diff --git a/auth/build.gradle b/auth/build.gradle index 09619ea562..0d1ad372d7 100644 --- a/auth/build.gradle +++ b/auth/build.gradle @@ -3,7 +3,8 @@ dependencies { compile project(':grpc-api'), libraries.google_auth_credentials testCompile project(':grpc-testing'), - libraries.google_auth_oauth2_http + libraries.google_auth_oauth2_http, + libraries.jwt signature "org.codehaus.mojo.signature:java17:1.0@signature" signature "net.sf.androidscents.signature:android-api-level-14:4.0_r4@signature" } diff --git a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java index 4c798b0892..fed11b70ee 100644 --- a/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java +++ b/auth/src/test/java/io/grpc/auth/GoogleAuthLibraryCallCredentialsTest.java @@ -28,13 +28,14 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import com.auth0.jwt.JWT; +import com.auth0.jwt.interfaces.DecodedJWT; import com.google.auth.Credentials; import com.google.auth.RequestMetadataCallback; import com.google.auth.oauth2.AccessToken; import com.google.auth.oauth2.GoogleCredentials; import com.google.auth.oauth2.OAuth2Credentials; import com.google.auth.oauth2.ServiceAccountCredentials; -import com.google.auth.oauth2.ServiceAccountJwtAccessCredentials; import com.google.common.collect.Iterables; import com.google.common.collect.LinkedListMultimap; import com.google.common.collect.ListMultimap; @@ -42,7 +43,6 @@ import com.google.common.collect.Multimaps; import io.grpc.Attributes; import io.grpc.CallCredentials; import io.grpc.CallCredentials.MetadataApplier; -import io.grpc.CallCredentials.RequestInfo; import io.grpc.Metadata; import io.grpc.MethodDescriptor; import io.grpc.SecurityLevel; @@ -393,17 +393,6 @@ public class GoogleAuthLibraryCallCredentialsTest { @Test public void jwtAccessCredentialsInRequestMetadata() throws Exception { KeyPair pair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); - RequestInfo requestInfo = new RequestInfoImpl("example.com:123"); - - ServiceAccountJwtAccessCredentials jwtCreds = - ServiceAccountJwtAccessCredentials.newBuilder() - .setClientId("test-client") - .setClientEmail("test-email@example.com") - .setPrivateKey(pair.getPrivate()) - .setPrivateKeyId("test-private-key-id") - .build(); - List expectedAuthMetadata = jwtCreds - .getRequestMetadata(new URI("https://example.com:123/a.service")).get("Authorization"); ServiceAccountCredentials credentials = ServiceAccountCredentials.newBuilder() @@ -414,12 +403,18 @@ public class GoogleAuthLibraryCallCredentialsTest { .build(); GoogleAuthLibraryCallCredentials callCredentials = new GoogleAuthLibraryCallCredentials(credentials); - callCredentials.applyRequestMetadata(requestInfo, executor, applier); + callCredentials.applyRequestMetadata(new RequestInfoImpl("example.com:123"), executor, applier); verify(applier).apply(headersCaptor.capture()); Metadata headers = headersCaptor.getValue(); - assertArrayEquals(Iterables.toArray(expectedAuthMetadata, String.class), - Iterables.toArray(headers.getAll(AUTHORIZATION), String.class)); + String token = + Iterables.getOnlyElement(headers.getAll(AUTHORIZATION)).substring("Bearer".length()); + DecodedJWT decoded = JWT.decode(token); + assertEquals("test-private-key-id", decoded.getKeyId()); + assertEquals("https://example.com:123/a.service", + Iterables.getOnlyElement(decoded.getAudience())); + assertEquals("test-email@example.com", decoded.getIssuer()); + assertEquals("test-email@example.com", decoded.getSubject()); } private int runPendingRunnables() { diff --git a/build.gradle b/build.gradle index 6c62b337e3..05e7164fa2 100644 --- a/build.gradle +++ b/build.gradle @@ -191,6 +191,7 @@ subprojects { hpack: 'com.twitter:hpack:0.10.1', javax_annotation: 'javax.annotation:javax.annotation-api:1.2', jsr305: 'com.google.code.findbugs:jsr305:3.0.2', + jwt: 'com.auth0:java-jwt:3.8.2', google_api_protos: 'com.google.api.grpc:proto-google-common-protos:1.12.0', google_auth_credentials: "com.google.auth:google-auth-library-credentials:${googleauthVersion}", google_auth_oauth2_http: "com.google.auth:google-auth-library-oauth2-http:${googleauthVersion}",