krombel/oauth2
1
0
Fork 0
forked from remote/oauth2
Code Pull Requests 1 Activity

more tests, refactoring tests, not submitting userProject when unneeded

Browse Source
This commit is contained in:
Ryan Kohler
2021-10-04 14:45:06 -07:00
parent 0a7e112d45
commit 930d60d82d
2 changed files with 132 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
google/internal/externalaccount/basecredentials.go
View File

@@ -127,7 +127,7 @@ func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Re
if c.WorkforcePoolUserProject != "" {
valid := validateWorkforceAudience(c.Audience)
if !valid {
return nil, fmt.Errorf("oauth2/google: invalid Workforce Pool Audience provided while constructing tokenSource")
return nil, fmt.Errorf("oauth2/google: workforce_pool_user_project should not be set for non-workforce pool credentials")
}
}
@@ -241,7 +241,9 @@ func (ts tokenSource) Token() (*oauth2.Token, error) {
ClientSecret: conf.ClientSecret,
}
var options map[string]interface{}
if conf.WorkforcePoolUserProject != "" {
// Do not pass workforce_pool_user_project when client authentication is used.
// The client ID is sufficient for determining the user project.
if conf.WorkforcePoolUserProject != "" && conf.ClientID == "" {
options = map[string]interface{}{
"userProject": conf.WorkforcePoolUserProject,
}