,
+    //  set up ADC as described in https://cloud.google.com/docs/authentication/external/set-up-adc
+    //  2. Replace the project variable below.
+    //  3. Make sure that the user account or service account that you are using
+    //  has the required permissions. For this sample, you must have "compute.instances.list".
+    String projectId = "your-google-cloud-project-id";
+    authenticateImplicitWithAdc(projectId);
+  }
+
+  // When interacting with Google Cloud Client libraries, the library can auto-detect the
+  // credentials to use.
+  public static void authenticateImplicitWithAdc(String project) throws IOException {
+
+    String zone = "us-central1-a";
+    // This snippet demonstrates how to list instances.
+    // *NOTE*: Replace the client created below with the client required for your application.
+    // Note that the credentials are not specified when constructing the client.
+    // Hence, the client library will look for credentials using ADC.
+    //
+    // Initialize client that will be used to send requests. This client only needs to be created
+    // once, and can be reused for multiple requests. After completing all of your requests, call
+    // the `instancesClient.close()` method on the client to safely
+    // clean up any remaining background resources.
+    try (InstancesClient instancesClient = InstancesClient.create()) {
+      // Set the project and zone to retrieve instances present in the zone.
+      System.out.printf("Listing instances from %s in %s:", project, zone);
+      for (Instance zoneInstance : instancesClient.list(project, zone).iterateAll()) {
+        System.out.println(zoneInstance.getName());
+      }
+      System.out.println("####### Listing instances complete #######");
+    }
+  }
+}
+// [END auth_cloud_implicit_adc]
diff --git a/samples/snippets/src/main/java/IdTokenFromImpersonatedCredentials.java b/samples/snippets/src/main/java/IdTokenFromImpersonatedCredentials.java
new file mode 100644
index 000000000..b348e3976
--- /dev/null
+++ b/samples/snippets/src/main/java/IdTokenFromImpersonatedCredentials.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// [auth_cloud_idtoken_impersonated_credentials]
+
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.auth.oauth2.IdTokenCredentials;
+import com.google.auth.oauth2.IdTokenProvider.Option;
+import com.google.auth.oauth2.ImpersonatedCredentials;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+
+public class IdTokenFromImpersonatedCredentials {
+
+  public static void main(String[] args) throws IOException {
+    // TODO(Developer): Replace the below variables before running the code.
+
+    // Provide the scopes that you might need to request to access Google APIs,
+    // depending on the level of access you need.
+    // The best practice is to use the cloud-wide scope and use IAM to narrow the permissions.
+    // https://cloud.google.com/docs/authentication#authorization_for_services
+    // For more information, see: https://developers.google.com/identity/protocols/oauth2/scopes
+    String scope = "https://www.googleapis.com/auth/cloud-platform";
+
+    // The service name for which the id token is requested. Service name refers to the
+    // logical identifier of an API service, such as "pubsub.googleapis.com".
+    String targetAudience = "iap.googleapis.com";
+
+    // The name of the privilege-bearing service account for whom the credential is created.
+    String impersonatedServiceAccount = "name@project.service.gserviceaccount.com";
+
+    getIdTokenUsingOAuth2(impersonatedServiceAccount, scope, targetAudience);
+  }
+
+  // Use a service account (SA1) to impersonate as another service account (SA2) and obtain id token
+  // for the impersonated account.
+  // To obtain token for SA2, SA1 should have the "roles/iam.serviceAccountTokenCreator" permission
+  // on SA2.
+  public static void getIdTokenUsingOAuth2(
+      String impersonatedServiceAccount, String scope, String targetAudience) throws IOException {
+
+    // Construct the GoogleCredentials object which obtains the default configuration from your
+    // working environment.
+    GoogleCredentials googleCredentials = GoogleCredentials.getApplicationDefault();
+
+    // delegates: The chained list of delegates required to grant the final accessToken.
+    // For more information, see:
+    // https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-permissions
+    // Delegate is NOT USED here.
+    List<String> delegates = null;
+
+    // Create the impersonated credential.
+    ImpersonatedCredentials impersonatedCredentials =
+        ImpersonatedCredentials.create(
+            googleCredentials, impersonatedServiceAccount, delegates, Arrays.asList(scope), 300);
+
+    // Set the impersonated credential, target audience and token options.
