google: add authorized_user conditional to Credentials.UniverseDomain
Return default universe domain if credentials type is authorized_user.
Change-Id: I20a9b5fafa562fcec84717914a236d081f630591
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/532196
Run-TryBot: Cody Oss <codyoss@google.com>
Reviewed-by: Cody Oss <codyoss@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/google/default.go b/google/default.go
index 1d69bf7..12b12a3 100644
--- a/google/default.go
+++ b/google/default.go
@@ -216,6 +216,12 @@
return nil, err
}
+ universeDomain := f.UniverseDomain
+ // Authorized user credentials are only supported in the googleapis.com universe.
+ if f.Type == userCredentialsKey {
+ universeDomain = universeDomainDefault
+ }
+
ts, err := f.tokenSource(ctx, params)
if err != nil {
return nil, err
@@ -225,7 +231,7 @@
ProjectID: f.ProjectID,
TokenSource: ts,
JSON: jsonData,
- universeDomain: f.UniverseDomain,
+ universeDomain: universeDomain,
}, nil
}
diff --git a/google/default_test.go b/google/default_test.go
index 5425e35..1f76bae 100644
--- a/google/default_test.go
+++ b/google/default_test.go
@@ -9,7 +9,20 @@
"testing"
)
-var jwtJSONKeyUniverseDomain = []byte(`{
+var saJSONJWT = []byte(`{
+ "type": "service_account",
+ "project_id": "fake_project",
+ "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
+ "private_key": "super secret key",
+ "client_email": "gopher@developer.gserviceaccount.com",
+ "client_id": "gopher.apps.googleusercontent.com",
+ "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+ "token_uri": "https://oauth2.googleapis.com/token",
+ "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+ "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
+}`)
+
+var saJSONJWTUniverseDomain = []byte(`{
"type": "service_account",
"project_id": "fake_project",
"universe_domain": "example.com",
@@ -23,13 +36,49 @@
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gopher%40fake_project.iam.gserviceaccount.com"
}`)
-func TestCredentialsFromJSONWithParams_UniverseDomain(t *testing.T) {
+var userJSON = []byte(`{
+ "client_id": "abc123.apps.googleusercontent.com",
+ "client_secret": "shh",
+ "refresh_token": "refreshing",
+ "type": "authorized_user",
+ "quota_project_id": "fake_project2"
+}`)
+
+var userJSONUniverseDomain = []byte(`{
+ "client_id": "abc123.apps.googleusercontent.com",
+ "client_secret": "shh",
+ "refresh_token": "refreshing",
+ "type": "authorized_user",
+ "quota_project_id": "fake_project2",
+ "universe_domain": "example.com"
+}`)
+
+func TestCredentialsFromJSONWithParams_SA(t *testing.T) {
ctx := context.Background()
scope := "https://www.googleapis.com/auth/cloud-platform"
params := CredentialsParams{
Scopes: []string{scope},
}
- creds, err := CredentialsFromJSONWithParams(ctx, jwtJSONKeyUniverseDomain, params)
+ creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWT, params)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if want := "fake_project"; creds.ProjectID != want {
+ t.Fatalf("got %q, want %q", creds.ProjectID, want)
+ }
+ if want := "googleapis.com"; creds.UniverseDomain() != want {
+ t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
+ }
+}
+
+func TestCredentialsFromJSONWithParams_SA_UniverseDomain(t *testing.T) {
+ ctx := context.Background()
+ scope := "https://www.googleapis.com/auth/cloud-platform"
+ params := CredentialsParams{
+ Scopes: []string{scope},
+ }
+ creds, err := CredentialsFromJSONWithParams(ctx, saJSONJWTUniverseDomain, params)
if err != nil {
t.Fatal(err)
}
@@ -41,3 +90,35 @@
t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
}
}
+
+func TestCredentialsFromJSONWithParams_User(t *testing.T) {
+ ctx := context.Background()
+ scope := "https://www.googleapis.com/auth/cloud-platform"
+ params := CredentialsParams{
+ Scopes: []string{scope},
+ }
+ creds, err := CredentialsFromJSONWithParams(ctx, userJSON, params)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if want := "googleapis.com"; creds.UniverseDomain() != want {
+ t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
+ }
+}
+
+func TestCredentialsFromJSONWithParams_User_UniverseDomain(t *testing.T) {
+ ctx := context.Background()
+ scope := "https://www.googleapis.com/auth/cloud-platform"
+ params := CredentialsParams{
+ Scopes: []string{scope},
+ }
+ creds, err := CredentialsFromJSONWithParams(ctx, userJSONUniverseDomain, params)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if want := "googleapis.com"; creds.UniverseDomain() != want {
+ t.Fatalf("got %q, want %q", creds.UniverseDomain(), want)
+ }
+}
