diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 202e7084c..73568a1e9 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,5 +13,5 @@
# limitations under the License.
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
- digest: sha256:a57d2ea6d1a77aa96c17ad0850b779ec6295f88b6c1da3d214b2095d140a2066
-
+ digest: sha256:af2eda87a54601ae7b7b2be5055c17b43ac98a7805b586772db314de8a7d4a1d
+# created: 2023-06-16T02:10:09.149325782Z
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..fde1ced49
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+version: 2
+updates:
+ - package-ecosystem: "maven"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ # Disable version updates for Maven dependencies
+ # we use renovate-bot as well as shared-dependencies BOM to update maven dependencies.
+ ignore: "*"
+ - package-ecosystem: "pip"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ # Disable version updates for pip dependencies
+ # If a security vulnerability comes in, we will be notified about
+ # it via template in the synthtool repository.
+ ignore: "*"
diff --git a/.github/release-trigger.yml b/.github/release-trigger.yml
index d4ca94189..6e1259c3f 100644
--- a/.github/release-trigger.yml
+++ b/.github/release-trigger.yml
@@ -1 +1,2 @@
enabled: true
+multiScmName: google-auth-library-java
diff --git a/.kokoro/build.sh b/.kokoro/build.sh
index c483ec7bf..7417ad53d 100755
--- a/.kokoro/build.sh
+++ b/.kokoro/build.sh
@@ -71,12 +71,12 @@ integration)
;;
graalvm)
# Run Unit and Integration Tests with Native Image
- mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative -Penable-integration-tests test
+ mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative test
RETURN_CODE=$?
;;
graalvm17)
# Run Unit and Integration Tests with Native Image
- mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative -Penable-integration-tests test
+ mvn -B ${INTEGRATION_TEST_ARGS} -ntp -Pnative test
RETURN_CODE=$?
;;
samples)
diff --git a/.kokoro/requirements.in b/.kokoro/requirements.in
index 924f94ae6..2092cc741 100644
--- a/.kokoro/requirements.in
+++ b/.kokoro/requirements.in
@@ -1,34 +1,6 @@
-gcp-docuploader==0.6.3
-google-crc32c==1.3.0
-googleapis-common-protos==1.56.3
-gcp-releasetool==1.9.1
-cryptography==38.0.3
-cachetools==4.2.4
-cffi==1.15.1
-jeepney==0.7.1
-jinja2==3.0.3
-markupsafe==2.0.1
-keyring==23.4.1
-packaging==21.3
-protobuf==3.19.5
-pyjwt==2.4.0
-pyparsing==3.0.9
-pycparser==2.21
-pyperclip==1.8.2
-python-dateutil==2.8.2
-requests==2.27.1
-certifi==2022.9.24
-importlib-metadata==4.8.3
-zipp==3.6.0
-google_api_core==2.8.2
-google-cloud-storage==2.0.0
-google-resumable-media==2.3.3
-google-cloud-core==2.3.1
-typing-extensions==4.1.1
-urllib3==1.26.12
-zipp==3.6.0
-rsa==4.9
-six==1.16.0
-attrs==22.1.0
-google-auth==2.14.1
-idna==3.4
\ No newline at end of file
+gcp-docuploader
+gcp-releasetool>=1.10.5 # required for compatibility with cryptography>=39.x
+wheel
+setuptools
+typing-extensions
+click<8.1.0
\ No newline at end of file
diff --git a/.kokoro/requirements.txt b/.kokoro/requirements.txt
index 71fcafc70..c80f0a87c 100644
--- a/.kokoro/requirements.txt
+++ b/.kokoro/requirements.txt
@@ -1,27 +1,21 @@
#
-# This file is autogenerated by pip-compile with python 3.10
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.11
+# by the following command:
#
-# pip-compile --generate-hashes requirements.in
+# pip-compile --allow-unsafe --generate-hashes requirements.in
#
attrs==22.1.0 \
--hash=sha256:29adc2665447e5191d0e7c568fde78b21f9672d344281d0c6e1ab085429b22b6 \
--hash=sha256:86efa402f67bf2df34f51a335487cf46b1ec130d02b8d39fd248abfd30da551c
- # via
- # -r requirements.in
- # gcp-releasetool
+ # via gcp-releasetool
cachetools==4.2.4 \
--hash=sha256:89ea6f1b638d5a73a4f9226be57ac5e4f399d22770b92355f92dcb0f7f001693 \
--hash=sha256:92971d3cb7d2a97efff7c7bb1657f21a8f5fb309a37530537c71b1774189f2d1
- # via
- # -r requirements.in
- # google-auth
-certifi==2022.9.24 \
- --hash=sha256:0d9c601124e5a6ba9712dbc60d9c53c21e34f5f641fe83002317394311bdce14 \
- --hash=sha256:90c1a32f1d68f940488354e36370f6cca89f0f106db09518524c88d6ed83f382
- # via
- # -r requirements.in
- # requests
+ # via google-auth
+certifi==2022.12.7 \
+ --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \
+ --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18
+ # via requests
cffi==1.15.1 \
--hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \
--hash=sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef \
@@ -87,9 +81,7 @@ cffi==1.15.1 \
--hash=sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b \
--hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \
--hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0
- # via
- # -r requirements.in
- # cryptography
+ # via cryptography
charset-normalizer==2.0.12 \
--hash=sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597 \
--hash=sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df
@@ -98,62 +90,56 @@ click==8.0.4 \
--hash=sha256:6a7a62563bbfabfda3a38f3023a1db4a35978c0abd76f6c9605ecd6554d6d9b1 \
--hash=sha256:8458d7b1287c5fb128c90e23381cf99dcde74beaf6c7ff6384ce84d6fe090adb
# via
+ # -r requirements.in
# gcp-docuploader
# gcp-releasetool
colorlog==6.7.0 \
--hash=sha256:0d33ca236784a1ba3ff9c532d4964126d8a2c44f1f0cb1d2b0728196f512f662 \
--hash=sha256:bd94bd21c1e13fac7bd3153f4bc3a7dc0eb0974b8bc2fdf1a989e474f6e582e5
# via gcp-docuploader
-cryptography==38.0.3 \
- --hash=sha256:068147f32fa662c81aebab95c74679b401b12b57494872886eb5c1139250ec5d \
- --hash=sha256:06fc3cc7b6f6cca87bd56ec80a580c88f1da5306f505876a71c8cfa7050257dd \
- --hash=sha256:25c1d1f19729fb09d42e06b4bf9895212292cb27bb50229f5aa64d039ab29146 \
- --hash=sha256:402852a0aea73833d982cabb6d0c3bb582c15483d29fb7085ef2c42bfa7e38d7 \
- --hash=sha256:4e269dcd9b102c5a3d72be3c45d8ce20377b8076a43cbed6f660a1afe365e436 \
- --hash=sha256:5419a127426084933076132d317911e3c6eb77568a1ce23c3ac1e12d111e61e0 \
- --hash=sha256:554bec92ee7d1e9d10ded2f7e92a5d70c1f74ba9524947c0ba0c850c7b011828 \
- --hash=sha256:5e89468fbd2fcd733b5899333bc54d0d06c80e04cd23d8c6f3e0542358c6060b \
- --hash=sha256:65535bc550b70bd6271984d9863a37741352b4aad6fb1b3344a54e6950249b55 \
- --hash=sha256:6ab9516b85bebe7aa83f309bacc5f44a61eeb90d0b4ec125d2d003ce41932d36 \
- --hash=sha256:6addc3b6d593cd980989261dc1cce38263c76954d758c3c94de51f1e010c9a50 \
- --hash=sha256:728f2694fa743a996d7784a6194da430f197d5c58e2f4e278612b359f455e4a2 \
- --hash=sha256:785e4056b5a8b28f05a533fab69febf5004458e20dad7e2e13a3120d8ecec75a \
- --hash=sha256:78cf5eefac2b52c10398a42765bfa981ce2372cbc0457e6bf9658f41ec3c41d8 \
- --hash=sha256:7f836217000342d448e1c9a342e9163149e45d5b5eca76a30e84503a5a96cab0 \
- --hash=sha256:8d41a46251bf0634e21fac50ffd643216ccecfaf3701a063257fe0b2be1b6548 \
- --hash=sha256:984fe150f350a3c91e84de405fe49e688aa6092b3525f407a18b9646f6612320 \
- --hash=sha256:9b24bcff7853ed18a63cfb0c2b008936a9554af24af2fb146e16d8e1aed75748 \
- --hash=sha256:b1b35d9d3a65542ed2e9d90115dfd16bbc027b3f07ee3304fc83580f26e43249 \
- --hash=sha256:b1b52c9e5f8aa2b802d48bd693190341fae201ea51c7a167d69fc48b60e8a959 \
- --hash=sha256:bbf203f1a814007ce24bd4d51362991d5cb90ba0c177a9c08825f2cc304d871f \
- --hash=sha256:be243c7e2bfcf6cc4cb350c0d5cdf15ca6383bbcb2a8ef51d3c9411a9d4386f0 \
- --hash=sha256:bfbe6ee19615b07a98b1d2287d6a6073f734735b49ee45b11324d85efc4d5cbd \
- --hash=sha256:c46837ea467ed1efea562bbeb543994c2d1f6e800785bd5a2c98bc096f5cb220 \
- --hash=sha256:dfb4f4dd568de1b6af9f4cda334adf7d72cf5bc052516e1b2608b683375dd95c \
- --hash=sha256:ed7b00096790213e09eb11c97cc6e2b757f15f3d2f85833cd2d3ec3fe37c1722
+cryptography==39.0.1 \
+ --hash=sha256:0f8da300b5c8af9f98111ffd512910bc792b4c77392a9523624680f7956a99d4 \
+ --hash=sha256:35f7c7d015d474f4011e859e93e789c87d21f6f4880ebdc29896a60403328f1f \
+ --hash=sha256:5aa67414fcdfa22cf052e640cb5ddc461924a045cacf325cd164e65312d99502 \
+ --hash=sha256:5d2d8b87a490bfcd407ed9d49093793d0f75198a35e6eb1a923ce1ee86c62b41 \
+ --hash=sha256:6687ef6d0a6497e2b58e7c5b852b53f62142cfa7cd1555795758934da363a965 \
+ --hash=sha256:6f8ba7f0328b79f08bdacc3e4e66fb4d7aab0c3584e0bd41328dce5262e26b2e \
+ --hash=sha256:706843b48f9a3f9b9911979761c91541e3d90db1ca905fd63fee540a217698bc \
+ --hash=sha256:807ce09d4434881ca3a7594733669bd834f5b2c6d5c7e36f8c00f691887042ad \
+ --hash=sha256:83e17b26de248c33f3acffb922748151d71827d6021d98c70e6c1a25ddd78505 \
+ --hash=sha256:96f1157a7c08b5b189b16b47bc9db2332269d6680a196341bf30046330d15388 \
