The client id and secret of the Cloud SQL tool need to be provided to the JDBC driver because we are using tokens which that particular tool has retrieved: https://developers.google.com/cloud-sql/docs/external
Properties props = new Properties()
props.put("oauth2ClientId", "32555940559.apps.googleusercontent.com");
props.put("oauth2ClientSecret", "ZmssLNjJy2998hD4CTg2ejr2");
DriverManager.getConnection("jdbc:google:rdbms://instance_name/database_name", props);
If you're using Hibernate as I was, you can add this to the persistence.xml:
<persistence-unit name="renjin-repo" transaction-type="RESOURCE_LOCAL">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
...
<properties>
<property name="hibernate.dialect" value="org.hibernate.dialect.MySQL5InnoDBDialect"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
<property name="javax.persistence.jdbc.driver" value="com.google.cloud.sql.Driver"/>
<property name="javax.persistence.jdbc.url" value="jdbc:google:rdbms://project:instance/database_name"/>
<property name="javax.persistence.jdbc.user" value="root"/>
<property name="hibernate.connection.oauth2ClientId" value="32555940559.apps.googleusercontent.com"/>
<property name="hibernate.connection.oauth2ClientSecret" value="ZmssLNjJy2998hD4CTg2ejr2"/>
<property name="hibernate.connection.pool_size" value="0" />
</properties>
</persistence-unit>