Fixing aud field for PSC usecase (#3)

* Fixing aud field for PSC usecase * Bumping version
gsutil-mirrors · Nov 29, 2021 · ce6bd3d · ce6bd3d
1 parent 350c1fc
commit ce6bd3d
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 2 deletions.
diff --git a/oauth2client/__init__.py b/oauth2client/__init__.py
@@ -14,7 +14,7 @@
 
 """Client library for using OAuth2, especially with Google APIs."""
 
-__version__ = '4.1.3'
+__version__ = '4.1.4'
 
 GOOGLE_AUTH_URI = 'https://accounts.google.com/o/oauth2/v2/auth'
 GOOGLE_DEVICE_URI = 'https://oauth2.googleapis.com/device/code'

diff --git a/oauth2client/service_account.py b/oauth2client/service_account.py
@@ -374,7 +374,7 @@ def _generate_assertion(self):
         """Generate the assertion that will be used in the request."""
         now = int(time.time())
         payload = {
-            'aud': self.token_uri,
+            'aud': oauth2client.GOOGLE_TOKEN_URI,
             'scope': self._scopes,
             'iat': now,
             'exp': now + self.MAX_TOKEN_LIFETIME_SECS,

diff --git a/tests/test_service_account.py b/tests/test_service_account.py
@@ -66,6 +66,36 @@ def tearDown(self):
         crypt.Signer = self.orig_signer
         crypt.Verifier = self.orig_verifier
 
+    @mock.patch('oauth2client.crypt.Signer.from_string', return_value=object())
+    @mock.patch('oauth2client.crypt.make_signed_jwt', return_value=object())
+    @mock.patch('time.time')
+    def test__generate_assertion(self, time, mock_signed_jwt, _):
+        now = 123456
+        time.return_value = now
+        payload1 = {
+            'type': client.SERVICE_ACCOUNT,
+            'client_id': 'id123',
+            'client_email': 'foo@bar.com',
+            'private_key_id': 'pkid456',
+            'private_key': 's3kr3tz',
+        }
+        creds = self._from_json_keyfile_name_helper(payload1,
+                                                    scopes=['foo', 'bar'],
+                                                    token_uri='baz',
+                                                    revoke_uri='qux')
+        creds._generate_assertion()
+
+        payload2 = {
+            'aud': 'https://oauth2.googleapis.com/token',
+            'scope': 'foo bar',
+            'iat': now,
+            'exp': now + creds.MAX_TOKEN_LIFETIME_SECS,
+            'iss': 'foo@bar.com',
+        }
+        mock_signed_jwt.assert_called_once_with(creds._signer,
+                                                payload2,
+                                                key_id='pkid456')
+
     def test__to_json_override(self):
         signer = object()
         creds = service_account.ServiceAccountCredentials(