+ --hash=sha256:aec5a6c9864be7df2240c382740fcf3b96928c46604eaa7f3091f58b878c0bb6 \
+ --hash=sha256:b0afd054cd42f3d213bf82c629efb1ee5f22eba35bf0eec88ea9ea7304f511a2 \
+ --hash=sha256:ced4e447ae29ca194449a3f1ce132ded8fcab06971ef5f618605aacaa612beac \
+ --hash=sha256:d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695 \
+ --hash=sha256:e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6 \
+ --hash=sha256:e422abdec8b5fa8462aa016786680720d78bdce7a30c652b7fadf83a4ba35336 \
+ --hash=sha256:ef8b72fa70b348724ff1218267e7f7375b8de4e8194d1636ee60510aae104cd0 \
+ --hash=sha256:f0c64d1bd842ca2633e74a1a28033d139368ad959872533b1bab8c80e8240a0c \
+ --hash=sha256:f24077a3b5298a5a06a8e0536e3ea9ec60e4c7ac486755e5fb6e6ea9b3500106 \
+ --hash=sha256:fdd188c8a6ef8769f148f88f859884507b954cc64db6b52f66ef199bb9ad660a \
+ --hash=sha256:fe913f20024eb2cb2f323e42a64bdf2911bb9738a15dba7d3cce48151034e3a8
# via
- # -r requirements.in
# gcp-releasetool
# secretstorage
-gcp-docuploader==0.6.3 \
- --hash=sha256:ba8c9d76b3bbac54b0311c503a373b00edc2dc02d6d54ea9507045adb8e870f7 \
- --hash=sha256:c0f5aaa82ce1854a386197e4e359b120ad6d4e57ae2c812fce42219a3288026b
+gcp-docuploader==0.6.4 \
+ --hash=sha256:01486419e24633af78fd0167db74a2763974765ee8078ca6eb6964d0ebd388af \
+ --hash=sha256:70861190c123d907b3b067da896265ead2eeb9263969d6955c9e0bb091b5ccbf
# via -r requirements.in
-gcp-releasetool==1.9.1 \
- --hash=sha256:952f4055d5d986b070ae2a71c4410b250000f9cc5a1e26398fcd55a5bbc5a15f \
- --hash=sha256:d0d3c814a97c1a237517e837d8cfa668ced8df4b882452578ecef4a4e79c583b
+gcp-releasetool==1.10.5 \
+ --hash=sha256:174b7b102d704b254f2a26a3eda2c684fd3543320ec239baf771542a2e58e109 \
+ --hash=sha256:e29d29927fe2ca493105a82958c6873bb2b90d503acac56be2c229e74de0eec9
# via -r requirements.in
google-api-core==2.8.2 \
--hash=sha256:06f7244c640322b508b125903bb5701bebabce8832f85aba9335ec00b3d02edc \
--hash=sha256:93c6a91ccac79079ac6bbf8b74ee75db970cc899278b97d53bc012f35908cf50
# via
- # -r requirements.in
# google-cloud-core
# google-cloud-storage
google-auth==2.14.1 \
+ --hash=sha256:ccaa901f31ad5cbb562615eb8b664b3dd0bf5404a67618e642307f00613eda4d \
--hash=sha256:f5d8701633bebc12e0deea4df8abd8aff31c28b355360597f7f2ee60f2e4d016
# via
- # -r requirements.in
# gcp-releasetool
# google-api-core
# google-cloud-core
@@ -161,15 +147,11 @@ google-auth==2.14.1 \
google-cloud-core==2.3.1 \
--hash=sha256:113ba4f492467d5bd442c8d724c1a25ad7384045c3178369038840ecdd19346c \
--hash=sha256:34334359cb04187bdc80ddcf613e462dfd7a3aabbc3fe4d118517ab4b9303d53
- # via
- # -r requirements.in
- # google-cloud-storage
+ # via google-cloud-storage
google-cloud-storage==2.0.0 \
--hash=sha256:a57a15aead0f9dfbd4381f1bfdbe8bf89818a4bd75bab846cafcefb2db846c47 \
--hash=sha256:ec4be60bb223a3a960f0d01697d849b86d91cad815a84915a32ed3635e93a5e7
- # via
- # -r requirements.in
- # gcp-docuploader
+ # via gcp-docuploader
google-crc32c==1.3.0 \
--hash=sha256:04e7c220798a72fd0f08242bc8d7a05986b2a08a0573396187fd32c1dcdd58b3 \
--hash=sha256:05340b60bf05b574159e9bd940152a47d38af3fb43803ffe71f11d704b7696a6 \
@@ -214,52 +196,37 @@ google-crc32c==1.3.0 \
--hash=sha256:fe31de3002e7b08eb20823b3735b97c86c5926dd0581c7710a680b418a8709d4 \
--hash=sha256:fec221a051150eeddfdfcff162e6db92c65ecf46cb0f7bb1bf812a1520ec026b \
--hash=sha256:ff71073ebf0e42258a42a0b34f2c09ec384977e7f6808999102eedd5b49920e3
- # via
- # -r requirements.in
- # google-resumable-media
+ # via google-resumable-media
google-resumable-media==2.3.3 \
--hash=sha256:27c52620bd364d1c8116eaac4ea2afcbfb81ae9139fb3199652fcac1724bfb6c \
--hash=sha256:5b52774ea7a829a8cdaa8bd2d4c3d4bc660c91b30857ab2668d0eb830f4ea8c5
- # via
- # -r requirements.in
- # google-cloud-storage
+ # via google-cloud-storage
googleapis-common-protos==1.56.3 \
--hash=sha256:6f1369b58ed6cf3a4b7054a44ebe8d03b29c309257583a2bbdc064cd1e4a1442 \
--hash=sha256:87955d7b3a73e6e803f2572a33179de23989ebba725e05ea42f24838b792e461
- # via
- # -r requirements.in
- # google-api-core
+ # via google-api-core
idna==3.4 \
--hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \
--hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2
- # via
- # -r requirements.in
- # requests
+ # via requests
importlib-metadata==4.8.3 \
--hash=sha256:65a9576a5b2d58ca44d133c42a241905cc45e34d2c06fd5ba2bafa221e5d7b5e \
--hash=sha256:766abffff765960fcc18003801f7044eb6755ffae4521c8e8ce8e83b9c9b0668
+ # via keyring
+jeepney==0.8.0 \
+ --hash=sha256:5efe48d255973902f6badc3ce55e2aa6c5c3b3bc642059ef3a91247bcfcc5806 \
+ --hash=sha256:c0a454ad016ca575060802ee4d590dd912e35c122fa04e70306de3d076cce755
# via
- # -r requirements.in
- # keyring
-jeepney==0.7.1 \
- --hash=sha256:1b5a0ea5c0e7b166b2f5895b91a08c14de8915afda4407fb5022a195224958ac \
- --hash=sha256:fa9e232dfa0c498bd0b8a3a73b8d8a31978304dcef0515adc859d4e096f96f4f
- # via
- # -r requirements.in
# keyring
# secretstorage
jinja2==3.0.3 \
--hash=sha256:077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8 \
--hash=sha256:611bb273cd68f3b993fabdc4064fc858c5b47a973cb5aa7999ec1ba405c87cd7
- # via
- # -r requirements.in
- # gcp-releasetool
+ # via gcp-releasetool
keyring==23.4.1 \
--hash=sha256:17e49fb0d6883c2b4445359434dba95aad84aabb29bbff044ad0ed7100232eca \
--hash=sha256:89cbd74d4683ed164c8082fb38619341097741323b3786905c6dac04d6915a55
- # via
- # -r requirements.in
- # gcp-releasetool
+ # via gcp-releasetool
markupsafe==2.0.1 \
--hash=sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298 \
--hash=sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64 \
@@ -330,49 +297,39 @@ markupsafe==2.0.1 \
--hash=sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509 \
--hash=sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51 \
--hash=sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872
- # via
- # -r requirements.in
- # jinja2
+ # via jinja2
packaging==21.3 \
--hash=sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb \
--hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522
+ # via gcp-releasetool
+protobuf==3.20.2 \
+ --hash=sha256:03d76b7bd42ac4a6e109742a4edf81ffe26ffd87c5993126d894fe48a120396a \
+ --hash=sha256:09e25909c4297d71d97612f04f41cea8fa8510096864f2835ad2f3b3df5a5559 \
+ --hash=sha256:18e34a10ae10d458b027d7638a599c964b030c1739ebd035a1dfc0e22baa3bfe \
+ --hash=sha256:291fb4307094bf5ccc29f424b42268640e00d5240bf0d9b86bf3079f7576474d \
+ --hash=sha256:2c0b040d0b5d5d207936ca2d02f00f765906622c07d3fa19c23a16a8ca71873f \
+ --hash=sha256:384164994727f274cc34b8abd41a9e7e0562801361ee77437099ff6dfedd024b \
+ --hash=sha256:3cb608e5a0eb61b8e00fe641d9f0282cd0eedb603be372f91f163cbfbca0ded0 \
+ --hash=sha256:5d9402bf27d11e37801d1743eada54372f986a372ec9679673bfcc5c60441151 \
+ --hash=sha256:712dca319eee507a1e7df3591e639a2b112a2f4a62d40fe7832a16fd19151750 \
+ --hash=sha256:7a5037af4e76c975b88c3becdf53922b5ffa3f2cddf657574a4920a3b33b80f3 \
+ --hash=sha256:8228e56a865c27163d5d1d1771d94b98194aa6917bcfb6ce139cbfa8e3c27334 \
+ --hash=sha256:84a1544252a933ef07bb0b5ef13afe7c36232a774affa673fc3636f7cee1db6c \
+ --hash=sha256:84fe5953b18a383fd4495d375fe16e1e55e0a3afe7b4f7b4d01a3a0649fcda9d \
+ --hash=sha256:9c673c8bfdf52f903081816b9e0e612186684f4eb4c17eeb729133022d6032e3 \
+ --hash=sha256:a9e5ae5a8e8985c67e8944c23035a0dff2c26b0f5070b2f55b217a1c33bbe8b1 \
+ --hash=sha256:b4fdb29c5a7406e3f7ef176b2a7079baa68b5b854f364c21abe327bbeec01cdb \
+ --hash=sha256:c184485e0dfba4dfd451c3bd348c2e685d6523543a0f91b9fd4ae90eb09e8422 \
+ --hash=sha256:c9cdf251c582c16fd6a9f5e95836c90828d51b0069ad22f463761d27c6c19019 \
+ --hash=sha256:e39cf61bb8582bda88cdfebc0db163b774e7e03364bbf9ce1ead13863e81e359 \
+ --hash=sha256:e8fbc522303e09036c752a0afcc5c0603e917222d8bedc02813fd73b4b4ed804 \
+ --hash=sha256:f34464ab1207114e73bba0794d1257c150a2b89b7a9faf504e00af7c9fd58978 \
+ --hash=sha256:f52dabc96ca99ebd2169dadbe018824ebda08a795c7684a0b7d203a290f3adb0
# via
- # -r requirements.in
- # gcp-releasetool
-protobuf==3.19.5 \
- --hash=sha256:1867f93b06a183f87696871bb8d1e99ee71dbb69d468ce1f0cc8bf3d30f982f3 \
- --hash=sha256:3c4160b601220627f7e91154e572baf5e161a9c3f445a8242d536ee3d0b7b17c \
- --hash=sha256:4ee2af7051d3b10c8a4fe6fd1a2c69f201fea36aeee7086cf202a692e1b99ee1 \
- --hash=sha256:5266c36cc0af3bb3dbf44f199d225b33da66a9a5c3bdc2b14865ad10eddf0e37 \
- --hash=sha256:5470f892961af464ae6eaf0f3099e2c1190ae8c7f36f174b89491281341f79ca \
- --hash=sha256:66d14b5b90090353efe75c9fb1bf65ef7267383034688d255b500822e37d5c2f \
- --hash=sha256:67efb5d20618020aa9596e17bfc37ca068c28ec0c1507d9507f73c93d46c9855 \
