google/google: set JWT Audience in JWTConfigFromJSON()

Add support to set JWT Audience in JWTConfigFromJSON() to allow setting the audience field from the JSON config, rather than only allowing it the default value of the token_uri. Previous change 272766 (approved but abandoned). Change-Id: I14d46f3628df0a04801949bf99520b210e778f99 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/406836 Reviewed-by: Cody Oss <codyoss@google.com> Run-TryBot: Cody Oss <codyoss@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
2022-05-17 10:13:16 -07:00 · 2022-05-17 10:13:16 -07:00 · 622c5d57e4
parent 9780585627
commit 622c5d57e4
2 changed files with 25 additions and 1 deletions
--- a/google/google.go
+++ b/google/google.go
@ -139,6 +139,7 @@ func (f *credentialsFile) jwtConfig(scopes []string, subject string) *jwt.Config
 		Scopes:       scopes,
 		TokenURL:     f.TokenURL,
 		Subject:      subject, // This is the user email to impersonate
+		Audience:     f.Audience,
 	}
 	if cfg.TokenURL == "" {
 		cfg.TokenURL = JWTTokenURL
--- a/google/google_test.go
+++ b/google/google_test.go
@ -37,7 +37,8 @@ var jwtJSONKey = []byte(`{
  "client_email": "gopher@developer.gserviceaccount.com",
  "client_id": "gopher.apps.googleusercontent.com",
  "token_uri": "https://accounts.google.com/o/gophers/token",
-  "type": "service_account"
+  "type": "service_account",
+  "audience": "https://testservice.googleapis.com/"
 }`)

 var jwtJSONKeyNoTokenURL = []byte(`{
@ -48,6 +49,15 @@ var jwtJSONKeyNoTokenURL = []byte(`{
  "type": "service_account"
 }`)

+var jwtJSONKeyNoAudience = []byte(`{
+  "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
+  "private_key": "super secret key",
+  "client_email": "gopher@developer.gserviceaccount.com",
+  "client_id": "gopher.apps.googleusercontent.com",
+  "token_uri": "https://accounts.google.com/o/gophers/token",
+  "type": "service_account"
+}`)
+
 func TestConfigFromJSON(t *testing.T) {
 	conf, err := ConfigFromJSON(webJSONKey, "scope1", "scope2")
 	if err != nil {
@ -103,6 +113,9 @@ func TestJWTConfigFromJSON(t *testing.T) {
 	if got, want := conf.TokenURL, "https://accounts.google.com/o/gophers/token"; got != want {
 		t.Errorf("TokenURL = %q; want %q", got, want)
 	}
+	if got, want := conf.Audience, "https://testservice.googleapis.com/"; got != want {
+		t.Errorf("Audience = %q; want %q", got, want)
+	}
 }

 func TestJWTConfigFromJSONNoTokenURL(t *testing.T) {
@ -114,3 +127,13 @@ func TestJWTConfigFromJSONNoTokenURL(t *testing.T) {
 		t.Errorf("TokenURL = %q; want %q", got, want)
 	}
 }
+
+func TestJWTConfigFromJSONNoAudience(t *testing.T) {
+	conf, err := JWTConfigFromJSON(jwtJSONKeyNoAudience, "scope1", "scope2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if got, want := conf.Audience, ""; got != want {
+		t.Errorf("Audience = %q; want %q", got, want)
+	}
+}