search

googleapis / google-auth-library-java

Open source Auth client library for Java
https://developers.google.com/identity
BSD 3-Clause "New" or "Revised" License
409 stars 222 forks source link

IdTokenCredentials fails to fetch license id claim when requested #1449

Open sjvanrossum opened 2 months ago

sjvanrossum commented 2 months ago

Steps to reproduce

  1. Create ComputeEngineCredentials on a GCE VM.
  2. Derive IdTokenCredentials from the above with #setOptions() containing IdTokenProvider.Option.LICENSES_TRUE and optionally the implied IdTokenProvider.Option.FORMAT_FULL.
  3. Observe lack of license id claims in payload.

Code example

new String(Base64.getUrlDecoder()
        .decode(IdTokenCredentials.newBuilder()
            .setIdTokenProvider(ComputeEngineCredentials.create())
            .setTargetAudience("https://foo.bar")
            .setOptions(Arrays.asList(
                IdTokenProvider.Option.FORMAT_FULL,
                IdTokenProvider.Option.LICENSES_TRUE))
            .build()
            .refreshAccessToken()
            .getTokenValue()
            .split("\\.")[1]),
    StandardCharsets.UTF_8)