googleapis
fix: ComputeEngineCredentials.createScoped should invalidate existing AccessToken
Fixes #1387 ☕️
As described in the original issue, this looks like a regression introduced in https://github.com/googleapis/google-auth-library-java/commit/7e268611d2c2152e84702b1c67ca846902bbe2d5 when migrating from deprecated constructor to use builder. Access token is scoped and should be invalidated when scope changes.
This PR include changes:
- ComputeEngineCredentials.createScoped() should invalidate existing AccessToken
- ComputeEngineCredentials.createScoped(newScopes, newDefaultScopes) should respect universe domain settings.
- For testing, update to mock transport to support returning access token when url is scoped. Should return a different access token compared to default url with no scopes.
- ~~Other credential types: e.g. ServiceAccountCredentials.creatScoped() should also invalidate existing AccessToken~~ Will raise separate pr for this.
Follow up items not included in this PR:
- Check if other GoogleCredentials subclasses that overrides createScoped() suffer from same issue (e.g.
ServiceAccountCredentials.creatScoped())
Quality Gate passed
Issues
1 New issue
0 Accepted issues
Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud
![sonarqubecloud[bot] avatar](https://avatars.githubusercontent.com/in/12526?v=4 "Published by a pub.dev verified publisher"){kind=small}
Quality Gate passed
Issues
1 New issue
0 Accepted issues
Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code
See analysis details on SonarCloud