- --hash=sha256:696e6cfab94cc15a14946f2bf72719dced087d437adbd994fff34f38986628bc \
- --hash=sha256:6a02172b9650f819d01fb8e224fc69b0706458fc1ab4f1c669281243c71c1a5e \
- --hash=sha256:6eca9ae238ba615d702387a2ddea635d535d769994a9968c09a4ca920c487ab9 \
- --hash=sha256:950abd6c00e7b51f87ae8b18a0ce4d69fea217f62f171426e77de5061f6d9850 \
- --hash=sha256:9e1d74032f56ff25f417cfe84c8147047732e5059137ca42efad20cbbd25f5e0 \
- --hash=sha256:9e42b1cf2ecd8a1bd161239e693f22035ba99905ae6d7efeac8a0546c7ec1a27 \
- --hash=sha256:9f957ef53e872d58a0afd3bf6d80d48535d28c99b40e75e6634cbc33ea42fd54 \
- --hash=sha256:a89aa0c042e61e11ade320b802d6db4ee5391d8d973e46d3a48172c1597789f8 \
- --hash=sha256:c0f80876a8ff0ae7064084ed094eb86497bd5a3812e6fc96a05318b92301674e \
- --hash=sha256:c44e3282cff74ad18c7e8a0375f407f69ee50c2116364b44492a196293e08b21 \
- --hash=sha256:d249519ba5ecf5dd6b18150c9b6bcde510b273714b696f3923ff8308fc11ae49 \
- --hash=sha256:d3973a2d58aefc7d1230725c2447ce7f86a71cbc094b86a77c6ee1505ac7cdb1 \
- --hash=sha256:dca2284378a5f2a86ffed35c6ac147d14c48b525eefcd1083e5a9ce28dfa8657 \
- --hash=sha256:e63b0b3c42e51c94add62b010366cd4979cb6d5f06158bcae8faac4c294f91e1 \
- --hash=sha256:f2b599a21c9a32e171ec29a2ac54e03297736c578698e11b099d031f79da114b \
- --hash=sha256:f2bde37667b18c2b5280df83bc799204394a5d2d774e4deaf9de0eb741df6833 \
- --hash=sha256:f4f909f4dde413dec435a44b0894956d55bb928ded7d6e3c726556ca4c796e84 \
- --hash=sha256:f976234e20ab2785f54224bcdafa027674e23663b132fa3ca0caa291a6cfbde7 \
- --hash=sha256:f9cebda093c2f6bfed88f1c17cdade09d4d96096421b344026feee236532d4de
- # via
- # -r requirements.in
# gcp-docuploader
# gcp-releasetool
# google-api-core
# google-cloud-storage
- # googleapis-common-protos
pyasn1==0.4.8 \
--hash=sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d \
--hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba
@@ -386,71 +343,61 @@ pyasn1-modules==0.2.8 \
pycparser==2.21 \
--hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \
--hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206
- # via
- # -r requirements.in
- # cffi
+ # via cffi
pyjwt==2.4.0 \
--hash=sha256:72d1d253f32dbd4f5c88eaf1fdc62f3a19f676ccbadb9dbc5d07e951b2b26daf \
--hash=sha256:d42908208c699b3b973cbeb01a969ba6a96c821eefb1c5bfe4c390c01d67abba
- # via
- # -r requirements.in
- # gcp-releasetool
+ # via gcp-releasetool
pyparsing==3.0.9 \
--hash=sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb \
--hash=sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc
- # via
- # -r requirements.in
- # packaging
+ # via packaging
pyperclip==1.8.2 \
--hash=sha256:105254a8b04934f0bc84e9c24eb360a591aaf6535c9def5f29d92af107a9bf57
- # via
- # -r requirements.in
- # gcp-releasetool
+ # via gcp-releasetool
python-dateutil==2.8.2 \
--hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
--hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
- # via
- # -r requirements.in
- # gcp-releasetool
+ # via gcp-releasetool
requests==2.27.1 \
--hash=sha256:68d7c56fd5a8999887728ef304a6d12edc7be74f1cfa47714fc8b414525c9a61 \
--hash=sha256:f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d
# via
- # -r requirements.in
# gcp-releasetool
# google-api-core
# google-cloud-storage
rsa==4.9 \
--hash=sha256:90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 \
--hash=sha256:e38464a49c6c85d7f1351b0126661487a7e0a14a50f1675ec50eb34d4f20ef21
- # via
- # -r requirements.in
- # google-auth
+ # via google-auth
secretstorage==3.3.3 \
--hash=sha256:2403533ef369eca6d2ba81718576c5e0f564d5cca1b58f73a8b23e7d4eeebd77 \
--hash=sha256:f356e6628222568e3af06f2eba8df495efa13b3b63081dafd4f7d9a7b7bc9f99
# via keyring
+setuptools==67.3.2 \
+ --hash=sha256:95f00380ef2ffa41d9bba85d95b27689d923c93dfbafed4aecd7cf988a25e012 \
+ --hash=sha256:bb6d8e508de562768f2027902929f8523932fcd1fb784e6d573d2cafac995a48
+ # via -r requirements.in
six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
--hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
# via
- # -r requirements.in
# gcp-docuploader
# google-auth
# python-dateutil
-typing-extensions==4.1.1 \
- --hash=sha256:1a9462dcc3347a79b1f1c0271fbe79e844580bb598bafa1ed208b94da3cdcd42 \
- --hash=sha256:21c85e0fe4b9a155d0799430b0ad741cdce7e359660ccbd8b530613e8df88ce2
+typing-extensions==4.4.0 \
+ --hash=sha256:1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa \
+ --hash=sha256:16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e
# via -r requirements.in
urllib3==1.26.12 \
--hash=sha256:3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e \
--hash=sha256:b930dd878d5a8afb066a637fbb35144fe7901e3b209d1cd4f524bd0e9deee997
- # via
- # -r requirements.in
- # requests
+ # via requests
+wheel==0.38.4 \
+ --hash=sha256:965f5259b566725405b05e7cf774052044b1ed30119b5d586b2703aafe8719ac \
+ --hash=sha256:b60533f3f5d530e971d6737ca6d58681ee434818fab630c83a734bb10c083ce8
+ # via -r requirements.in
zipp==3.6.0 \
--hash=sha256:71c644c5369f4a6e07636f0aa966270449561fcea2e3d6747b8d23efaa9d7832 \
--hash=sha256:9fe5ea21568a0a70e50f273397638d39b03353731e6cbbb3fd8502a33fec40bc
- # via
- # -r requirements.in
- # importlib-metadata
+ # via importlib-metadata
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e8aec6de..ded7b4004 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,26 @@
# Changelog
+## [1.19.0](https://github.com/googleapis/google-auth-library-java/compare/v1.18.0...v1.19.0) (2023-06-27)
+
+
+### Features
+
+* Expose test-jar and mock classes in oauth2 ([12e8db6](https://github.com/googleapis/google-auth-library-java/commit/12e8db6025e0263b801d5385844924a4f5ff7b7e))
+
+## [1.18.0](https://github.com/googleapis/google-auth-library-java/compare/v1.17.1...v1.18.0) (2023-06-16)
+
+
+### Features
+
+* Introduce a way to pass additional parameters to auhtorization url ([#1134](https://github.com/googleapis/google-auth-library-java/issues/1134)) ([3a2c5d3](https://github.com/googleapis/google-auth-library-java/commit/3a2c5d3d1abf23bce0af7f958240b5f9ee9d1bf8))
+
+## [1.17.1](https://github.com/googleapis/google-auth-library-java/compare/v1.17.0...v1.17.1) (2023-05-25)
+
+
+### Dependencies
+
+* Update doclet version to v1.9.0 ([#1211](https://github.com/googleapis/google-auth-library-java/issues/1211)) ([8b6e28e](https://github.com/googleapis/google-auth-library-java/commit/8b6e28e00aa609edefceafbb4f2c1dbc10afd6f9))
+
## [1.17.0](https://github.com/googleapis/google-auth-library-java/compare/v1.16.1...v1.17.0) (2023-05-20)
diff --git a/README.md b/README.md
index bf4fd6521..a3306addf 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ If you are using Maven, add this to your pom.xml file (notice that you can repla
com.google.auth
google-auth-library-oauth2-http
- 1.3.0
+ 1.19.0
```
[//]: # ({x-version-update-end})
@@ -67,7 +67,7 @@ If you are using Gradle, add this to your dependencies
[//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
```Groovy
-implementation 'com.google.auth:google-auth-library-oauth2-http:1.3.0'
+implementation 'com.google.auth:google-auth-library-oauth2-http:1.19.0'
```
[//]: # ({x-version-update-end})
@@ -75,7 +75,7 @@ If you are using SBT, add this to your dependencies
[//]: # ({x-version-update-start:google-auth-library-oauth2-http:released})
```Scala
-libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "1.3.0"
+libraryDependencies += "com.google.auth" % "google-auth-library-oauth2-http" % "1.19.0"
```
[//]: # ({x-version-update-end})
diff --git a/appengine/pom.xml b/appengine/pom.xml
index 3adb4cee9..280af336e 100644
--- a/appengine/pom.xml
+++ b/appengine/pom.xml
@@ -5,7 +5,7 @@
com.google.auth
google-auth-library-parent
- 1.17.1-SNAPSHOT
+ 1.19.1-SNAPSHOT
../pom.xml
@@ -75,8 +75,9 @@
com.google.auth
google-auth-library-oauth2-http
- test-jar
test
+ test-jar
+ testlib
diff --git a/bom/pom.xml b/bom/pom.xml
index 97f0c13e9..71cd8820d 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -3,7 +3,7 @@
4.0.0
com.google.auth
google-auth-library-bom
- 1.17.1-SNAPSHOT
+ 1.19.1-SNAPSHOT
pom
Google Auth Library for Java BOM
@@ -83,7 +83,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.4.1
+ 3.5.0
true
@@ -122,7 +122,7 @@
org.apache.maven.plugins
maven-gpg-plugin
- 3.0.1
+ 3.1.0
sign-artifacts
diff --git a/credentials/pom.xml b/credentials/pom.xml
index 46c19912f..a8c0d586f 100644
--- a/credentials/pom.xml
+++ b/credentials/pom.xml
@@ -4,7 +4,7 @@
com.google.auth
google-auth-library-parent
- 1.17.1-SNAPSHOT
+ 1.19.1-SNAPSHOT
../pom.xml
diff --git a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
