From 622c5d57e401754bcdaf99beee1fe0c1136fe3d9 Mon Sep 17 00:00:00 2001 From: Shapor Naghibzadeh Date: Tue, 17 May 2022 10:13:16 -0700 Subject: [PATCH] google/google: set JWT Audience in JWTConfigFromJSON() Add support to set JWT Audience in JWTConfigFromJSON() to allow setting the audience field from the JSON config, rather than only allowing it the default value of the token_uri. Previous change 272766 (approved but abandoned). Change-Id: I14d46f3628df0a04801949bf99520b210e778f99 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/406836 Reviewed-by: Cody Oss Run-TryBot: Cody Oss TryBot-Result: Gopher Robot Reviewed-by: Ian Lance Taylor --- google/google.go | 1 + google/google_test.go | 25 ++++++++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/google/google.go b/google/google.go index ccc23ee..ceddd5d 100644 --- a/google/google.go +++ b/google/google.go @@ -139,6 +139,7 @@ func (f *credentialsFile) jwtConfig(scopes []string, subject string) *jwt.Config Scopes: scopes, TokenURL: f.TokenURL, Subject: subject, // This is the user email to impersonate + Audience: f.Audience, } if cfg.TokenURL == "" { cfg.TokenURL = JWTTokenURL diff --git a/google/google_test.go b/google/google_test.go index be30b08..ea01049 100644 --- a/google/google_test.go +++ b/google/google_test.go @@ -37,7 +37,8 @@ var jwtJSONKey = []byte(`{ "client_email": "gopher@developer.gserviceaccount.com", "client_id": "gopher.apps.googleusercontent.com", "token_uri": "https://accounts.google.com/o/gophers/token", - "type": "service_account" + "type": "service_account", + "audience": "https://testservice.googleapis.com/" }`) var jwtJSONKeyNoTokenURL = []byte(`{ @@ -48,6 +49,15 @@ var jwtJSONKeyNoTokenURL = []byte(`{ "type": "service_account" }`) +var jwtJSONKeyNoAudience = []byte(`{ + "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b", + "private_key": "super secret key", + "client_email": "gopher@developer.gserviceaccount.com", + "client_id": "gopher.apps.googleusercontent.com", + "token_uri": "https://accounts.google.com/o/gophers/token", + "type": "service_account" +}`) + func TestConfigFromJSON(t *testing.T) { conf, err := ConfigFromJSON(webJSONKey, "scope1", "scope2") if err != nil { @@ -103,6 +113,9 @@ func TestJWTConfigFromJSON(t *testing.T) { if got, want := conf.TokenURL, "https://accounts.google.com/o/gophers/token"; got != want { t.Errorf("TokenURL = %q; want %q", got, want) } + if got, want := conf.Audience, "https://testservice.googleapis.com/"; got != want { + t.Errorf("Audience = %q; want %q", got, want) + } } func TestJWTConfigFromJSONNoTokenURL(t *testing.T) { @@ -114,3 +127,13 @@ func TestJWTConfigFromJSONNoTokenURL(t *testing.T) { t.Errorf("TokenURL = %q; want %q", got, want) } } + +func TestJWTConfigFromJSONNoAudience(t *testing.T) { + conf, err := JWTConfigFromJSON(jwtJSONKeyNoAudience, "scope1", "scope2") + if err != nil { + t.Fatal(err) + } + if got, want := conf.Audience, ""; got != want { + t.Errorf("Audience = %q; want %q", got, want) + } +}