From ff1d20ba85c66fcaed1c1e466fbc647e09339854 Mon Sep 17 00:00:00 2001
From: Cody Oss <6331106+codyoss@users.noreply.github.com>
Date: Wed, 30 Jun 2021 13:45:55 -0500
Subject: [PATCH] fix(internal): fix self-signed detection with scopes (#1096)

Removed the requirement on length of scopes passed. Checking the EnableJwtWithScope internal option should be sufficient since it will only be passed with our generated clients that will always include at least the platform scope and a default audience.
Fixes: #1092
---
 internal/creds.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/creds.go b/internal/creds.go
index 9cb2b74c0ed..855604b75df 100644
--- a/internal/creds.go
+++ b/internal/creds.go
@@ -99,7 +99,7 @@ func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*g
 }
 
 func isSelfSignedJWTFlow(data []byte, ds *DialSettings) (bool, error) {
-	if (ds.EnableJwtWithScope || ds.HasCustomAudience() || len(ds.GetScopes()) == 0) &&
+	if (ds.EnableJwtWithScope || ds.HasCustomAudience()) &&
 		ds.ImpersonationConfig == nil {
 		// Check if JSON is a service account and if so create a self-signed JWT.
 		var f struct {