oauth2: Deep copy context client in NewClient

OAuth2 client creation currently doesn't faithfully reuse the client passed into the context. This causes config settings such as timeout to be set to Default and may end up to be a gotcha for anyone who sends in a context client with timeout set assuming that the timeout will be copied to the new client. Fix: #368 Change-Id: I4f5f052361ebe07f50fbd694379892833cd1056c Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/180920 Auto-Submit: Sean Liao <sean@liao.dev> Reviewed-by: Sean Liao <sean@liao.dev> Reviewed-by: Junyang Shao <shaojunyang@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com>
golang · Mar 3, 2025 · 0042180 · 0042180
1 parent ce350bf
commit 0042180
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/oauth2.go b/oauth2.go
@@ -356,11 +356,15 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client {
 	if src == nil {
 		return internal.ContextClient(ctx)
 	}
+	cc := internal.ContextClient(ctx)
 	return &http.Client{
 		Transport: &Transport{
-			Base:   internal.ContextClient(ctx).Transport,
+			Base:   cc.Transport,
 			Source: ReuseTokenSource(nil, src),
 		},
+		CheckRedirect: cc.CheckRedirect,
+		Jar:           cc.Jar,
+		Timeout:       cc.Timeout,
 	}
 }