+    IdTokenCredentials idTokenCredentials =
+        IdTokenCredentials.newBuilder()
+            .setIdTokenProvider(impersonatedCredentials)
+            .setTargetAudience(targetAudience)
+            // Setting this will include email in the id token.
+            .setOptions(Arrays.asList(Option.INCLUDE_EMAIL))
+            .build();
+
+    // Get the ID token.
+    // Once you've obtained the ID token, use it to make an authenticated call
+    // to the target audience.
+    String idToken = idTokenCredentials.refreshAccessToken().getTokenValue();
+    System.out.println("Generated ID token.");
+  }
+}
+// [auth_cloud_idtoken_impersonated_credentials]
diff --git a/samples/snippets/src/main/java/IdTokenFromMetadataServer.java b/samples/snippets/src/main/java/IdTokenFromMetadataServer.java
new file mode 100644
index 000000000..3358ccdbe
--- /dev/null
+++ b/samples/snippets/src/main/java/IdTokenFromMetadataServer.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// [START auth_cloud_idtoken_metadata_server]
+
+import com.google.auth.oauth2.GoogleCredentials;
+import com.google.auth.oauth2.IdTokenCredentials;
+import com.google.auth.oauth2.IdTokenProvider;
+import com.google.auth.oauth2.IdTokenProvider.Option;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+
+public class IdTokenFromMetadataServer {
+
+  public static void main(String[] args) throws IOException, GeneralSecurityException {
+    // TODO(Developer): Replace the below variables before running the code.
+
+    // The url or target audience to obtain the ID token for.
+    String url = "http://www.abc.com";
+
+    getIdTokenFromMetadataServer(url);
+  }
+
+  // Use the Google Cloud metadata server in the Cloud Run (or AppEngine or Kubernetes etc.,)
+  // environment to create an identity token and add it to the HTTP request as part of an
+  // Authorization header.
+  public static void getIdTokenFromMetadataServer(String url) throws IOException {
+    // Construct the GoogleCredentials object which obtains the default configuration from your
+    // working environment.
+    GoogleCredentials googleCredentials = GoogleCredentials.getApplicationDefault();
+
+    IdTokenCredentials idTokenCredentials =
+        IdTokenCredentials.newBuilder()
+            .setIdTokenProvider((IdTokenProvider) googleCredentials)
+            .setTargetAudience(url)
+            // Setting the ID token options.
+            .setOptions(Arrays.asList(Option.FORMAT_FULL, Option.LICENSES_TRUE))
+            .build();
+
+    // Get the ID token.
+    // Once you've obtained the ID token, use it to make an authenticated call
+    // to the target audience.
+    String idToken = idTokenCredentials.refreshAccessToken().getTokenValue();
+    System.out.println("Generated ID token.");
+  }
+}
+// [END auth_cloud_idtoken_metadata_server]
diff --git a/samples/snippets/src/main/java/IdTokenFromServiceAccount.java b/samples/snippets/src/main/java/IdTokenFromServiceAccount.java
new file mode 100644
index 000000000..232288805
--- /dev/null
+++ b/samples/snippets/src/main/java/IdTokenFromServiceAccount.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// [START auth_cloud_idtoken_service_account]
+
+import com.google.auth.oauth2.IdToken;
+import com.google.auth.oauth2.IdTokenProvider.Option;
+import com.google.auth.oauth2.ServiceAccountCredentials;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+
+public class IdTokenFromServiceAccount {
+
+  public static void main(String[] args)
+      throws IOException, ExecutionException, InterruptedException, GeneralSecurityException {
+    // TODO(Developer): Replace the below variables before running the code.
+
+    // *NOTE*:
+    // Using service account keys introduces risk; they are long-lived, and can be used by anyone
+    // that obtains the key. Proper rotation and storage reduce this risk but do not eliminate it.
+    // For these reasons, you should consider an alternative approach that
+    // does not use a service account key. Several alternatives to service account keys
+    // are described here:
+    // https://cloud.google.com/docs/authentication/external/set-up-adc
+
+    // Path to the service account json credential file.
+    String jsonCredentialPath = "path-to-json-credential-file";
+
+    // The url or target audience to obtain the ID token for.
