feat: add self signed jwt feature

dependencies.properties

@@ -34,8 +34,8 @@ version.io_grpc=1.36.0
 #   2) Replace all characters which are neither alphabetic nor digits with the underscore ('_') character
 maven.com_google_api_grpc_proto_google_common_protos=com.google.api.grpc:proto-google-common-protos:2.0.1
 maven.com_google_api_grpc_grpc_google_common_protos=com.google.api.grpc:grpc-google-common-protos:2.0.1
-maven.com_google_auth_google_auth_library_oauth2_http=com.google.auth:google-auth-library-oauth2-http:0.24.0
-maven.com_google_auth_google_auth_library_credentials=com.google.auth:google-auth-library-credentials:0.24.0
+maven.com_google_auth_google_auth_library_oauth2_http=com.google.auth:google-auth-library-oauth2-http:0.25.0
+maven.com_google_auth_google_auth_library_credentials=com.google.auth:google-auth-library-credentials:0.25.0
 maven.io_opencensus_opencensus_api=io.opencensus:opencensus-api:0.28.0
 maven.io_opencensus_opencensus_contrib_grpc_metrics=io.opencensus:opencensus-contrib-grpc-metrics:0.28.0
 maven.io_opencensus_opencensus_contrib_http_util=io.opencensus:opencensus-contrib-http-util:0.28.0
@@ -66,8 +66,8 @@ maven.com_google_api_api_common=com.google.api:api-common:1.10.1
 maven.org_threeten_threetenbp=org.threeten:threetenbp:1.5.0
 maven.com_google_api_grpc_grpc_google_iam_v1=com.google.api.grpc:grpc-google-iam-v1:1.0.9
 maven.com_google_api_grpc_proto_google_iam_v1=com.google.api.grpc:proto-google-iam-v1:1.0.9
-maven.com_google_http_client_google_http_client=com.google.http-client:google-http-client:1.39.0
-maven.com_google_http_client_google_http_client_gson=com.google.http-client:google-http-client-gson:1.39.0
+maven.com_google_http_client_google_http_client=com.google.http-client:google-http-client:1.39.1
+maven.com_google_http_client_google_http_client_gson=com.google.http-client:google-http-client-gson:1.39.1
 maven.org_codehaus_mojo_animal_sniffer_annotations=org.codehaus.mojo:animal-sniffer-annotations:1.18
 maven.javax_annotation_javax_annotation_api=javax.annotation:javax.annotation-api:1.3.2
 

gax/src/main/java/com/google/api/gax/core/GoogleCredentialsProvider.java

@@ -53,6 +53,9 @@ public abstract class GoogleCredentialsProvider implements CredentialsProvider {
 
   public abstract List<String> getScopesToApply();
 
+  @BetaApi
+  public abstract List<String> getDefaultScopes();
+
   @BetaApi
   public abstract List<String> getJwtEnabledScopes();
 
@@ -88,15 +91,18 @@ public Credentials getCredentials() throws IOException {
           .build();
     }
 
-    if (credentials.createScopedRequired()) {
-      credentials = credentials.createScoped(getScopesToApply());
+    if (credentials.createScopedRequired() || credentials instanceof ServiceAccountCredentials) {
+      credentials = credentials.createScoped(getScopesToApply(), getDefaultScopes());
     }
+
     return credentials;
   }
 
   public static Builder newBuilder() {
     return new AutoValue_GoogleCredentialsProvider.Builder()
-        .setJwtEnabledScopes(ImmutableList.<String>of());
+        .setJwtEnabledScopes(ImmutableList.<String>of())
+        .setScopesToApply(ImmutableList.<String>of())
+        .setDefaultScopes(ImmutableList.<String>of());
   }
 
   public abstract Builder toBuilder();
@@ -134,9 +140,16 @@ public abstract static class Builder {
     @BetaApi
     public abstract List<String> getJwtEnabledScopes();
 
