From d94e65c0e441183403608d762b92b30b77e21eeb Mon Sep 17 00:00:00 2001 From: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com> Date: Tue, 20 Jul 2021 12:09:57 -0700 Subject: [PATCH] revert: revert "feat: service account is able to use a private token endpoint (#784)" (#808) revert "feat: service account is able to use a private token endpoint (#784)" until b/194191737 is fixed. This reverts commit 0e264092e35ac02ad68d5d91424ecba5397daa41. --- google/oauth2/service_account.py | 5 ++--- tests/oauth2/test_service_account.py | 4 ++-- tests_async/oauth2/test_service_account_async.py | 10 ++-------- 3 files changed, 6 insertions(+), 13 deletions(-) diff --git a/google/oauth2/service_account.py b/google/oauth2/service_account.py index 8f18f26ea..dd3658994 100644 --- a/google/oauth2/service_account.py +++ b/google/oauth2/service_account.py @@ -80,7 +80,6 @@ from google.oauth2 import _client _DEFAULT_TOKEN_LIFETIME_SECS = 3600 # 1 hour in seconds -_GOOGLE_OAUTH2_TOKEN_ENDPOINT = "https://oauth2.googleapis.com/token" class Credentials( @@ -383,7 +382,7 @@ def _make_authorization_grant_assertion(self): # The issuer must be the service account email. "iss": self._service_account_email, # The audience must be the auth token endpoint's URI - "aud": _GOOGLE_OAUTH2_TOKEN_ENDPOINT, + "aud": self._token_uri, "scope": _helpers.scopes_to_string(self._scopes or ()), } @@ -644,7 +643,7 @@ def _make_authorization_grant_assertion(self): # The issuer must be the service account email. "iss": self.service_account_email, # The audience must be the auth token endpoint's URI - "aud": _GOOGLE_OAUTH2_TOKEN_ENDPOINT, + "aud": self._token_uri, # The target audience specifies which service the ID token is # intended for. "target_audience": self._target_audience, diff --git a/tests/oauth2/test_service_account.py b/tests/oauth2/test_service_account.py index 370438f48..5852d3714 100644 --- a/tests/oauth2/test_service_account.py +++ b/tests/oauth2/test_service_account.py @@ -167,7 +167,7 @@ def test__make_authorization_grant_assertion(self): token = credentials._make_authorization_grant_assertion() payload = jwt.decode(token, PUBLIC_CERT_BYTES) assert payload["iss"] == self.SERVICE_ACCOUNT_EMAIL - assert payload["aud"] == service_account._GOOGLE_OAUTH2_TOKEN_ENDPOINT + assert payload["aud"] == self.TOKEN_URI def test__make_authorization_grant_assertion_scoped(self): credentials = self.make_credentials() @@ -440,7 +440,7 @@ def test__make_authorization_grant_assertion(self): token = credentials._make_authorization_grant_assertion() payload = jwt.decode(token, PUBLIC_CERT_BYTES) assert payload["iss"] == self.SERVICE_ACCOUNT_EMAIL - assert payload["aud"] == service_account._GOOGLE_OAUTH2_TOKEN_ENDPOINT + assert payload["aud"] == self.TOKEN_URI assert payload["target_audience"] == self.TARGET_AUDIENCE @mock.patch("google.oauth2._client.id_token_jwt_grant", autospec=True) diff --git a/tests_async/oauth2/test_service_account_async.py b/tests_async/oauth2/test_service_account_async.py index 3dce13d82..40794536c 100644 --- a/tests_async/oauth2/test_service_account_async.py +++ b/tests_async/oauth2/test_service_account_async.py @@ -152,10 +152,7 @@ def test__make_authorization_grant_assertion(self): token = credentials._make_authorization_grant_assertion() payload = jwt.decode(token, test_service_account.PUBLIC_CERT_BYTES) assert payload["iss"] == self.SERVICE_ACCOUNT_EMAIL - assert ( - payload["aud"] - == service_account.service_account._GOOGLE_OAUTH2_TOKEN_ENDPOINT - ) + assert payload["aud"] == self.TOKEN_URI def test__make_authorization_grant_assertion_scoped(self): credentials = self.make_credentials() @@ -314,10 +311,7 @@ def test__make_authorization_grant_assertion(self): token = credentials._make_authorization_grant_assertion() payload = jwt.decode(token, test_service_account.PUBLIC_CERT_BYTES) assert payload["iss"] == self.SERVICE_ACCOUNT_EMAIL - assert ( - payload["aud"] - == service_account.service_account._GOOGLE_OAUTH2_TOKEN_ENDPOINT - ) + assert payload["aud"] == self.TOKEN_URI assert payload["target_audience"] == self.TARGET_AUDIENCE @mock.patch("google.oauth2._client_async.id_token_jwt_grant", autospec=True)