Skip to content

Commit

Permalink
feat: setting the audience to always point to google token endpoint (#…
Browse files Browse the repository at this point in the history
…833)

* feat: setting the audience to always point to google token endpoint
  • Loading branch information
TimurSadykov authored Jan 18, 2022
1 parent f67bb8c commit 33bfe7a
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 43 deletions.
6 changes: 5 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,14 @@ target/
.classpath
.project
.settings
.factorypath

# Intellij
*.iml
.idea/

# VS Code
.vscode/
.vscode/

# MacOS
.DS_Store
Original file line number Diff line number Diff line change
Expand Up @@ -567,7 +567,7 @@ public boolean createScopedRequired() {
public AccessToken refreshAccessToken() throws IOException {
JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
long currentTime = clock.currentTimeMillis();
String assertion = createAssertion(jsonFactory, currentTime, tokenServerUri.toString());
String assertion = createAssertion(jsonFactory, currentTime);

GenericData tokenRequest = new GenericData();
tokenRequest.set("grant_type", GRANT_TYPE);
Expand Down Expand Up @@ -882,8 +882,7 @@ public boolean equals(Object obj) {
&& Objects.equals(this.useJwtAccessWithScope, other.useJwtAccessWithScope);
}

String createAssertion(JsonFactory jsonFactory, long currentTime, String audience)
throws IOException {
String createAssertion(JsonFactory jsonFactory, long currentTime) throws IOException {
JsonWebSignature.Header header = new JsonWebSignature.Header();
header.setAlgorithm("RS256");
header.setType("JWT");
Expand All @@ -900,13 +899,9 @@ String createAssertion(JsonFactory jsonFactory, long currentTime, String audienc
payload.put("scope", Joiner.on(' ').join(scopes));
}

if (audience == null) {
payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
} else {
payload.setAudience(audience);
}

payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
String assertion;

try {
assertion = JsonWebSignature.signUsingRsaSha256(privateKey, jsonFactory, header, payload);
} catch (GeneralSecurityException e) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ void createAssertion_correct() throws IOException {

JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);

JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
JsonWebToken.Payload payload = signature.getPayload();
Expand Down Expand Up @@ -272,7 +272,7 @@ void createAssertion_defaultScopes_correct() throws IOException {

JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);

JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
JsonWebToken.Payload payload = signature.getPayload();
Expand All @@ -290,7 +290,7 @@ void createAssertion_custom_lifetime() throws IOException {

JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);

JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
JsonWebToken.Payload payload = signature.getPayload();
Expand Down Expand Up @@ -372,36 +372,6 @@ void createAssertionForIdToken_incorrect() throws IOException {
assertEquals(USER, payload.getSubject());
}

@Test
void createAssertion_withTokenUri_correct() throws IOException {
PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8);
List<String> scopes = Arrays.asList("scope1", "scope2");
ServiceAccountCredentials credentials =
ServiceAccountCredentials.newBuilder()
.setClientId(CLIENT_ID)
.setClientEmail(CLIENT_EMAIL)
.setPrivateKey(privateKey)
.setPrivateKeyId(PRIVATE_KEY_ID)
.setScopes(scopes)
.setServiceAccountUser(USER)
.setProjectId(PROJECT_ID)
.build();

JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
String assertion =
credentials.createAssertion(jsonFactory, currentTimeMillis, "https://foo.com/bar");

JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
JsonWebToken.Payload payload = signature.getPayload();
assertEquals(CLIENT_EMAIL, payload.getIssuer());
assertEquals("https://foo.com/bar", payload.getAudience());
assertEquals(currentTimeMillis / 1000, (long) payload.getIssuedAtTimeSeconds());
assertEquals(currentTimeMillis / 1000 + 3600, (long) payload.getExpirationTimeSeconds());
assertEquals(USER, payload.getSubject());
assertEquals(String.join(" ", scopes), payload.get("scope"));
}

@Test
void createdScoped_enablesAccessTokens() throws IOException {
MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
Expand Down

0 comments on commit 33bfe7a

Please sign in to comment.