+    String targetAudience = "http://www.abc.com";
+
+    getIdTokenFromServiceAccount(jsonCredentialPath, targetAudience);
+  }
+
+  public static void getIdTokenFromServiceAccount(String jsonCredentialPath, String targetAudience)
+      throws IOException {
+
+    // Initialize the Service Account Credentials class with the path to the json file.
+    ServiceAccountCredentials serviceAccountCredentials =
+        ServiceAccountCredentials.fromStream(new FileInputStream(jsonCredentialPath));
+
+    // Obtain the id token by providing the target audience.
+    // tokenOption: Enum of various credential-specific options to apply to the token. Applicable
+    // only for credentials obtained through Compute Engine or Impersonation.
+    List<Option> tokenOption = Arrays.asList();
+    IdToken idToken = serviceAccountCredentials.idTokenWithAudience(targetAudience, tokenOption);
+
+    // The following method can also be used to generate the ID token.
+    // IdTokenCredentials idTokenCredentials = IdTokenCredentials.newBuilder()
+    //     .setIdTokenProvider(serviceAccountCredentials)
+    //     .setTargetAudience(targetAudience)
+    //     .build();
+
+    String token = idToken.getTokenValue();
+    System.out.println("Generated ID token.");
+  }
+}
+// [END auth_cloud_idtoken_service_account]
diff --git a/samples/snippets/src/main/java/VerifyGoogleIdToken.java b/samples/snippets/src/main/java/VerifyGoogleIdToken.java
new file mode 100644
index 000000000..cce6c5aa8
--- /dev/null
+++ b/samples/snippets/src/main/java/VerifyGoogleIdToken.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// [START auth_cloud_verify_google_idtoken]
+
+import com.google.api.client.json.webtoken.JsonWebToken;
+import com.google.auth.oauth2.TokenVerifier;
+
+public class VerifyGoogleIdToken {
+
+  public static void main(String[] args) {
+    // TODO(Developer): Replace the below variables before running the code.
+    // The Google ID token to verify.
+    String idToken = "id-token";
+
+    // The service name for which the id token is requested. Service name refers to the
+    // logical identifier of an API service, such as "pubsub.googleapis.com".
+    String targetAudience = "pubsub.googleapis.com";
+
+    // To verify id tokens, get the Json Web Key endpoint (jwk).
+    // OpenID Connect allows the use of a "Discovery document," a JSON document found at a
+    // well-known location containing key-value pairs which provide details about the
+    // OpenID Connect provider's configuration.
+    // For more information on validating the jwt, see:
+    // https://developers.google.com/identity/protocols/oauth2/openid-connect#validatinganidtoken
+    //
+    // Here, we validate Google's token using Google's OpenID Connect service (jwkUrl).
+    // For more information on jwk,see:
+    // https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets
+    String jwkUrl = "https://www.googleapis.com/oauth2/v3/certs";
+
+    verifyGoogleIdToken(idToken, targetAudience, jwkUrl);
+  }
+
+  // Verifies the obtained Google id token. This is done at the receiving end of the OIDC endpoint.
+  // The most common use case for verifying the ID token is when you are protecting
+  // your own APIs with IAP. Google services already verify credentials as a platform,
+  // so verifying ID tokens before making Google API calls is usually unnecessary.
+  public static void verifyGoogleIdToken(String idToken, String audience, String jwkUrl) {
+    // Initialize the Token verifier and set the audience.
+    TokenVerifier tokenVerifier =
+        TokenVerifier.newBuilder()
+            .setAudience(audience)
+            // Optional, when verifying a Google ID token, the jwk url is set by default.
+            .setIssuer(jwkUrl)
+            .build();
+
+    try {
+      // Verify the token.
+      JsonWebToken jsonWebToken = tokenVerifier.verify(idToken);
+
+      // Verify that the token contains subject and email claims.
+      JsonWebToken.Payload payload = jsonWebToken.getPayload();
+      // Get the user id.
+      String userId = payload.getSubject();
+      System.out.println("User ID: " + userId);
+
+      // Optionally, if "INCLUDE_EMAIL" was set in the token options, check if the
+      // email was verified.
