From b594a6032e9e45a4e69bf725e474853210a6f0a9 Mon Sep 17 00:00:00 2001
From: Patrick Jones <ithuriel@google.com>
Date: Wed, 16 Jun 2021 12:14:24 -0700
Subject: [PATCH] downscope: minor tweaks

---
 google/downscope/downscoping.go      | 12 ++++++------
 google/downscope/downscoping_test.go |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/google/downscope/downscoping.go b/google/downscope/downscoping.go
index 660e545..70e0b21 100644
--- a/google/downscope/downscoping.go
+++ b/google/downscope/downscoping.go
@@ -23,7 +23,7 @@ import (
 )
 
 const (
-	identityBindingEndpoint = "https://sts.googleapis.com/v1beta/token"
+	identityBindingEndpoint = "https://sts.googleapis.com/v1/token"
 )
 
 type accessBoundary struct {
@@ -122,7 +122,7 @@ func downscopedTokenWithEndpoint(ctx context.Context, config DownscopingConfig,
 	form.Add("subject_token_type", "urn:ietf:params:oauth:token-type:access_token")
 	form.Add("requested_token_type", "urn:ietf:params:oauth:token-type:access_token")
 	form.Add("subject_token", tok.AccessToken)
-	form.Add("options", url.QueryEscape(string(b)))
+	form.Add("options", string(b))
 
 	myClient := oauth2.NewClient(ctx, nil)
 	resp, err := myClient.PostForm(endpoint, form)
@@ -148,17 +148,17 @@ func downscopedTokenWithEndpoint(ctx context.Context, config DownscopingConfig,
 	// a token derived from a users token (3LO) does not.
 	// The following code uses the time remaining on rootToken for a user as the value for the
 	// derived token's lifetime
-	var expiry_time time.Time
+	var expiryTime time.Time
 	if tresp.ExpiresIn > 0 {
-		expiry_time = time.Now().Add(time.Duration(time.Duration(tresp.ExpiresIn) * time.Second))
+		expiryTime = time.Now().Add(time.Duration(tresp.ExpiresIn) * time.Second)
 	} else {
-		expiry_time = tok.Expiry
+		expiryTime = tok.Expiry
 	}
 
 	newToken := &oauth2.Token{
 		AccessToken: tresp.AccessToken,
 		TokenType:   tresp.TokenType,
-		Expiry:      expiry_time,
+		Expiry:      expiryTime,
 	}
 	return oauth2.StaticTokenSource(newToken), nil
 }
diff --git a/google/downscope/downscoping_test.go b/google/downscope/downscoping_test.go
index 84e53c3..eb5bbca 100644
--- a/google/downscope/downscoping_test.go
+++ b/google/downscope/downscoping_test.go
@@ -15,7 +15,7 @@ import (
 )
 
 var (
-	standardReqBody  = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=%257B%2522accessBoundary%2522%253A%257B%2522accessBoundaryRules%2522%253A%255B%257B%2522availableResource%2522%253A%2522test1%2522%252C%2522availablePermissions%2522%253A%255B%2522Perm1%2522%252C%2522Perm2%2522%255D%257D%255D%257D%257D&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&subject_token=Mellon&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token"
+	standardReqBody  = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Atoken-exchange&options=%7B%22accessBoundary%22%3A%7B%22accessBoundaryRules%22%3A%5B%7B%22availableResource%22%3A%22test1%22%2C%22availablePermissions%22%3A%5B%22Perm1%22%2C%22Perm2%22%5D%7D%5D%7D%7D&requested_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token&subject_token=Mellon&subject_token_type=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Aaccess_token"
 	standardRespBody = `{"access_token":"Open Sesame","expires_in":432,"issued_token_type":"urn:ietf:params:oauth:token-type:access_token","token_type":"Bearer"}`
 )