diff --git a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java
index 0eaa3cd84..91e917a06 100644
--- a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java
+++ b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java
@@ -91,6 +91,7 @@ public class ImpersonatedCredentials extends GoogleCredentials
private static final long serialVersionUID = -2133257318957488431L;
private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ss'Z'";
private static final int TWELVE_HOURS_IN_SECONDS = 43200;
+ private static final int DEFAULT_LIFETIME_IN_SECONDS = 3600;
private static final String CLOUD_PLATFORM_SCOPE =
"https://www.googleapis.com/auth/cloud-platform";
private static final String IAM_ACCESS_TOKEN_ENDPOINT =
@@ -120,7 +121,8 @@ public class ImpersonatedCredentials extends GoogleCredentials
* value should be at most 3600. However, you can follow these
* instructions to set up the service account and extend the maximum lifetime to 43200 (12
- * hours).
+ * hours). If the given lifetime is 0, default value 3600 will be used instead when creating
+ * the credentials.
* @param transportFactory HTTP transport factory that creates the transport used to get access
* tokens
* @return new credentials
@@ -159,6 +161,8 @@ public static ImpersonatedCredentials create(
* instructions to set up the service account and extend the maximum lifetime to 43200 (12
* hours).
* https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials#sa-credentials-oauth
+ * If the given lifetime is 0, default value 3600 will be used instead when creating the
+ * credentials.
* @return new credentials
*/
public static ImpersonatedCredentials create(
@@ -186,6 +190,10 @@ public String getAccount() {
return this.targetPrincipal;
}
+ int getLifetime() {
+ return this.lifetime;
+ }
+
/**
* Signs the provided bytes using the private key associated with the impersonated service account
*
@@ -355,7 +363,7 @@ public static class Builder extends GoogleCredentials.Builder {
private String targetPrincipal;
private List delegates;
private List scopes;
- private int lifetime;
+ private int lifetime = DEFAULT_LIFETIME_IN_SECONDS;
private HttpTransportFactory transportFactory;
protected Builder() {}
@@ -402,7 +410,7 @@ public List getScopes() {
}
public Builder setLifetime(int lifetime) {
- this.lifetime = lifetime;
+ this.lifetime = lifetime == 0 ? DEFAULT_LIFETIME_IN_SECONDS : lifetime;
return this;
}
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java
index 63f314dff..b7c3bd29e 100644
--- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java
+++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java
@@ -198,6 +198,15 @@ public void refreshAccessToken_malformedTarget() throws IOException {
}
}
+ @Test()
+ public void credential_with_zero_lifetime() throws IOException, IllegalStateException {
+ GoogleCredentials sourceCredentials = getSourceCredentials();
+ ImpersonatedCredentials targetCredentials =
+ ImpersonatedCredentials.create(
+ sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, 0);
+ assertEquals(3600, targetCredentials.getLifetime());
+ }
+
@Test()
public void credential_with_invalid_lifetime() throws IOException, IllegalStateException {