+      if (payload.get("email") != null) {
+        System.out.printf("Email verified: %s", payload.get("email"));
+      }
+    } catch (TokenVerifier.VerificationException e) {
+      System.out.printf("Unable to verify the token: %s", e.getMessage());
+    }
+  }
+}
+// [END auth_cloud_verify_google_idtoken]
diff --git a/samples/snippets/src/test/java/SnippetsIT.java b/samples/snippets/src/test/java/SnippetsIT.java
new file mode 100644
index 000000000..ec7a718ce
--- /dev/null
+++ b/samples/snippets/src/test/java/SnippetsIT.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2022 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.Truth.assertWithMessage;
+
+import com.google.auth.oauth2.IdToken;
+import com.google.auth.oauth2.IdTokenProvider.Option;
+import com.google.auth.oauth2.ServiceAccountCredentials;
+import java.io.ByteArrayOutputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import java.util.List;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class SnippetsIT {
+
+  private static final String PROJECT_ID = System.getenv("GOOGLE_CLOUD_PROJECT");
+  private static final String CREDENTIALS = System.getenv("GOOGLE_APPLICATION_CREDENTIALS");
+  private ByteArrayOutputStream stdOut;
+
+  // Check if the required environment variables are set.
+  public static void requireEnvVar(String envVarName) {
+    assertWithMessage(String.format("Missing environment variable '%s' ", envVarName))
+        .that(System.getenv(envVarName))
+        .isNotEmpty();
+  }
+
+  @BeforeClass
+  public static void setup() throws IOException {
+    final PrintStream out = System.out;
+    ByteArrayOutputStream stdOut = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdOut));
+    requireEnvVar("GOOGLE_APPLICATION_CREDENTIALS");
+    requireEnvVar("GOOGLE_CLOUD_PROJECT");
+
+    stdOut.close();
+    System.setOut(out);
+  }
+
+  @AfterClass
+  public static void cleanup() {}
+
+  @Before
+  public void beforeEach() {
+    stdOut = new ByteArrayOutputStream();
+    System.setOut(new PrintStream(stdOut));
+  }
+
+  @After
+  public void afterEach() {
+    stdOut = null;
+    System.setOut(null);
+  }
+
+  // Get an id token from a Google service account.
+  private static String getIdTokenFromServiceAccount(
+      String jsonCredentialPath, String targetAudience) throws IOException {
+
+    // Initialize the Service Account Credentials class with the path to the json file.
+    ServiceAccountCredentials serviceAccountCredentials =
+        ServiceAccountCredentials.fromStream(new FileInputStream(jsonCredentialPath));
+
+    // Obtain the id token by providing the target audience.
+    // tokenOption: Enum of various credential-specific options to apply to the token. Applicable
+    // only for credentials obtained through Compute Engine or Impersonation.
+    List<Option> tokenOption = Arrays.asList();
+    IdToken idToken = serviceAccountCredentials.idTokenWithAudience(targetAudience, tokenOption);
+
+    return idToken.getTokenValue();
+  }
+
+  @Test
+  public void testIdTokenFromServiceAccount() throws IOException {
+    IdTokenFromServiceAccount.getIdTokenFromServiceAccount(CREDENTIALS, "iap.googleapis.com");
+    assertThat(stdOut.toString()).contains("Generated ID token.");
+  }
+
+  @Test
+  public void testVerifyGoogleIdToken() throws IOException {
+    String idToken = getIdTokenFromServiceAccount(CREDENTIALS, "iap.googleapis.com");
+
+    VerifyGoogleIdToken.verifyGoogleIdToken(
+        idToken, "iap.googleapis.com", "https://www.googleapis.com/oauth2/v3/certs");
+  }
+
+  @Test
+  public void testIdTokenFromMetadataServer() throws GeneralSecurityException, IOException {
+    IdTokenFromMetadataServer.getIdTokenFromMetadataServer("https://www.google.com");
+    assertThat(stdOut.toString()).contains("Generated ID token.");
+  }
+
+  @Test
+  public void testAuthenticateImplicitWithAdc() throws IOException {
+    AuthenticateImplicitWithAdc.authenticateImplicitWithAdc(PROJECT_ID);
+    assertThat(stdOut.toString()).contains("Listing instances complete");
+  }
+
+  @Test
+  public void testAuthenticateExplicit() throws IOException {
+    AuthenticateExplicit.authenticateExplicit(PROJECT_ID);
+    assertThat(stdOut.toString()).contains("Listed all storage buckets.");
+  }
+}