feat: setting the audience to always point to google token endpoint (#833)

* feat: setting the audience to always point to google token endpoint

Author: TimurSadykov

.gitignore

@@ -5,10 +5,14 @@ target/
 .classpath
 .project
 .settings
+.factorypath
 
 # Intellij
 *.iml
 .idea/
 
 # VS Code
-.vscode/
+.vscode/
+
+# MacOS
+.DS_Store

oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java

@@ -567,7 +567,7 @@ public boolean createScopedRequired() {
   public AccessToken refreshAccessToken() throws IOException {
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTime = clock.currentTimeMillis();
-    String assertion = createAssertion(jsonFactory, currentTime, tokenServerUri.toString());
+    String assertion = createAssertion(jsonFactory, currentTime);
 
     GenericData tokenRequest = new GenericData();
     tokenRequest.set("grant_type", GRANT_TYPE);
@@ -882,8 +882,7 @@ public boolean equals(Object obj) {
         && Objects.equals(this.useJwtAccessWithScope, other.useJwtAccessWithScope);
   }
 
-  String createAssertion(JsonFactory jsonFactory, long currentTime, String audience)
-      throws IOException {
+  String createAssertion(JsonFactory jsonFactory, long currentTime) throws IOException {
     JsonWebSignature.Header header = new JsonWebSignature.Header();
     header.setAlgorithm("RS256");
     header.setType("JWT");
@@ -900,13 +899,9 @@ String createAssertion(JsonFactory jsonFactory, long currentTime, String audienc
       payload.put("scope", Joiner.on(' ').join(scopes));
     }
 
-    if (audience == null) {
-      payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
-    } else {
-      payload.setAudience(audience);
-    }
-
+    payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
     String assertion;
+
     try {
       assertion = JsonWebSignature.signUsingRsaSha256(privateKey, jsonFactory, header, payload);
     } catch (GeneralSecurityException e) {

oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java

@@ -242,7 +242,7 @@ void createAssertion_correct() throws IOException {
 
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
-    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
+    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);
 
     JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
     JsonWebToken.Payload payload = signature.getPayload();
@@ -272,7 +272,7 @@ void createAssertion_defaultScopes_correct() throws IOException {
 
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
-    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
+    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);
 
     JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
     JsonWebToken.Payload payload = signature.getPayload();
@@ -290,7 +290,7 @@ void createAssertion_custom_lifetime() throws IOException {
 
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
-    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
+    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);
 
     JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
     JsonWebToken.Payload payload = signature.getPayload();
@@ -372,36 +372,6 @@ void createAssertionForIdToken_incorrect() throws IOException {
     assertEquals(USER, payload.getSubject());
   }
 
-  @Test
-  void createAssertion_withTokenUri_correct() throws IOException {
-    PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8);
-    List<String> scopes = Arrays.asList("scope1", "scope2");
-    ServiceAccountCredentials credentials =
-        ServiceAccountCredentials.newBuilder()
-            .setClientId(CLIENT_ID)
-            .setClientEmail(CLIENT_EMAIL)
-            .setPrivateKey(privateKey)
-            .setPrivateKeyId(PRIVATE_KEY_ID)
-            .setScopes(scopes)
-            .setServiceAccountUser(USER)
-            .setProjectId(PROJECT_ID)
-            .build();
-
-    JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
-    long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
-    String assertion =
-        credentials.createAssertion(jsonFactory, currentTimeMillis, "https://foo.com/bar");
-
-    JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
-    JsonWebToken.Payload payload = signature.getPayload();
-    assertEquals(CLIENT_EMAIL, payload.getIssuer());
-    assertEquals("https://foo.com/bar", payload.getAudience());
-    assertEquals(currentTimeMillis / 1000, (long) payload.getIssuedAtTimeSeconds());
-    assertEquals(currentTimeMillis / 1000 + 3600, (long) payload.getExpirationTimeSeconds());
-    assertEquals(USER, payload.getSubject());
-    assertEquals(String.join(" ", scopes), payload.get("scope"));
-  }
-
   @Test
   void createdScoped_enablesAccessTokens() throws IOException {
     MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();