From 1fb930bc3babc4c462d0c92101166848a9433ded Mon Sep 17 00:00:00 2001
From: Brent Shaffer <betterbrent@google.com>
Date: Mon, 28 Jun 2021 16:30:38 -0700
Subject: [PATCH 1/3] fix: consistently use useSelfSignedJwt method

---
 src/Credentials/ServiceAccountCredentials.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Credentials/ServiceAccountCredentials.php b/src/Credentials/ServiceAccountCredentials.php
index 96ea4fa69..3ecdd8b5d 100644
--- a/src/Credentials/ServiceAccountCredentials.php
+++ b/src/Credentials/ServiceAccountCredentials.php
@@ -186,7 +186,7 @@ public function useJwtAccessWithScope()
      */
     public function fetchAuthToken(callable $httpHandler = null)
     {
-        if ($this->useJwtAccessWithScope) {
+        if ($this->useSelfSignedJwt()) {
             $jwtCreds = $this->createJwtAccessCredentials();
 
             $accessToken = $jwtCreds->fetchAuthToken($httpHandler);

From b202e1e4b532483d7849715c6a148a6d6dfe690e Mon Sep 17 00:00:00 2001
From: Brent Shaffer <betterbrent@google.com>
Date: Tue, 29 Jun 2021 06:30:47 -0700
Subject: [PATCH 2/3] Update ServiceAccountCredentials.php

---
 src/Credentials/ServiceAccountCredentials.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Credentials/ServiceAccountCredentials.php b/src/Credentials/ServiceAccountCredentials.php
index 3ecdd8b5d..da972497e 100644
--- a/src/Credentials/ServiceAccountCredentials.php
+++ b/src/Credentials/ServiceAccountCredentials.php
@@ -324,7 +324,12 @@ public function getQuotaProject()
 
     private function useSelfSignedJwt()
     {
-        // When true, ServiceAccountCredentials will always use JwtAccess
+        // If claims are set, this call is for "id_tokens"
+        if ($this->auth->getAdditionalClaims()) {
+            return false;
+        }
+        
+        // When true, ServiceAccountCredentials will always use JwtAccess for access tokens
         if ($this->useJwtAccessWithScope) {
             return true;
         }

From e1f8b37acacc734b7595098c1bf7a4ba5f32498e Mon Sep 17 00:00:00 2001
From: Brent Shaffer <bshafs@gmail.com>
Date: Tue, 29 Jun 2021 07:21:17 -0700
Subject: [PATCH 3/3] fix test

---
 tests/FetchAuthTokenTest.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/FetchAuthTokenTest.php b/tests/FetchAuthTokenTest.php
index 244452a26..c7e72b2fa 100644
--- a/tests/FetchAuthTokenTest.php
+++ b/tests/FetchAuthTokenTest.php
@@ -152,6 +152,8 @@ public function testServiceAccountCredentialsGetLastReceivedToken()
         $oauth2Mock = $this->getOAuth2Mock();
         $oauth2Mock->getScope()
             ->willReturn($this->scopes);
+        $oauth2Mock->getAdditionalClaims()
+            ->willReturn([]);
 
         $credentials = new ServiceAccountCredentials($this->scopes, $jsonPath);
         $property->setValue($credentials, $oauth2Mock->reveal());