index 98651f295..6613b3f76 100644
--- a/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/AwsCredentials.java
@@ -197,6 +197,11 @@ public GoogleCredentials createScoped(Collection newScopes) {
return new AwsCredentials((AwsCredentials.Builder) newBuilder(this).setScopes(newScopes));
}
+ @Override
+ String getCredentialSourceType() {
+ return "aws";
+ }
+
private String retrieveResource(String url, String resourceName, Map headers)
throws IOException {
return retrieveResource(url, resourceName, HttpMethods.GET, headers, /* content= */ null);
diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
index ba4b30d4e..089c3b0a5 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java
@@ -33,6 +33,7 @@
import static com.google.common.base.Preconditions.checkNotNull;
+import com.google.api.client.http.HttpHeaders;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.auth.RequestMetadataCallback;
@@ -90,6 +91,7 @@ abstract static class CredentialSource implements java.io.Serializable {
private final CredentialSource credentialSource;
private final Collection scopes;
private final ServiceAccountImpersonationOptions serviceAccountImpersonationOptions;
+ private ExternalAccountMetricsHandler metricsHandler;
@Nullable private final String tokenInfoUrl;
@Nullable private final String serviceAccountImpersonationUrl;
@@ -224,6 +226,8 @@ protected ExternalAccountCredentials(
validateServiceAccountImpersonationInfoUrl(serviceAccountImpersonationUrl);
}
+ this.metricsHandler = new ExternalAccountMetricsHandler(this);
+
this.impersonatedCredentials = buildImpersonatedCredentials();
}
@@ -274,6 +278,11 @@ protected ExternalAccountCredentials(ExternalAccountCredentials.Builder builder)
validateServiceAccountImpersonationInfoUrl(serviceAccountImpersonationUrl);
}
+ this.metricsHandler =
+ builder.metricsHandler == null
+ ? new ExternalAccountMetricsHandler(this)
+ : builder.metricsHandler;
+
this.impersonatedCredentials = buildImpersonatedCredentials();
}
@@ -505,6 +514,12 @@ protected AccessToken exchangeExternalCredentialForAccessToken(
requestHandler.setInternalOptions(options.toString());
}
+ // Set BYOID Metrics header.
+ HttpHeaders additionalHeaders = new HttpHeaders();
+ additionalHeaders.set(
+ MetricsUtils.API_CLIENT_HEADER, this.metricsHandler.getExternalAccountMetricsHeader());
+ requestHandler.setHeaders(additionalHeaders);
+
if (stsTokenExchangeRequest.getInternalOptions() != null) {
// Overwrite internal options. Let subclass handle setting options.
requestHandler.setInternalOptions(stsTokenExchangeRequest.getInternalOptions());
@@ -589,6 +604,10 @@ public ServiceAccountImpersonationOptions getServiceAccountImpersonationOptions(
return serviceAccountImpersonationOptions;
}
+ String getCredentialSourceType() {
+ return "unknown";
+ }
+
EnvironmentProvider getEnvironmentProvider() {
return environmentProvider;
}
@@ -663,8 +682,11 @@ static final class ServiceAccountImpersonationOptions implements java.io.Seriali
private final int lifetime;
+ final boolean customTokenLifetimeRequested;
+
ServiceAccountImpersonationOptions(Map optionsMap) {
- if (!optionsMap.containsKey(TOKEN_LIFETIME_SECONDS_KEY)) {
+ customTokenLifetimeRequested = optionsMap.containsKey(TOKEN_LIFETIME_SECONDS_KEY);
+ if (!customTokenLifetimeRequested) {
lifetime = DEFAULT_TOKEN_LIFETIME_SECONDS;
return;
}
@@ -714,6 +736,7 @@ public abstract static class Builder extends GoogleCredentials.Builder {
@Nullable protected String workforcePoolUserProject;
@Nullable protected ServiceAccountImpersonationOptions serviceAccountImpersonationOptions;
@Nullable protected String universeDomain;
+ @Nullable protected ExternalAccountMetricsHandler metricsHandler;
protected Builder() {}
@@ -733,6 +756,7 @@ protected Builder(ExternalAccountCredentials credentials) {
this.workforcePoolUserProject = credentials.workforcePoolUserProject;
this.serviceAccountImpersonationOptions = credentials.serviceAccountImpersonationOptions;
this.universeDomain = credentials.universeDomain;
+ this.metricsHandler = credentials.metricsHandler;
}
/**
diff --git a/oauth2_http/java/com/google/auth/oauth2/ExternalAccountMetricsHandler.java b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountMetricsHandler.java
new file mode 100644
index 000000000..fcb656b5d
--- /dev/null
+++ b/oauth2_http/java/com/google/auth/oauth2/ExternalAccountMetricsHandler.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * * Neither the name of Google LLC nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.google.auth.oauth2;
+
+/**
+ * A handler for generating the x-goog-api-client header value for BYOID external account
+ * credentials.
+ */
+class ExternalAccountMetricsHandler implements java.io.Serializable {
+ private static final String SOURCE_KEY = "source";
+ private static final String IMPERSONATION_KEY = "sa-impersonation";
+ private static final String CONFIG_LIFETIME_KEY = "config-lifetime";
+ private static final String BYOID_METRICS_SECTION = "google-byoid-sdk";
+
+ private final boolean configLifetime;
+ private final boolean saImpersonation;
+ private String credentialSourceType;
+
+ /**
+ * Constructor for the external account metrics handler.
+ *
+ * @param creds the {@code ExternalAccountCredentials} object to set the external account metrics
+ * options from.
+ */
+ ExternalAccountMetricsHandler(ExternalAccountCredentials creds) {
+ this.saImpersonation = creds.getServiceAccountImpersonationUrl() != null;
+ this.configLifetime =
+ creds.getServiceAccountImpersonationOptions().customTokenLifetimeRequested;
+ this.credentialSourceType = creds.getCredentialSourceType();
+ }
+
+ /**
+ * Gets the external account metrics header value for the x-goog-api-client header.
+ *
+ * @return the header value.
+ */
+ String getExternalAccountMetricsHeader() {
+ return String.format(
+ "%s %s %s/%s %s/%s %s/%s",
+ MetricsUtils.getLanguageAndAuthLibraryVersions(),
+ BYOID_METRICS_SECTION,
+ SOURCE_KEY,
+ this.credentialSourceType,
+ IMPERSONATION_KEY,
+ this.saImpersonation,
+ CONFIG_LIFETIME_KEY,
+ this.configLifetime);
+ }
+}
diff --git a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java
index 91b837e45..aab014f2e 100644
--- a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java
@@ -38,6 +38,7 @@
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonObjectParser;
import com.google.auth.oauth2.IdentityPoolCredentials.IdentityPoolCredentialSource.CredentialFormatType;
+import com.google.auth.oauth2.IdentityPoolCredentials.IdentityPoolCredentialSource.IdentityPoolCredentialSourceType;
import com.google.common.io.CharStreams;
import java.io.BufferedReader;
import java.io.File;
@@ -192,6 +193,16 @@ public String retrieveSubjectToken() throws IOException {
return getSubjectTokenFromMetadataServer();
}
+ @Override
+ String getCredentialSourceType() {
+ if (((IdentityPoolCredentialSource) this.getCredentialSource()).credentialSourceType
+ == IdentityPoolCredentialSourceType.FILE) {
+ return "file";
+ } else {
+ return "url";
+ }
+ }
+
private String retrieveSubjectTokenFromCredentialFile() throws IOException {
String credentialFilePath = identityPoolCredentialSource.credentialLocation;
if (!Files.exists(Paths.get(credentialFilePath), LinkOption.NOFOLLOW_LINKS)) {
diff --git a/oauth2_http/java/com/google/auth/oauth2/MetricsUtils.java b/oauth2_http/java/com/google/auth/oauth2/MetricsUtils.java
new file mode 100644
index 000000000..0267e8729
--- /dev/null
+++ b/oauth2_http/java/com/google/auth/oauth2/MetricsUtils.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2023 Google LLC
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * * Neither the name of Google LLC nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.google.auth.oauth2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+class MetricsUtils {
+ static final String API_CLIENT_HEADER = "x-goog-api-client";
+ private static final String authLibraryVersion = getAuthLibraryVersion();
+ private static final String javaLanguageVersion = System.getProperty("java.version");
+
+ /**
+ * Gets the x-goog-api-client header value for the current Java language version and the auth
+ * library version.
+ *
+ * @return the header value.
+ */
+ static String getLanguageAndAuthLibraryVersions() {
+ return String.format("gl-java/%s auth/%s", javaLanguageVersion, authLibraryVersion);
+ }
+
+ private static String getAuthLibraryVersion() {
+ // Attempt to read the library's version from a properties file generated during the build.