+    @BetaApi
+    public abstract Builder setDefaultScopes(List<String> val);
+
+    @BetaApi
+    public abstract List<String> getDefaultScopes();
+
     public GoogleCredentialsProvider build() {
       setScopesToApply(ImmutableList.copyOf(getScopesToApply()));
       setJwtEnabledScopes(ImmutableList.copyOf(getJwtEnabledScopes()));
+      setDefaultScopes(ImmutableList.copyOf(getDefaultScopes()));
       return autoBuild();
     }
 

gax/src/test/java/com/google/api/gax/core/GoogleCredentialsProviderTest.java

@@ -36,22 +36,26 @@
 import com.google.auth.oauth2.ServiceAccountJwtAccessCredentials;
 import com.google.common.collect.ImmutableList;
 import java.security.PrivateKey;
+import java.util.Collection;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 import org.mockito.Mockito;
 
 @RunWith(JUnit4.class)
 public class GoogleCredentialsProviderTest {
+  public ServiceAccountCredentials createServiceAccountCredentials() {
+    return ServiceAccountCredentials.newBuilder()
+        .setClientId("fake-client-id")
+        .setClientEmail("[email protected]")
+        .setPrivateKeyId("fake-private-key")
+        .setPrivateKey(Mockito.mock(PrivateKey.class))
+        .build();
+  }
+
   @Test
   public void serviceAccountReplacedWithJwtTokens() throws Exception {
-    ServiceAccountCredentials serviceAccountCredentials =
-        ServiceAccountCredentials.newBuilder()
-            .setClientId("fake-client-id")
-            .setClientEmail("[email protected]")
-            .setPrivateKeyId("fake-private-key")
-            .setPrivateKey(Mockito.mock(PrivateKey.class))
-            .build();
+    ServiceAccountCredentials serviceAccountCredentials = createServiceAccountCredentials();
 
     GoogleCredentialsProvider provider =
         GoogleCredentialsProvider.newBuilder()
@@ -71,13 +75,7 @@ public void serviceAccountReplacedWithJwtTokens() throws Exception {
 
   @Test
   public void noJwtWithoutScopeMatch() throws Exception {
-    ServiceAccountCredentials serviceAccountCredentials =
-        ServiceAccountCredentials.newBuilder()
-            .setClientId("fake-client-id")
-            .setClientEmail("[email protected]")
-            .setPrivateKeyId("fake-private-key")
-            .setPrivateKey(Mockito.mock(PrivateKey.class))
-            .build();
+    ServiceAccountCredentials serviceAccountCredentials = createServiceAccountCredentials();
 
     GoogleCredentialsProvider provider =
         GoogleCredentialsProvider.newBuilder()
@@ -100,4 +98,22 @@ public void noJwtWithoutScopeMatch() throws Exception {
         .isEqualTo(serviceAccountCredentials.getPrivateKey());
     assertThat(serviceAccountCredentials2.getScopes()).containsExactly("scope1", "scope2");
   }
+
+  @Test
+  public void serviceAccountWithDefaultScopes() throws Exception {
+    GoogleCredentialsProvider provider =
+        GoogleCredentialsProvider.newBuilder()
+            .setDefaultScopes(ImmutableList.of("scope1"))
+            .setOAuth2Credentials(createServiceAccountCredentials())
+            .build();
+
+    Credentials credentials = provider.getCredentials();
+    assertThat(credentials).isInstanceOf(ServiceAccountCredentials.class);
+    ServiceAccountCredentials serviceAccountCredentials = (ServiceAccountCredentials) credentials;
+    Collection<String> defaultScopes = serviceAccountCredentials.getDefaultScopes();
+    Collection<String> scopes = serviceAccountCredentials.getScopes();
+    assertThat(defaultScopes.size()).isEqualTo(1);
+    assertThat(defaultScopes.toArray()[0]).isEqualTo("scope1");
+    assertThat(scopes.size()).isEqualTo(0);
+  }
 }