fix: GCECredentials - Allow retrieval of ID token

Passing of options down to the OAuth 2 client. optional options to GCEcredentials, enabling the creation of ID tokens.
googleapis · Apr 2, 2023 · 97255af · 97255af
1 parent e962401
commit 97255af
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 11 deletions.
diff --git a/lib/googleauth/application_default.rb b/lib/googleauth/application_default.rb
@@ -60,7 +60,7 @@ def get_application_default scope = nil, options = {}
         GCECredentials.unmemoize_all
         raise NOT_FOUND_ERROR
       end
-      GCECredentials.new scope: scope
+      GCECredentials.new options.merge(scope: scope)
     end
   end
 end
diff --git a/spec/googleauth/get_application_default_spec.rb b/spec/googleauth/get_application_default_spec.rb
@@ -125,17 +125,36 @@
       end
     end
 
-    it "succeeds without default file or env if on compute engine" do
-      stub = stub_request(:get, "http://169.254.169.254")
-             .to_return(status:  200,
-                        headers: { "Metadata-Flavor" => "Google" })
-      Dir.mktmpdir do |dir|
-        ENV.delete @var_name unless ENV[@var_name].nil? # no env var
-        ENV["HOME"] = dir # no config present in this tmp dir
-        creds = Google::Auth.get_application_default @scope, options
-        expect(creds).to_not be_nil
+    describe "when on compute engine" do
+      it "succeeds without default file or env if on compute engine" do
+        stub = stub_request(:get, "http://169.254.169.254")
+               .to_return(status:  200,
+                          headers: { "Metadata-Flavor" => "Google" })
+        Dir.mktmpdir do |dir|
+          ENV.delete @var_name unless ENV[@var_name].nil? # no env var
+          ENV["HOME"] = dir # no config present in this tmp dir
+          creds = Google::Auth.get_application_default @scope, options
+          expect(creds).to_not be_nil
+        end
+        expect(stub).to have_been_requested
+      end
+
+      it "honors passing options to OAuth 2 client" do
+        stub = stub_request(:get, "http://169.254.169.254")
+               .to_return(status:  200,
+                          headers: { "Metadata-Flavor" => "Google" })
+        allow(GCECredentials)
+          .to receive(:new).with(options.merge(scope: @scope)).and_return(instance_double(GCECredentials))
+
+        Dir.mktmpdir do |dir|
+          ENV.delete @var_name unless ENV[@var_name].nil? # no env var
+          ENV["HOME"] = dir # no config present in this tmp dir
+          creds = Google::Auth.get_application_default @scope, options
+          expect(creds).to_not be_nil
+          expect(GCECredentials).to have_received(:new).with(options.merge(scope: @scope))
+        end
+
       end
-      expect(stub).to have_been_requested
     end
 
     it "succeeds with system default file" do