From bdc7e7809a28ab70440fd2bc257d0a845180bc60 Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Tue, 4 Feb 2025 17:23:22 -0500 Subject: [PATCH 1/5] chore: Add test for non-2xx responses from idTokenWithAudience calls --- .../oauth2/ServiceAccountCredentialsTest.java | 50 +++++++++++++++++++ .../auth/oauth2/UserCredentialsTest.java | 16 ++++++ 2 files changed, 66 insertions(+) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index 2c8accbeb..3fc506e29 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -38,6 +38,7 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertSame; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -975,6 +976,55 @@ public void idTokenWithAudience_iamFlow_targetAudienceDoesNotMatchAudClaim() thr tokenCredential.getIdToken().getJsonWebSignature().getPayload().getAudience()); } + @Test + public void idTokenWithAudience_oauthEndpoint_non2XXError() throws IOException { + String universeDomain = "test.com"; + MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); + transportFactory.transport.setError(new IOException("404 Not Found")); + ServiceAccountCredentials credentials = + createDefaultBuilder() + .setScopes(SCOPES) + .setHttpTransportFactory(transportFactory) + .setUniverseDomain(universeDomain) + .build(); + + String targetAudience = "differentAudience"; + IdTokenCredentials tokenCredential = + IdTokenCredentials.newBuilder() + .setIdTokenProvider(credentials) + .setTargetAudience(targetAudience) + .build(); + + assertThrows(IOException.class, tokenCredential::refresh); + } + + @Test + public void idTokenWithAudience_iamEndpoint_non2XXError() throws IOException { + String universeDomain = "test.com"; + MockIAMCredentialsServiceTransportFactory transportFactory = + new MockIAMCredentialsServiceTransportFactory(universeDomain); + transportFactory.getTransport().setTargetPrincipal(CLIENT_EMAIL); + transportFactory.getTransport().setIdToken(DEFAULT_ID_TOKEN); + transportFactory + .getTransport() + .addStatusCodeAndMessage(HttpStatusCodes.STATUS_CODE_NOT_FOUND, "Not Found"); + ServiceAccountCredentials credentials = + createDefaultBuilder() + .setScopes(SCOPES) + .setHttpTransportFactory(transportFactory) + .setUniverseDomain(universeDomain) + .build(); + + String targetAudience = "differentAudience"; + IdTokenCredentials tokenCredential = + IdTokenCredentials.newBuilder() + .setIdTokenProvider(credentials) + .setTargetAudience(targetAudience) + .build(); + + assertThrows(IOException.class, tokenCredential::refresh); + } + @Test public void getScopes_nullReturnsEmpty() throws IOException { ServiceAccountCredentials credentials = createDefaultBuilder().build(); diff --git a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java index 27cd44b37..254e6f550 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java @@ -37,6 +37,7 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertSame; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -813,6 +814,21 @@ public void IdTokenCredentials_NoRetry_RetryableStatus_throws() throws IOExcepti } } + @Test + public void idTokenWithAudience_non2xxError() throws IOException { + MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); + transportFactory.transport.setError(new IOException("404 Not Found")); + String refreshToken = MockTokenServerTransport.REFRESH_TOKEN_WITH_USER_SCOPE; + InputStream userStream = writeUserStream(CLIENT_ID, CLIENT_SECRET, refreshToken, QUOTA_PROJECT); + + UserCredentials credentials = UserCredentials.fromStream(userStream, transportFactory); + + IdTokenCredentials tokenCredential = + IdTokenCredentials.newBuilder().setIdTokenProvider(credentials).build(); + + assertThrows(GoogleAuthException.class, tokenCredential::refresh); + } + @Test public void refreshAccessToken_4xx_5xx_NonRetryableFails() throws IOException { MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); From e147f53c52e3baf68fd2f9174628c49f066e00c5 Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Wed, 5 Feb 2025 11:42:27 -0500 Subject: [PATCH 2/5] chore: Update comments in test --- .../google/auth/oauth2/ServiceAccountCredentialsTest.