+ // This value should be read and cached for later use.
+ String version = "unknown-version";
+ try (InputStream inputStream =
+ MetricsUtils.class.getResourceAsStream(
+ "/com/google/auth/oauth2/google-auth-library.properties")) {
+ if (inputStream != null) {
+ final Properties properties = new Properties();
+ properties.load(inputStream);
+ version = properties.getProperty("google-auth-library.version");
+ }
+ } catch (IOException e) {
+ // Ignore.
+ }
+ return version;
+ }
+}
diff --git a/oauth2_http/java/com/google/auth/oauth2/PluggableAuthCredentials.java b/oauth2_http/java/com/google/auth/oauth2/PluggableAuthCredentials.java
index 0042dfdc2..0fe3c9800 100644
--- a/oauth2_http/java/com/google/auth/oauth2/PluggableAuthCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/PluggableAuthCredentials.java
@@ -292,6 +292,11 @@ public PluggableAuthCredentials createScoped(Collection newScopes) {
(PluggableAuthCredentials.Builder) newBuilder(this).setScopes(newScopes));
}
+ @Override
+ String getCredentialSourceType() {
+ return "executable";
+ }
+
public static Builder newBuilder() {
return new Builder();
}
diff --git a/oauth2_http/java/com/google/auth/oauth2/UserAuthorizer.java b/oauth2_http/java/com/google/auth/oauth2/UserAuthorizer.java
index 29a8284d5..63cc23170 100644
--- a/oauth2_http/java/com/google/auth/oauth2/UserAuthorizer.java
+++ b/oauth2_http/java/com/google/auth/oauth2/UserAuthorizer.java
@@ -50,6 +50,7 @@
import java.util.Collection;
import java.util.Date;
import java.util.List;
+import java.util.Map;
/** Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization. */
public class UserAuthorizer {
@@ -168,6 +169,20 @@ public TokenStore getTokenStore() {
* @return The URL that can be navigated or redirected to.
*/
public URL getAuthorizationUrl(String userId, String state, URI baseUri) {
+ return this.getAuthorizationUrl(userId, state, baseUri, null);
+ }
+
+ /**
+ * Return an URL that performs the authorization consent prompt web UI.
+ *
+ * @param userId Application's identifier for the end user.
+ * @param state State that is passed on to the OAuth2 callback URI after the consent.
+ * @param baseUri The URI to resolve the OAuth2 callback URI relative to.
+ * @param additionalParameters Additional query parameters to be added to the authorization URL.
+ * @return The URL that can be navigated or redirected to.
+ */
+ public URL getAuthorizationUrl(
+ String userId, String state, URI baseUri, Map additionalParameters) {
URI resolvedCallbackUri = getCallbackUri(baseUri);
String scopesString = Joiner.on(' ').join(scopes);
@@ -185,6 +200,13 @@ public URL getAuthorizationUrl(String userId, String state, URI baseUri) {
url.put("login_hint", userId);
}
url.put("include_granted_scopes", true);
+
+ if (additionalParameters != null) {
+ for (Map.Entry entry : additionalParameters.entrySet()) {
+ url.put(entry.getKey(), entry.getValue());
+ }
+ }
+
if (pkce != null) {
url.put("code_challenge", pkce.getCodeChallenge());
url.put("code_challenge_method", pkce.getCodeChallengeMethod());
@@ -247,6 +269,21 @@ public UserCredentials getCredentials(String userId) throws IOException {
* @throws IOException An error from the server API call to get the tokens.
*/
public UserCredentials getCredentialsFromCode(String code, URI baseUri) throws IOException {
+ return getCredentialsFromCode(code, baseUri, null);
+ }
+
+ /**
+ * Returns a UserCredentials instance by exchanging an OAuth2 authorization code for tokens.
+ *
+ * @param code Code returned from OAuth2 consent prompt.
+ * @param baseUri The URI to resolve the OAuth2 callback URI relative to.
+ * @param additionalParameters Additional parameters to be added to the post body of token
+ * endpoint request.
+ * @return the UserCredentials instance created from the authorization code.
+ * @throws IOException An error from the server API call to get the tokens.
+ */
+ public UserCredentials getCredentialsFromCode(
+ String code, URI baseUri, Map additionalParameters) throws IOException {
Preconditions.checkNotNull(code);
URI resolvedCallbackUri = getCallbackUri(baseUri);
@@ -257,6 +294,12 @@ public UserCredentials getCredentialsFromCode(String code, URI baseUri) throws I
tokenData.put("redirect_uri", resolvedCallbackUri);
tokenData.put("grant_type", "authorization_code");
+ if (additionalParameters != null) {
+ for (Map.Entry entry : additionalParameters.entrySet()) {
+ tokenData.put(entry.getKey(), entry.getValue());
+ }
+ }
+
if (pkce != null) {
tokenData.put("code_verifier", pkce.getCodeVerifier());
}
diff --git a/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java b/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java
index 723cec837..bdbcd2c91 100644
--- a/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java
+++ b/oauth2_http/javatests/com/google/auth/http/HttpCredentialsAdapterTest.java
@@ -42,8 +42,8 @@
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpTransport;
import com.google.auth.Credentials;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import com.google.auth.oauth2.MockTokenCheckingTransport;
+import com.google.auth.oauth2.MockTokenServerTransportFactory;
import com.google.auth.oauth2.OAuth2Credentials;
import com.google.auth.oauth2.UserCredentials;
import java.io.IOException;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
index 248bc92df..9abbcc822 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/AwsCredentialsTest.java
@@ -131,6 +131,11 @@ public void refreshAccessToken_withoutServiceAccountImpersonation() throws IOExc
AccessToken accessToken = awsCredential.refreshAccessToken();
assertEquals(transportFactory.transport.getAccessToken(), accessToken.getTokenValue());
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(3).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "aws", false, false);
}
@Test
@@ -142,18 +147,26 @@ public void refreshAccessToken_withServiceAccountImpersonation() throws IOExcept
AwsCredentials awsCredential =
(AwsCredentials)
- AwsCredentials.newBuilder(AWS_CREDENTIAL)
+ AwsCredentials.newBuilder()
+ .setHttpTransportFactory(transportFactory)
+ .setAudience("audience")
+ .setSubjectTokenType("subjectTokenType")
.setTokenUrl(transportFactory.transport.getStsUrl())
+ .setTokenInfoUrl("tokenInfoUrl")
+ .setCredentialSource(buildAwsCredentialSource(transportFactory))
.setServiceAccountImpersonationUrl(
transportFactory.transport.getServiceAccountImpersonationUrl())
- .setHttpTransportFactory(transportFactory)
- .setCredentialSource(buildAwsCredentialSource(transportFactory))
.build();
AccessToken accessToken = awsCredential.refreshAccessToken();
assertEquals(
transportFactory.transport.getServiceAccountAccessToken(), accessToken.getTokenValue());
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(6).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "aws", true, false);
}
@Test
@@ -165,12 +178,15 @@ public void refreshAccessToken_withServiceAccountImpersonationOptions() throws I
AwsCredentials awsCredential =
(AwsCredentials)
- AwsCredentials.newBuilder(AWS_CREDENTIAL)
+ AwsCredentials.newBuilder()
+ .setHttpTransportFactory(transportFactory)
+ .setAudience("audience")
+ .setSubjectTokenType("subjectTokenType")
.setTokenUrl(transportFactory.transport.getStsUrl())
+ .setTokenInfoUrl("tokenInfoUrl")
+ .setCredentialSource(buildAwsCredentialSource(transportFactory))
.setServiceAccountImpersonationUrl(
transportFactory.transport.getServiceAccountImpersonationUrl())
- .setHttpTransportFactory(transportFactory)
- .setCredentialSource(buildAwsCredentialSource(transportFactory))
.setServiceAccountImpersonationOptions(
ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions(2800))
.build();
@@ -187,6 +203,11 @@ public void refreshAccessToken_withServiceAccountImpersonationOptions() throws I
.parseAndClose(GenericJson.class);
assertEquals("2800s", query.get("lifetime"));
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(6).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "aws", true, true);
}
@Test
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java
index a64215fba..e39cc2cb1 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java
@@ -52,7 +52,6 @@
import com.google.auth.ServiceAccountSigner.SigningException;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayDeque;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java
index 826f1d267..3b7abe203 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java
@@ -47,8 +47,6 @@
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
import com.google.auth.oauth2.ComputeEngineCredentialsTest.MockMetadataServerTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java
index cf778b003..d7cade9f6 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/DownscopedCredentialsTest.java
@@ -204,8 +204,7 @@ public void builder_noTransport_defaults() throws IOException {
private static GoogleCredentials getServiceAccountSourceCredentials(boolean canRefresh)
throws IOException {
- GoogleCredentialsTest.MockTokenServerTransportFactory transportFactory =
- new GoogleCredentialsTest.MockTokenServerTransportFactory();
+ MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
String email = "service-account@google.com";
@@ -228,8 +227,7 @@ private static GoogleCredentials getServiceAccountSourceCredentials(boolean canR
}
private static GoogleCredentials getUserSourceCredentials() {
- GoogleCredentialsTest.MockTokenServerTransportFactory transportFactory =
- new GoogleCredentialsTest.MockTokenServerTransportFactory();
+ MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
transportFactory.transport.addClient("clientId", "clientSecret");
transportFactory.transport.addRefreshToken("refreshToken", "accessToken");
AccessToken accessToken = new AccessToken("accessToken", new Date());
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
index 6e0f1efd3..c147675d5 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ExternalAccountCredentialsTest.java
@@ -834,6 +834,11 @@ public void exchangeExternalCredentialForAccessToken() throws IOException {
Map query =
TestUtils.parseQuery(transportFactory.transport.getLastRequest().getContentAsString());
assertNull(query.get("options"));
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(0).getHeaders();
+ validateMetricsHeader(headers, "file", false, false);
}
@Test
@@ -952,6 +957,11 @@ public void exchangeExternalCredentialForAccessToken_withServiceAccountImpersona
