diff --git a/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java b/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java
index 5010a9ae6..7a74b76f3 100644
--- a/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java
@@ -46,6 +46,7 @@
 import com.google.api.client.util.GenericData;
 import com.google.api.client.util.Preconditions;
 import com.google.auth.http.HttpTransportFactory;
+import com.google.common.annotations.Beta;
 import com.google.common.base.MoreObjects;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -58,12 +59,14 @@
 import java.util.Objects;
 
 /** OAuth2 Credentials representing a user's identity and consent. */
-public class UserCredentials extends GoogleCredentials implements QuotaProjectIdProvider {
+public class UserCredentials extends GoogleCredentials
+    implements QuotaProjectIdProvider, IdTokenProvider {
 
   private static final String GRANT_TYPE = "refresh_token";
   private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
   private static final long serialVersionUID = -4800758775038679176L;
-
+  public static final String GOOGLE_CLIENT_ID = "32555940559.apps.googleusercontent.com";
+  public static final String GOOGLE_CLIENT_SECRET = "ZmssLNjJy2998hD4CTg2ejr2";
   private final String clientId;
   private final String clientSecret;
   private final String refreshToken;
@@ -340,6 +343,40 @@ public String getQuotaProjectId() {
     return quotaProjectId;
   }
 
+  /**
+   * Returns a Google ID Token from the user credential
+   *
+   * @param targetAudience currently unused for UserCredential.
+   * @param options list of Credential specific options for for the token. Currently unused for
+   *     UserCredentials.
+   * @throws IOException if the attempt to get an IdToken failed
+   * @return IdToken object which includes the raw id_token and expiration
+   */
+  @Beta
+  @Override
+  public IdToken idTokenWithAudience(String targetAudience, List<Option> options)
+      throws IOException {
+    JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
+
+    GenericData tokenRequest = new GenericData();
+    tokenRequest.set("grant_type", GRANT_TYPE);
+    tokenRequest.set("client_id", GOOGLE_CLIENT_ID);
+    tokenRequest.set("client_secret", GOOGLE_CLIENT_SECRET);
+    tokenRequest.set("refresh_token", this.refreshToken);
+
+    UrlEncodedContent content = new UrlEncodedContent(tokenRequest);
+
+    HttpRequestFactory requestFactory = transportFactory.create().createRequestFactory();
+    HttpRequest request = requestFactory.buildPostRequest(new GenericUrl(tokenServerUri), content);
+    request.setParser(new JsonObjectParser(jsonFactory));
+    request.setCurlLoggingEnabled(true);
+    HttpResponse response = request.execute();
+
+    GenericData responseData = response.parseAs(GenericData.class);
+    String rawToken = OAuth2Utils.validateString(responseData, "id_token", PARSE_ERROR_PREFIX);
+    return IdToken.create(rawToken);
+  }
+
   public static class Builder extends GoogleCredentials.Builder {
 
     private String clientId;