commit 622c5d57e401754bcdaf99beee1fe0c1136fe3d9
author Shapor Naghibzadeh <shapor@gmail.com> Tue May 17 10:13:16 2022 -0700
committer Cody Oss <codyoss@google.com> Tue May 24 21:58:30 2022 +0000
tree ffc10e579a12770b80ac5d560e401cfa8b9f6834
parent 9780585627b5122c8cc9c6a378ac9861507e7551

google/google: set JWT Audience in JWTConfigFromJSON()

Add support to set JWT Audience in JWTConfigFromJSON() to allow setting
the audience field from the JSON config, rather than only allowing it
the default value of the token_uri.

Previous change 272766 (approved but abandoned).

Change-Id: I14d46f3628df0a04801949bf99520b210e778f99
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/406836
Reviewed-by: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>

google/google.go

diff --git a/google/google.go b/google/google.go
index ccc23ee..ceddd5d 100644
--- a/google/google.go
+++ b/google/google.go
@@ -139,6 +139,7 @@
 		Scopes:       scopes,
 		TokenURL:     f.TokenURL,
 		Subject:      subject, // This is the user email to impersonate
+		Audience:     f.Audience,
 	}
 	if cfg.TokenURL == "" {
 		cfg.TokenURL = JWTTokenURL

google/google_test.go

diff --git a/google/google_test.go b/google/google_test.go
index be30b08..ea01049 100644
--- a/google/google_test.go
+++ b/google/google_test.go
@@ -37,7 +37,8 @@
   "client_email": "gopher@developer.gserviceaccount.com",
   "client_id": "gopher.apps.googleusercontent.com",
   "token_uri": "https://accounts.google.com/o/gophers/token",
-  "type": "service_account"
+  "type": "service_account",
+  "audience": "https://testservice.googleapis.com/"
 }`)
 
 var jwtJSONKeyNoTokenURL = []byte(`{
@@ -48,6 +49,15 @@
   "type": "service_account"
 }`)
 
+var jwtJSONKeyNoAudience = []byte(`{
+  "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
+  "private_key": "super secret key",
+  "client_email": "gopher@developer.gserviceaccount.com",
+  "client_id": "gopher.apps.googleusercontent.com",
+  "token_uri": "https://accounts.google.com/o/gophers/token",
+  "type": "service_account"
+}`)
+
 func TestConfigFromJSON(t *testing.T) {
 	conf, err := ConfigFromJSON(webJSONKey, "scope1", "scope2")
 	if err != nil {
@@ -103,6 +113,9 @@
 	if got, want := conf.TokenURL, "https://accounts.google.com/o/gophers/token"; got != want {
 		t.Errorf("TokenURL = %q; want %q", got, want)
 	}
+	if got, want := conf.Audience, "https://testservice.googleapis.com/"; got != want {
+		t.Errorf("Audience = %q; want %q", got, want)
+	}
 }
 
 func TestJWTConfigFromJSONNoTokenURL(t *testing.T) {
@@ -114,3 +127,13 @@
 		t.Errorf("TokenURL = %q; want %q", got, want)
 	}
 }
+
+func TestJWTConfigFromJSONNoAudience(t *testing.T) {
+	conf, err := JWTConfigFromJSON(jwtJSONKeyNoAudience, "scope1", "scope2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if got, want := conf.Audience, ""; got != want {
+		t.Errorf("Audience = %q; want %q", got, want)
+	}
+}