.parseAndClose(GenericJson.class);
assertEquals("3600s", query.get("lifetime"));
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(1).getHeaders();
+ validateMetricsHeader(headers, "url", true, false);
}
@Test
@@ -983,6 +993,10 @@ public void exchangeExternalCredentialForAccessToken_withServiceAccountImpersona
.createJsonParser(transportFactory.transport.getLastRequest().getContentAsString())
.parseAndClose(GenericJson.class);
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(1).getHeaders();
+ validateMetricsHeader(headers, "url", true, true);
assertEquals("2800s", query.get("lifetime"));
}
@@ -1257,6 +1271,23 @@ static Map buildServiceAccountImpersonationOptions(Integer lifet
return map;
}
+ static void validateMetricsHeader(
+ Map> headers,
+ String source,
+ boolean saImpersonationUsed,
+ boolean configLifetimeUsed) {
+ assertTrue(headers.containsKey(MetricsUtils.API_CLIENT_HEADER));
+ String actualMetricsValue = headers.get(MetricsUtils.API_CLIENT_HEADER).get(0);
+ String expectedMetricsValue =
+ String.format(
+ "%s google-byoid-sdk source/%s sa-impersonation/%s config-lifetime/%s",
+ MetricsUtils.getLanguageAndAuthLibraryVersions(),
+ source,
+ saImpersonationUsed,
+ configLifetimeUsed);
+ assertEquals(expectedMetricsValue, actualMetricsValue);
+ }
+
static class TestExternalAccountCredentials extends ExternalAccountCredentials {
static class TestCredentialSource extends IdentityPoolCredentials.IdentityPoolCredentialSource {
protected TestCredentialSource(Map credentialSourceMap) {
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java
index 84f7e7d85..14688e4f5 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTest.java
@@ -46,7 +46,6 @@
import com.google.api.client.testing.http.FixedClock;
import com.google.api.client.util.Clock;
import com.google.auth.TestUtils;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@@ -510,11 +509,14 @@ public void refreshAccessToken_correct() throws IOException {
GdchCredentials credentials = GdchCredentials.fromJson(json, transportFactory);
GdchCredentials gdchWithAudience = credentials.createWithGdchAudience(API_AUDIENCE);
- gdchWithAudience.clock = new FixedClock(0L);
+ GdchCredentialsTestUtil.registerGdchCredentialWithMockTransport(
+ gdchWithAudience,
+ transportFactory.transport,
+ PROJECT_ID,
+ SERVICE_IDENTITY_NAME,
+ tokenString,
+ TOKEN_SERVER_URI);
- transportFactory.transport.addGdchServiceAccount(
- GdchCredentials.getIssuerSubjectValue(PROJECT_ID, SERVICE_IDENTITY_NAME), tokenString);
- transportFactory.transport.setTokenServerUri(TOKEN_SERVER_URI);
AccessToken accessToken = gdchWithAudience.refreshAccessToken();
assertNotNull(accessToken);
assertEquals(tokenString, accessToken.getTokenValue());
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTestUtil.java b/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTestUtil.java
new file mode 100644
index 000000000..51880ddcc
--- /dev/null
+++ b/oauth2_http/javatests/com/google/auth/oauth2/GdchCredentialsTestUtil.java
@@ -0,0 +1,27 @@
+package com.google.auth.oauth2;
+
+import com.google.api.client.testing.http.FixedClock;
+import java.io.IOException;
+import java.net.URI;
+import java.util.Map;
+
+public class GdchCredentialsTestUtil {
+ public static void registerGdchCredentialWithMockTransport(
+ GdchCredentials credentials,
+ MockTokenServerTransport transport,
+ String projectId,
+ String serviceIdentityName,
+ String tokenString,
+ URI tokenServerUri) {
+ credentials.clock = new FixedClock(0L);
+ transport.addGdchServiceAccount(
+ GdchCredentials.getIssuerSubjectValue(projectId, serviceIdentityName), tokenString);
+ transport.setTokenServerUri(tokenServerUri);
+ }
+
+ public static GdchCredentials fromJson(
+ Map json, MockTokenServerTransportFactory transportFactory)
+ throws IOException {
+ return GdchCredentials.fromJson(json, transportFactory);
+ }
+}
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java
index 415260760..80e28b3ec 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java
@@ -33,8 +33,6 @@
import static org.junit.Assert.*;
-import com.google.api.client.http.HttpTransport;
-import com.google.api.client.testing.http.MockHttpTransport;
import com.google.api.client.util.Clock;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
@@ -93,26 +91,6 @@ public class GoogleCredentialsTest extends BaseSerializationTest {
private static final Collection DEFAULT_SCOPES =
Collections.unmodifiableCollection(Arrays.asList("scope3"));
- static class MockHttpTransportFactory implements HttpTransportFactory {
-
- MockHttpTransport transport = new MockHttpTransport();
-
- @Override
- public HttpTransport create() {
- return transport;
- }
- }
-
- public static class MockTokenServerTransportFactory implements HttpTransportFactory {
-
- public MockTokenServerTransport transport = new MockTokenServerTransport();
-
- @Override
- public HttpTransport create() {
- return transport;
- }
- }
-
@Test
public void getApplicationDefault_nullTransport_throws() throws IOException {
try {
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java
index 560334965..cf04a43fb 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java
@@ -318,7 +318,12 @@ public void refreshAccessToken_withoutServiceAccountImpersonation() throws IOExc
IdentityPoolCredentials credential =
(IdentityPoolCredentials)
- IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL)
+ IdentityPoolCredentials.newBuilder()
+ .setAudience(
+ "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenInfoUrl("tokenInfoUrl")
+ .setCredentialSource(FILE_CREDENTIAL_SOURCE)
.setTokenUrl(transportFactory.transport.getStsUrl())
.setHttpTransportFactory(transportFactory)
.setCredentialSource(
@@ -328,6 +333,11 @@ public void refreshAccessToken_withoutServiceAccountImpersonation() throws IOExc
AccessToken accessToken = credential.refreshAccessToken();
assertEquals(transportFactory.transport.getAccessToken(), accessToken.getTokenValue());
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(1).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "url", false, false);
}
@Test
@@ -372,10 +382,14 @@ public void refreshAccessToken_withServiceAccountImpersonation() throws IOExcept
transportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
IdentityPoolCredentials credential =
(IdentityPoolCredentials)
- IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL)
- .setTokenUrl(transportFactory.transport.getStsUrl())
+ IdentityPoolCredentials.newBuilder()
+ .setAudience(
+ "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenInfoUrl("tokenInfoUrl")
.setServiceAccountImpersonationUrl(
transportFactory.transport.getServiceAccountImpersonationUrl())
+ .setTokenUrl(transportFactory.transport.getStsUrl())
.setHttpTransportFactory(transportFactory)
.setCredentialSource(
buildUrlBasedCredentialSource(transportFactory.transport.getMetadataUrl()))
@@ -385,6 +399,11 @@ public void refreshAccessToken_withServiceAccountImpersonation() throws IOExcept
assertEquals(
transportFactory.transport.getServiceAccountAccessToken(), accessToken.getTokenValue());
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(2).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "url", true, false);
}
@Test
@@ -395,11 +414,15 @@ public void refreshAccessToken_withServiceAccountImpersonationOptions() throws I
transportFactory.transport.setExpireTime(TestUtils.getDefaultExpireTime());
IdentityPoolCredentials credential =
(IdentityPoolCredentials)
- IdentityPoolCredentials.newBuilder(FILE_SOURCED_CREDENTIAL)
+ IdentityPoolCredentials.newBuilder()
+ .setAudience(
+ "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenInfoUrl("tokenInfoUrl")
.setTokenUrl(transportFactory.transport.getStsUrl())
+ .setHttpTransportFactory(transportFactory)
.setServiceAccountImpersonationUrl(
transportFactory.transport.getServiceAccountImpersonationUrl())
- .setHttpTransportFactory(transportFactory)
.setCredentialSource(
buildUrlBasedCredentialSource(transportFactory.transport.getMetadataUrl()))
.setServiceAccountImpersonationOptions(
@@ -418,6 +441,11 @@ public void refreshAccessToken_withServiceAccountImpersonationOptions() throws I
.parseAndClose(GenericJson.class);
assertEquals("2800s", query.get("lifetime"));
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(2).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "url", true, true);
}
@Test
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java
index 9ff555a47..aa3df6ec4 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java
@@ -52,7 +52,6 @@
import com.google.auth.ServiceAccountSigner.SigningException;
import com.google.auth.TestUtils;
import com.google.auth.http.HttpTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.io.ByteArrayOutputStream;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MetricsUtilsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/MetricsUtilsTest.java
new file mode 100644
index 000000000..aba4d98c9
--- /dev/null
+++ b/oauth2_http/javatests/com/google/auth/oauth2/MetricsUtilsTest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2023, Google LLC
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * * Neither the name of Google LLC nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.google.auth.oauth2;
+
+import static org.junit.Assert.*;
+
+import java.util.regex.Pattern;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class MetricsUtilsTest {
+
+ public static void assertVersions(String version) {
+ assertNotNull("version constant should not be null", version);
+ Pattern semverPattern =
+ Pattern.compile("gl-java/[\\d\\._-]+ auth/\\d+\\.\\d+\\.\\d+(-sp\\.\\d+)?(-SNAPSHOT)?");
+ assertTrue(semverPattern.matcher(version).matches());
+ }
+
+ @Test
+ public void getVersionWorks() {
+ String version = MetricsUtils.getLanguageAndAuthLibraryVersions();
+ assertVersions(version);
+ }
+}
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockHttpTransportFactory.java b/oauth2_http/javatests/com/google/auth/oauth2/MockHttpTransportFactory.java
new file mode 100644
index 000000000..00976e00f
--- /dev/null
+++ b/oauth2_http/javatests/com/google/auth/oauth2/MockHttpTransportFactory.java
@@ -0,0 +1,15 @@
+package com.google.auth.oauth2;
+
+import com.google.api.client.http.HttpTransport;
+import com.google.api.client.testing.http.MockHttpTransport;