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index 3fc506e29..085fa20bf 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -988,13 +988,14 @@ public void idTokenWithAudience_oauthEndpoint_non2XXError() throws IOException { .setUniverseDomain(universeDomain) .build(); - String targetAudience = "differentAudience"; + String targetAudience = "audience"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(credentials) .setTargetAudience(targetAudience) .build(); + // Ensure that a non 2xx status code returns an exception and doesn't continue execution assertThrows(IOException.class, tokenCredential::refresh); } @@ -1015,13 +1016,15 @@ public void idTokenWithAudience_iamEndpoint_non2XXError() throws IOException { .setUniverseDomain(universeDomain) .build(); - String targetAudience = "differentAudience"; + String targetAudience = "audience"; IdTokenCredentials tokenCredential = IdTokenCredentials.newBuilder() .setIdTokenProvider(credentials) .setTargetAudience(targetAudience) .build(); + // Ensure that a non 2xx status code returns an exception and doesn't continue execution + // Non 2xx status codes will be returned as HttpResponseException assertThrows(IOException.class, tokenCredential::refresh); } From 7f60f562259cd005c709fd23da0e3d8c750e44fa Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 5 Feb 2025 16:30:44 +0100 Subject: [PATCH 3/5] chore(deps): update dependency com.google.auth:google-auth-library-oauth2-http to v1.32.0 (#1657) --- samples/snippets/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/snippets/pom.xml b/samples/snippets/pom.xml index bfeb1c159..023113d1e 100644 --- a/samples/snippets/pom.xml +++ b/samples/snippets/pom.xml @@ -43,7 +43,7 @@ com.google.auth google-auth-library-oauth2-http - 1.31.0 + 1.32.0 From c2e60bcae0ef62b0c175b0090fb26b8108bb49fe Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Wed, 5 Feb 2025 15:49:05 -0500 Subject: [PATCH 4/5] chore: Update test name --- .../com/google/auth/oauth2/ServiceAccountCredentialsTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index 085fa20bf..4f8fe16b5 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -977,7 +977,7 @@ public void idTokenWithAudience_iamFlow_targetAudienceDoesNotMatchAudClaim() thr } @Test - public void idTokenWithAudience_oauthEndpoint_non2XXError() throws IOException { + public void idTokenWithAudience_oauthEndpoint_non2XXStatusCode() throws IOException { String universeDomain = "test.com"; MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.setError(new IOException("404 Not Found")); @@ -1000,7 +1000,7 @@ public void idTokenWithAudience_oauthEndpoint_non2XXError() throws IOException { } @Test - public void idTokenWithAudience_iamEndpoint_non2XXError() throws IOException { + public void idTokenWithAudience_iamEndpoint_non2XXStatusCode() throws IOException { String universeDomain = "test.com"; MockIAMCredentialsServiceTransportFactory transportFactory = new MockIAMCredentialsServiceTransportFactory(universeDomain); From 2b2a43198cdc0a37558478a6acb9912f42dcb0af Mon Sep 17 00:00:00 2001 From: Lawrence Qiu Date: Thu, 6 Feb 2025 15:50:25 -0500 Subject: [PATCH 5/5] chore: Remove universe domain --- .../google/auth/oauth2/ServiceAccountCredentialsTest.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java index 4f8fe16b5..e32a74292 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java @@ -978,15 +978,10 @@ public void idTokenWithAudience_iamFlow_targetAudienceDoesNotMatchAudClaim() thr @Test public void idTokenWithAudience_oauthEndpoint_non2XXStatusCode() throws IOException { - String universeDomain = "test.com"; MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory(); transportFactory.transport.setError(new IOException("404 Not Found")); ServiceAccountCredentials credentials = - createDefaultBuilder() - .setScopes(SCOPES) - .setHttpTransportFactory(transportFactory) - .setUniverseDomain(universeDomain) - .build(); + createDefaultBuilder().setScopes(SCOPES).setHttpTransportFactory(transportFactory).build(); String targetAudience = "audience"; IdTokenCredentials tokenCredential =