From b51713c1186037ed72f18ee821769b4b354c7b76 Mon Sep 17 00:00:00 2001 From: Daniel Bankhead Date: Mon, 29 Jan 2024 11:39:08 -0800 Subject: [PATCH] refactor: Consistency Between Langs (#1744) * refactor: Remove `tokenURL` * refactor: Revert to `googleapis.com` --- src/auth/downscopedclient.ts | 14 +------------- src/auth/oauth2client.ts | 12 +++++++----- test/test.downscopedclient.ts | 36 ----------------------------------- 3 files changed, 8 insertions(+), 54 deletions(-) diff --git a/src/auth/downscopedclient.ts b/src/auth/downscopedclient.ts index b4a7a019..2e2716f1 100644 --- a/src/auth/downscopedclient.ts +++ b/src/auth/downscopedclient.ts @@ -73,13 +73,6 @@ export interface CredentialAccessBoundary { accessBoundary: { accessBoundaryRules: AccessBoundaryRule[]; }; - /** - * An optional STS access token exchange endpoint. - * - * @example - * 'https://sts.googleapis.com/v1/token' - */ - tokenURL?: string | URL; } /** Defines an upper bound of permissions on a particular resource. */ @@ -141,11 +134,6 @@ export class DownscopedClient extends AuthClient { ) { super({...additionalOptions, quotaProjectId}); - // extract and remove `tokenURL` as it is not officially a part of the credentialAccessBoundary - this.credentialAccessBoundary = {...credentialAccessBoundary}; - const tokenURL = this.credentialAccessBoundary.tokenURL; - delete this.credentialAccessBoundary.tokenURL; - // Check 1-10 Access Boundary Rules are defined within Credential Access // Boundary. if ( @@ -174,7 +162,7 @@ export class DownscopedClient extends AuthClient { } this.stsCredential = new sts.StsCredentials( - tokenURL || `https://sts.${this.universeDomain}/v1/token` + `https://sts.${this.universeDomain}/v1/token` ); this.cachedDownscopedAccessToken = null; diff --git a/src/auth/oauth2client.ts b/src/auth/oauth2client.ts index 9a12f509..e5a94c31 100644 --- a/src/auth/oauth2client.ts +++ b/src/auth/oauth2client.ts @@ -531,12 +531,14 @@ export class OAuth2Client extends AuthClient { this.redirectUri = opts.redirectUri; this.endpoints = { - tokenInfoUrl: `https://oauth2.${this.universeDomain}/tokeninfo`, + tokenInfoUrl: 'https://oauth2.googleapis.com/tokeninfo', oauth2AuthBaseUrl: 'https://accounts.google.com/o/oauth2/v2/auth', - oauth2TokenUrl: `https://oauth2.${this.universeDomain}/token`, - oauth2RevokeUrl: `https://oauth2.${this.universeDomain}/revoke`, - oauth2FederatedSignonPemCertsUrl: `https://www.${this.universeDomain}/oauth2/v1/certs`, - oauth2FederatedSignonJwkCertsUrl: `https://www.${this.universeDomain}/oauth2/v3/certs`, + oauth2TokenUrl: 'https://oauth2.googleapis.com/token', + oauth2RevokeUrl: 'https://oauth2.googleapis.com/revoke', + oauth2FederatedSignonPemCertsUrl: + 'https://www.googleapis.com/oauth2/v1/certs', + oauth2FederatedSignonJwkCertsUrl: + 'https://www.googleapis.com/oauth2/v3/certs', oauth2IapPublicKeyUrl: 'https://www.gstatic.com/iap/verify/public_key', ...opts.endpoints, }; diff --git a/test/test.downscopedclient.ts b/test/test.downscopedclient.ts index 23baf404..d280a9ee 100644 --- a/test/test.downscopedclient.ts +++ b/test/test.downscopedclient.ts @@ -325,42 +325,6 @@ describe('DownscopedClient', () => { refreshOptions.eagerRefreshThresholdMillis ); }); - - it('should use a tokenURL', async () => { - const tokenURL = new URL('https://my-token-url/v1/token'); - const scope = mockStsTokenExchange( - [ - { - statusCode: 200, - response: stsSuccessfulResponse, - request: { - grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange', - requested_token_type: - 'urn:ietf:params:oauth:token-type:access_token', - subject_token: 'subject_token_0', - subject_token_type: - 'urn:ietf:params:oauth:token-type:access_token', - options: JSON.stringify(testClientAccessBoundary), - }, - }, - ], - undefined, - tokenURL.origin - ); - - const downscopedClient = new DownscopedClient(client, { - ...testClientAccessBoundary, - tokenURL, - }); - - const tokenResponse = await downscopedClient.getAccessToken(); - assert.deepStrictEqual( - tokenResponse.token, - stsSuccessfulResponse.access_token - ); - - scope.done(); - }); }); describe('setCredential()', () => {