+import com.google.auth.http.HttpTransportFactory;
+
+public class MockHttpTransportFactory implements HttpTransportFactory {
+
+ MockHttpTransport transport = new MockHttpTransport();
+
+ @Override
+ public HttpTransport create() {
+ return transport;
+ }
+}
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java
index b9579663a..95680c02e 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransport.java
@@ -65,6 +65,8 @@ public class MockTokenServerTransport extends MockHttpTransport {
final Map serviceAccounts = new HashMap();
final Map gdchServiceAccounts = new HashMap();
final Map codes = new HashMap();
+ final Map> additionalParameters =
+ new HashMap>();
URI tokenServerUri = OAuth2Utils.TOKEN_SERVER_URI;
private IOException error;
private final Queue> responseSequence = new ArrayDeque<>();
@@ -81,10 +83,18 @@ public void setTokenServerUri(URI tokenServerUri) {
}
public void addAuthorizationCode(
- String code, String refreshToken, String accessToken, String grantedScopes) {
+ String code,
+ String refreshToken,
+ String accessToken,
+ String grantedScopes,
+ Map additionalParameters) {
codes.put(code, refreshToken);
refreshTokens.put(refreshToken, accessToken);
this.grantedScopes.put(refreshToken, grantedScopes);
+
+ if (additionalParameters != null) {
+ this.additionalParameters.put(refreshToken, additionalParameters);
+ }
}
public void addClient(String clientId, String clientSecret) {
@@ -220,6 +230,29 @@ public LowLevelHttpResponse execute() throws IOException {
if (grantedScopes.containsKey(refreshToken)) {
grantedScopesString = grantedScopes.get(refreshToken);
}
+
+ if (additionalParameters.containsKey(refreshToken)) {
+ Map additionalParametersMap = additionalParameters.get(refreshToken);
+ for (Map.Entry entry : additionalParametersMap.entrySet()) {
+ String key = entry.getKey();
+ String expectedValue = entry.getValue();
+ if (!query.containsKey(key)) {
+ throw new IllegalArgumentException("Missing additional parameter: " + key);
+ } else {
+ String actualValue = query.get(key);
+ if (!expectedValue.equals(actualValue)) {
+ throw new IllegalArgumentException(
+ "For additional parameter "
+ + key
+ + ", Actual value: "
+ + actualValue
+ + ", Expected value: "
+ + expectedValue);
+ }
+ }
+ }
+ }
+
} else if (query.containsKey("grant_type")) {
String grantType = query.get("grant_type");
String assertion = query.get("assertion");
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransportFactory.java b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransportFactory.java
new file mode 100644
index 000000000..a1d5831ad
--- /dev/null
+++ b/oauth2_http/javatests/com/google/auth/oauth2/MockTokenServerTransportFactory.java
@@ -0,0 +1,14 @@
+package com.google.auth.oauth2;
+
+import com.google.api.client.http.HttpTransport;
+import com.google.auth.http.HttpTransportFactory;
+
+public class MockTokenServerTransportFactory implements HttpTransportFactory {
+
+ public MockTokenServerTransport transport = new MockTokenServerTransport();
+
+ @Override
+ public HttpTransport create() {
+ return transport;
+ }
+}
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java
index 7032fde32..62aa08225 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java
@@ -45,10 +45,8 @@
import com.google.auth.TestClock;
import com.google.auth.TestUtils;
import com.google.auth.http.AuthHttpConstants;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import com.google.auth.oauth2.OAuth2Credentials.OAuthValue;
import com.google.auth.oauth2.OAuth2Credentials.RefreshTask;
-import com.google.auth.oauth2.OAuth2Credentials.RefreshTaskListener;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.util.concurrent.ListenableFutureTask;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java
index ddc321fdd..fcd845e7a 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/PluggableAuthCredentialsTest.java
@@ -200,6 +200,11 @@ public void refreshAccessToken_withoutServiceAccountImpersonation() throws IOExc
Map query =
TestUtils.parseQuery(transportFactory.transport.getRequests().get(0).getContentAsString());
assertEquals(query.get("subject_token"), "pluggableAuthToken");
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(0).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "executable", false, false);
}
@Test
@@ -211,14 +216,23 @@ public void refreshAccessToken_withServiceAccountImpersonation() throws IOExcept
PluggableAuthCredentials credential =
(PluggableAuthCredentials)
- PluggableAuthCredentials.newBuilder(CREDENTIAL)
- .setExecutableHandler(options -> "pluggableAuthToken")
+ PluggableAuthCredentials.newBuilder()
+ .setAudience(
+ "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenInfoUrl("tokenInfoUrl")
.setTokenUrl(transportFactory.transport.getStsUrl())
+ .setCredentialSource(buildCredentialSource())
.setServiceAccountImpersonationUrl(
transportFactory.transport.getServiceAccountImpersonationUrl())
.setHttpTransportFactory(transportFactory)
.build();
+ credential =
+ PluggableAuthCredentials.newBuilder(credential)
+ .setExecutableHandler(options -> "pluggableAuthToken")
+ .build();
+
AccessToken accessToken = credential.refreshAccessToken();
assertEquals(
@@ -228,6 +242,11 @@ public void refreshAccessToken_withServiceAccountImpersonation() throws IOExcept
Map query =
TestUtils.parseQuery(transportFactory.transport.getRequests().get(0).getContentAsString());
assertEquals(query.get("subject_token"), "pluggableAuthToken");
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(0).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "executable", true, false);
}
@Test
@@ -239,16 +258,25 @@ public void refreshAccessToken_withServiceAccountImpersonationOptions() throws I
PluggableAuthCredentials credential =
(PluggableAuthCredentials)
- PluggableAuthCredentials.newBuilder(CREDENTIAL)
- .setExecutableHandler(options -> "pluggableAuthToken")
+ PluggableAuthCredentials.newBuilder()
+ .setAudience(
+ "//iam.googleapis.com/projects/123/locations/global/workloadIdentityPools/pool/providers/provider")
+ .setSubjectTokenType("subjectTokenType")
+ .setTokenInfoUrl("tokenInfoUrl")
.setTokenUrl(transportFactory.transport.getStsUrl())
+ .setCredentialSource(buildCredentialSource())
.setServiceAccountImpersonationUrl(
transportFactory.transport.getServiceAccountImpersonationUrl())
- .setHttpTransportFactory(transportFactory)
.setServiceAccountImpersonationOptions(
ExternalAccountCredentialsTest.buildServiceAccountImpersonationOptions(2800))
+ .setHttpTransportFactory(transportFactory)
.build();
+ credential =
+ PluggableAuthCredentials.newBuilder(credential)
+ .setExecutableHandler(options -> "pluggableAuthToken")
+ .build();
+
AccessToken accessToken = credential.refreshAccessToken();
assertEquals(
@@ -261,6 +289,11 @@ public void refreshAccessToken_withServiceAccountImpersonationOptions() throws I
.parseAndClose(GenericJson.class);
assertEquals("2800s", query.get("lifetime"));
+
+ // Validate metrics header is set correctly on the sts request.
+ Map> headers =
+ transportFactory.transport.getRequests().get(0).getHeaders();
+ ExternalAccountCredentialsTest.validateMetricsHeader(headers, "executable", true, true);
}
@Test
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
index 304cf000a..6da93d409 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java
@@ -55,8 +55,6 @@
import com.google.auth.TestUtils;
import com.google.auth.http.AuthHttpConstants;
import com.google.auth.http.HttpTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import com.google.common.collect.ImmutableSet;
import java.io.ByteArrayInputStream;
import java.io.IOException;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java
index 3e03c0368..df95ea2f3 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountJwtAccessCredentialsTest.java
@@ -49,7 +49,6 @@
import com.google.auth.RequestMetadataCallback;
import com.google.auth.TestClock;
import com.google.auth.http.AuthHttpConstants;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java
index 5a81e27a4..5168cb90e 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/TokenVerifierTest.java
@@ -43,7 +43,6 @@
import com.google.api.client.testing.http.MockLowLevelHttpResponse;
import com.google.api.client.util.Clock;
import com.google.auth.http.HttpTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import com.google.auth.oauth2.TokenVerifier.VerificationException;
import com.google.common.io.CharStreams;
import java.io.IOException;
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java b/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java
index 7f444330f..e0a8e2753 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/UserAuthorizerTest.java
@@ -32,17 +32,18 @@
package com.google.auth.oauth2;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.fail;
import com.google.auth.TestUtils;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.util.Arrays;
import java.util.Date;
+import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.junit.Test;
@@ -170,6 +171,50 @@ public void getAuthorizationUrl() throws IOException {
assertEquals(pkce.getCodeChallengeMethod(), parameters.get("code_challenge_method"));
}
+ @Test
+ public void getAuthorizationUrl_additionalParameters() throws IOException {
+ final String CUSTOM_STATE = "custom_state";
+ final String PROTOCOL = "https";
+ final String HOST = "accounts.test.com";
+ final String PATH = "/o/o/oauth2/auth";
+ final URI AUTH_URI = URI.create(PROTOCOL + "://" + HOST + PATH);
+ final String EXPECTED_CALLBACK = "http://example.com" + CALLBACK_URI.toString();
+ UserAuthorizer authorizer =
+ UserAuthorizer.newBuilder()
+ .setClientId(CLIENT_ID)
+ .setScopes(DUMMY_SCOPES)
+ .setCallbackUri(CALLBACK_URI)
+ .setUserAuthUri(AUTH_URI)
+ .build();
+ Map additionalParameters = new HashMap();
+ additionalParameters.put("param1", "value1");
+ additionalParameters.put("param2", "value2");
+
+ // Verify that the authorization URL doesn't include the additional parameters if they are not
+ // passed in.
+ URL authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, CUSTOM_STATE, BASE_URI);
+ String query = authorizationUrl.getQuery();
+ Map parameters = TestUtils.parseQuery(query);
+ assertFalse(parameters.containsKey("param1"));
+ assertFalse(parameters.containsKey("param2"));
+
+ // Verify that the authorization URL includes the additional parameters if they are passed in.
