diff --git a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java index 44e9c0e93..200d56fbb 100644 --- a/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/IdentityPoolCredentials.java @@ -52,6 +52,7 @@ import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; +import java.util.Locale; import java.util.Map; import javax.annotation.Nullable; @@ -132,18 +133,21 @@ enum CredentialFormatType { Map formatMap = (Map) credentialSourceMap.get("format"); if (formatMap != null && formatMap.containsKey("type")) { String type = formatMap.get("type"); - if (!"text".equals(type) && !"json".equals(type)) { - throw new IllegalArgumentException( - String.format("Invalid credential source format type: %s.", type)); - } - credentialFormatType = - type.equals("text") ? CredentialFormatType.TEXT : CredentialFormatType.JSON; - if (!formatMap.containsKey("subject_token_field_name")) { + if (type != null && "json".equals(type.toLowerCase(Locale.US))) { + // For JSON, the subject_token field name must be provided. + if (!formatMap.containsKey("subject_token_field_name")) { + throw new IllegalArgumentException( + "When specifying a JSON credential type, the subject_token_field_name must be set."); + } + credentialFormatType = CredentialFormatType.JSON; + subjectTokenFieldName = formatMap.get("subject_token_field_name"); + } else if (type != null && "text".equals(type.toLowerCase(Locale.US))) { + credentialFormatType = CredentialFormatType.TEXT; + } else { throw new IllegalArgumentException( - "When specifying a JSON credential type, the subject_token_field_name must be set."); + String.format("Invalid credential source format type: %s.", type)); } - subjectTokenFieldName = formatMap.get("subject_token_field_name"); } } diff --git a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java index 33f55dfc6..5f8dc3ca0 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/IdentityPoolCredentialsTest.java @@ -415,6 +415,92 @@ void refreshAccessToken_workforceWithServiceAccountImpersonation() throws IOExce assertEquals(expectedInternalOptions.toString(), query.get("options")); } + @Test + void identityPoolCredentialSource_validFormats() { + Map credentialSourceMapWithFileTextSource = new HashMap<>(); + Map credentialSourceMapWithFileJsonTextSource = new HashMap<>(); + Map credentialSourceMapWithUrlTextSource = new HashMap<>(); + Map credentialSourceMapWithUrlJsonTextSource = new HashMap<>(); + + credentialSourceMapWithFileTextSource.put("file", "/path/to/file"); + credentialSourceMapWithFileJsonTextSource.put("file", "/path/to/file"); + + credentialSourceMapWithUrlTextSource.put("url", "https://google.com"); + credentialSourceMapWithUrlJsonTextSource.put("url", "https://google.com"); + Map headersMap = new HashMap<>(); + headersMap.put("header1", "value1"); + headersMap.put("header2", "value2"); + credentialSourceMapWithUrlTextSource.put("headers", headersMap); + credentialSourceMapWithUrlJsonTextSource.put("headers", headersMap); + + Map textFormat = new HashMap<>(); + textFormat.put("type", "text"); + + Map jsonTextFormat = new HashMap<>(); + jsonTextFormat.put("type", "json"); + jsonTextFormat.put("subject_token_field_name", "access_token"); + + credentialSourceMapWithFileTextSource.put("format", textFormat); + credentialSourceMapWithFileJsonTextSource.put("format", jsonTextFormat); + + credentialSourceMapWithUrlTextSource.put("format", textFormat); + credentialSourceMapWithUrlJsonTextSource.put("format", jsonTextFormat); + + List> sources = + Arrays.asList( + credentialSourceMapWithFileTextSource, + credentialSourceMapWithFileJsonTextSource, + credentialSourceMapWithUrlTextSource, + credentialSourceMapWithUrlJsonTextSource); + for (Map source : sources) { + // Should not throw. + new IdentityPoolCredentialSource(source); + } + } + + @Test + void identityPoolCredentialSource_caseInsensitive() { + Map credentialSourceMapWithFileTextSource = new HashMap<>(); + Map credentialSourceMapWithFileJsonTextSource = new HashMap<>(); + Map credentialSourceMapWithUrlTextSource = new HashMap<>(); + Map credentialSourceMapWithUrlJsonTextSource = new HashMap<>(); + + credentialSourceMapWithFileTextSource.put("file", "/path/to/file"); + credentialSourceMapWithFileJsonTextSource.put("file", "/path/to/file"); + + credentialSourceMapWithUrlTextSource.put("url", "https://google.com"); + credentialSourceMapWithUrlJsonTextSource.put("url", "https://google.com"); + Map headersMap = new HashMap<>(); + headersMap.put("HeaDer1", "Value1"); + headersMap.put("HeaDer2", "Value2"); + credentialSourceMapWithUrlTextSource.put("headers", headersMap); + credentialSourceMapWithUrlJsonTextSource.put("headers", headersMap); + + Map textFormat = new HashMap<>(); + textFormat.put("type", "TEXT"); + + Map jsonTextFormat = new HashMap<>(); + jsonTextFormat.put("type", "JSON"); + jsonTextFormat.put("subject_token_field_name", "access_token"); + + credentialSourceMapWithFileTextSource.put("format", textFormat); + credentialSourceMapWithFileJsonTextSource.put("format", jsonTextFormat); + + credentialSourceMapWithUrlTextSource.put("format", textFormat); + credentialSourceMapWithUrlJsonTextSource.put("format", jsonTextFormat); + + List> sources = + Arrays.asList( + credentialSourceMapWithFileTextSource, + credentialSourceMapWithFileJsonTextSource, + credentialSourceMapWithUrlTextSource, + credentialSourceMapWithUrlJsonTextSource); + for (Map source : sources) { + // Should not throw. + new IdentityPoolCredentialSource(source); + } + } + @Test void identityPoolCredentialSource_invalidSourceType() { IllegalArgumentException exception =