fix(internal): fix self-signed detection with scopes (#1096)

Removed the requirement on length of scopes passed. Checking the EnableJwtWithScope internal option should be sufficient since it will only be passed with our generated clients that will always include at least the platform scope and a default audience. Fixes: #1092
googleapis · Jun 30, 2021 · ff1d20b · ff1d20b
1 parent 222262a
commit ff1d20b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/internal/creds.go b/internal/creds.go
@@ -99,7 +99,7 @@ func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*g
 }
 
 func isSelfSignedJWTFlow(data []byte, ds *DialSettings) (bool, error) {
-	if (ds.EnableJwtWithScope || ds.HasCustomAudience() || len(ds.GetScopes()) == 0) &&
+	if (ds.EnableJwtWithScope || ds.HasCustomAudience()) &&
 		ds.ImpersonationConfig == nil {
 		// Check if JSON is a service account and if so create a self-signed JWT.
 		var f struct {