+ authorizationUrl =
+ authorizer.getAuthorizationUrl(USER_ID, CUSTOM_STATE, BASE_URI, additionalParameters);
+ query = authorizationUrl.getQuery();
+ parameters = TestUtils.parseQuery(query);
+ assertEquals("value1", parameters.get("param1"));
+ assertEquals("value2", parameters.get("param2"));
+
+ // Verify that the authorization URL doesn't include the additional parameters passed in the
+ // previous call to the authorizer
+ authorizationUrl = authorizer.getAuthorizationUrl(USER_ID, CUSTOM_STATE, BASE_URI);
+ query = authorizationUrl.getQuery();
+ parameters = TestUtils.parseQuery(query);
+ assertFalse(parameters.containsKey("param1"));
+ assertFalse(parameters.containsKey("param2"));
+ }
+
@Test
public void getCredentials_noCredentials_returnsNull() throws IOException {
UserAuthorizer authorizer =
@@ -340,7 +385,41 @@ public void getCredentialsFromCode_conevertsCodeToTokens() throws IOException {
MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
transportFactory.transport.addClient(CLIENT_ID_VALUE, CLIENT_SECRET);
transportFactory.transport.addAuthorizationCode(
- CODE, REFRESH_TOKEN, ACCESS_TOKEN_VALUE, GRANTED_SCOPES_STRING);
+ CODE, REFRESH_TOKEN, ACCESS_TOKEN_VALUE, GRANTED_SCOPES_STRING, null);
+ TokenStore tokenStore = new MemoryTokensStorage();
+ UserAuthorizer authorizer =
+ UserAuthorizer.newBuilder()
+ .setClientId(CLIENT_ID)
+ .setScopes(DUMMY_SCOPES)
+ .setTokenStore(tokenStore)
+ .setHttpTransportFactory(transportFactory)
+ .build();
+
+ UserCredentials credentials = authorizer.getCredentialsFromCode(CODE, BASE_URI);
+
+ assertEquals(REFRESH_TOKEN, credentials.getRefreshToken());
+ assertEquals(ACCESS_TOKEN_VALUE, credentials.getAccessToken().getTokenValue());
+ assertEquals(GRANTED_SCOPES, credentials.getAccessToken().getScopes());
+ }
+
+ @Test
+ public void getCredentialsFromCode_additionalParameters() throws IOException {
+ MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
+ transportFactory.transport.addClient(CLIENT_ID_VALUE, CLIENT_SECRET);
+
+ Map additionalParameters = new HashMap();
+ additionalParameters.put("param1", "value1");
+ additionalParameters.put("param2", "value2");
+
+ String code2 = "code2";
+ String refreshToken2 = "refreshToken2";
+ String accessTokenValue2 = "accessTokenValue2";
+
+ transportFactory.transport.addAuthorizationCode(
+ CODE, REFRESH_TOKEN, ACCESS_TOKEN_VALUE, GRANTED_SCOPES_STRING, null);
+ transportFactory.transport.addAuthorizationCode(
+ code2, refreshToken2, accessTokenValue2, GRANTED_SCOPES_STRING, additionalParameters);
+
TokenStore tokenStore = new MemoryTokensStorage();
UserAuthorizer authorizer =
UserAuthorizer.newBuilder()
@@ -350,8 +429,20 @@ public void getCredentialsFromCode_conevertsCodeToTokens() throws IOException {
.setHttpTransportFactory(transportFactory)
.build();
+ // Verify that the additional parameters are not attached to the post body when not specified
UserCredentials credentials = authorizer.getCredentialsFromCode(CODE, BASE_URI);
+ assertEquals(REFRESH_TOKEN, credentials.getRefreshToken());
+ assertEquals(ACCESS_TOKEN_VALUE, credentials.getAccessToken().getTokenValue());
+ assertEquals(GRANTED_SCOPES, credentials.getAccessToken().getScopes());
+
+ // Verify that the additional parameters are attached to the post body when specified
+ credentials = authorizer.getCredentialsFromCode(code2, BASE_URI, additionalParameters);
+ assertEquals(refreshToken2, credentials.getRefreshToken());
+ assertEquals(accessTokenValue2, credentials.getAccessToken().getTokenValue());
+ assertEquals(GRANTED_SCOPES, credentials.getAccessToken().getScopes());
+ // Verify that the additional parameters from previous request are not attached to the post body
+ credentials = authorizer.getCredentialsFromCode(CODE, BASE_URI);
assertEquals(REFRESH_TOKEN, credentials.getRefreshToken());
assertEquals(ACCESS_TOKEN_VALUE, credentials.getAccessToken().getTokenValue());
assertEquals(GRANTED_SCOPES, credentials.getAccessToken().getScopes());
@@ -376,7 +467,7 @@ public void getAndStoreCredentialsFromCode_getAndStoresCredentials() throws IOEx
MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
transportFactory.transport.addClient(CLIENT_ID_VALUE, CLIENT_SECRET);
transportFactory.transport.addAuthorizationCode(
- CODE, REFRESH_TOKEN, accessTokenValue1, GRANTED_SCOPES_STRING);
+ CODE, REFRESH_TOKEN, accessTokenValue1, GRANTED_SCOPES_STRING, null);
TokenStore tokenStore = new MemoryTokensStorage();
UserAuthorizer authorizer =
UserAuthorizer.newBuilder()
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java
index 01010f99e..a5c666936 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java
@@ -45,8 +45,6 @@
import com.google.auth.RequestMetadataCallback;
import com.google.auth.TestUtils;
import com.google.auth.http.AuthHttpConstants;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockHttpTransportFactory;
-import com.google.auth.oauth2.GoogleCredentialsTest.MockTokenServerTransportFactory;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.io.ByteArrayInputStream;
diff --git a/oauth2_http/pom.xml b/oauth2_http/pom.xml
index 538c3cdd7..0b04d6cb4 100644
--- a/oauth2_http/pom.xml
+++ b/oauth2_http/pom.xml
@@ -7,7 +7,7 @@
com.google.auth
google-auth-library-parent
- 1.17.1-SNAPSHOT
+ 1.19.1-SNAPSHOT
../pom.xml
@@ -29,13 +29,13 @@
org.junit.vintage
junit-vintage-engine
- 5.9.1
+ 5.10.0
test
org.graalvm.buildtools
junit-platform-native
- 0.9.19
+ 0.9.23
test
@@ -58,7 +58,7 @@
org.graalvm.buildtools
native-maven-plugin
- 0.9.19
+ 0.9.23
true
@@ -86,6 +86,7 @@
resources
+ true
javatests
@@ -95,6 +96,17 @@
+
+ org.apache.maven.plugins
+ maven-resources-plugin
+
+
+
+ resources
+
+
+
+
org.sonatype.plugins
nexus-staging-maven-plugin
@@ -120,16 +132,35 @@
maven-jar-plugin
+
+ true
+
com.google.auth.oauth2
+
+
+
+ test-jar
+
+
+ false
+ testlib
+
+ **/Mock*
+ **/*TestUtil*
+ **/BaseSerializationTest*
+
+
+
+
org.apache.maven.plugins
maven-failsafe-plugin
- 3.0.0-M7
+ 3.1.2
1200
sponge_log
diff --git a/oauth2_http/resources/com/google/auth/oauth2/google-auth-library.properties b/oauth2_http/resources/com/google/auth/oauth2/google-auth-library.properties
new file mode 100644
index 000000000..32474acb0
--- /dev/null
+++ b/oauth2_http/resources/com/google/auth/oauth2/google-auth-library.properties
@@ -0,0 +1 @@
+google-auth-library.version=${project.parent.version}
diff --git a/pom.xml b/pom.xml
index ee0fe995d..c8cbb27fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
4.0.0
com.google.auth
google-auth-library-parent
- 1.17.1-SNAPSHOT
+ 1.19.1-SNAPSHOT
pom
Google Auth Library for Java
Client libraries providing authentication and
@@ -63,14 +63,14 @@
UTF-8
- 1.42.3
+ 1.43.3
4.13.2
- 31.0.1-android
- 2.0.10
+ 32.0.0-android
+ 2.0.16
3.0.2
false
1.8.2
- 1.10.1
+ 1.10.2
@@ -134,6 +134,7 @@
google-auth-library-oauth2-http
${project.version}
test-jar
+ testlib
@@ -156,7 +157,7 @@
org.apache.maven.plugins
maven-source-plugin
- 3.2.1
+ 3.3.0
attach-sources
@@ -169,9 +170,9 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.4.1
+ 3.5.0
- 7
+ 8
false
@@ -206,7 +207,7 @@
org.apache.maven.plugins
maven-dependency-plugin
- 3.5.0
+ 3.6.0
com.coveo
@@ -226,7 +227,7 @@
maven-compiler-plugin
- 3.10.1
+ 3.11.0
1.8
1.8
@@ -284,7 +285,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.8
+ 0.8.10
@@ -315,6 +316,11 @@
+
+ org.apache.maven.plugins
+ maven-resources-plugin
+ 3.3.1
+
@@ -323,7 +329,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.4.1
+ 3.5.0
html
@@ -336,7 +342,7 @@
false
none
- 7
+ 8
${project.build.directory}/javadoc
Google Auth Library for Java ${project.version}
${basedir}/overview.html
@@ -378,7 +384,7 @@
org.apache.maven.plugins
maven-source-plugin
- 3.2.1
+ 3.3.0
attach-sources
@@ -391,7 +397,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.4.1
+ 3.5.0
attach-javadocs
@@ -404,7 +410,7 @@
org.apache.maven.plugins
maven-gpg-plugin
- 3.0.1
+ 3.1.0
sign-artifacts
@@ -459,7 +465,7 @@
com.google.auto.service
auto-service-annotations
- 1.0.1
+ 1.1.1
@@ -478,12 +484,12 @@
- java-docfx-doclet-1.5.0
+ java-docfx-doclet-1.9.0
${project.build.directory}/docfx-yml
${project.artifactId}
- 7
+ 8
@@ -491,7 +497,7 @@
org.apache.maven.plugins
maven-javadoc-plugin
- 3.4.1
+ 3.5.0
com.microsoft.doclet.DocFxDoclet
false
diff --git a/samples/snippets/pom.xml b/samples/snippets/pom.xml
index db1da8a40..78481cdae 100644
--- a/samples/snippets/pom.xml
+++ b/samples/snippets/pom.xml
@@ -30,7 +30,7 @@
com.google.cloud
libraries-bom
- 26.8.0
+ 26.19.0
pom
import
@@ -50,7 +50,7 @@
com.google.cloud
google-iam-admin
- 3.5.0
+ 3.17.0
@@ -74,7 +74,7 @@
truth
com.google.truth
test
- 1.1.3
+ 1.1.5
diff --git a/versions.txt b/versions.txt
index 25bfa6b10..64eb46b91 100644
--- a/versions.txt
+++ b/versions.txt
@@ -1,9 +1,9 @@
# Format:
# module:released-version:current-version
-google-auth-library:1.17.0:1.17.1-SNAPSHOT
-google-auth-library-bom:1.17.0:1.17.1-SNAPSHOT
-google-auth-library-parent:1.17.0:1.17.1-SNAPSHOT
-google-auth-library-appengine:1.17.0:1.17.1-SNAPSHOT
-google-auth-library-credentials:1.17.0:1.17.1-SNAPSHOT
-google-auth-library-oauth2-http:1.17.0:1.17.1-SNAPSHOT
+google-auth-library:1.19.0:1.19.1-SNAPSHOT
+google-auth-library-bom:1.19.0:1.19.1-SNAPSHOT
+google-auth-library-parent:1.19.0:1.19.1-SNAPSHOT
+google-auth-library-appengine:1.19.0:1.19.1-SNAPSHOT
+google-auth-library-credentials:1.19.0:1.19.1-SNAPSHOT
+google-auth-library-oauth2-http:1.19.0:1.19.1-SNAPSHOT