From 0042180b24f3cfe500f4cad3cabbc33c0a341f78 Mon Sep 17 00:00:00 2001
From: Abel Tay <abel.tay@gmail.com>
Date: Sat, 8 Jun 2019 14:15:54 +0800
Subject: [PATCH] oauth2: Deep copy context client in NewClient

OAuth2 client creation currently doesn't faithfully reuse the client
passed into the context. This causes config settings such as timeout to
be set to Default and may end up to be a gotcha for anyone who sends in
a context client with timeout set assuming that the timeout will be
copied to the new client.

Fix: https://github.com/golang/oauth2/issues/368
Change-Id: I4f5f052361ebe07f50fbd694379892833cd1056c
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/180920
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
---
 oauth2.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/oauth2.go b/oauth2.go
index a1a44c9b4..eacdd7fd9 100644
--- a/oauth2.go
+++ b/oauth2.go
@@ -356,11 +356,15 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client {
 	if src == nil {
 		return internal.ContextClient(ctx)
 	}
+	cc := internal.ContextClient(ctx)
 	return &http.Client{
 		Transport: &Transport{
-			Base:   internal.ContextClient(ctx).Transport,
+			Base:   cc.Transport,
 			Source: ReuseTokenSource(nil, src),
 		},
+		CheckRedirect: cc.CheckRedirect,
+		Jar:           cc.Jar,
+		Timeout:       cc.Timeout,
 	}
 }