From 927e3d5598e2d2b06512b27f4210994c65b26f59 Mon Sep 17 00:00:00 2001 From: Shin Fan Date: Thu, 15 Oct 2020 15:46:47 -0700 Subject: [PATCH] fix: remove 1 hour limit for impersonated token (#490) Cloud IAM now supports extended 12h lifespan for access token. --- .../auth/oauth2/ImpersonatedCredentials.java | 3 --- .../oauth2/ImpersonatedCredentialsTest.java | 19 ------------------- 2 files changed, 22 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java index a0dcd3512..63ee972ec 100644 --- a/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java +++ b/oauth2_http/java/com/google/auth/oauth2/ImpersonatedCredentials.java @@ -218,9 +218,6 @@ private ImpersonatedCredentials(Builder builder) { if (this.scopes == null) { throw new IllegalStateException(SCOPE_EMPTY_ERROR); } - if (this.lifetime > ONE_HOUR_IN_SECONDS) { - throw new IllegalStateException(LIFETIME_EXCEEDED_ERROR); - } } @Override diff --git a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java index 29eef937a..3a262ba6d 100644 --- a/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java +++ b/oauth2_http/javatests/com/google/auth/oauth2/ImpersonatedCredentialsTest.java @@ -110,7 +110,6 @@ public class ImpersonatedCredentialsTest extends BaseSerializationTest { Arrays.asList("https://www.googleapis.com/auth/devstorage.read_only"); private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2"; private static final int VALID_LIFETIME = 300; - private static final int INVALID_LIFETIME = 3800; private static JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance(); private static final String RFC3339 = "yyyy-MM-dd'T'HH:mm:ss'Z'"; @@ -198,24 +197,6 @@ public void refreshAccessToken_malformedTarget() throws IOException { } } - @Test() - public void credential_with_invalid_lifetime() throws IOException, IllegalStateException { - - GoogleCredentials sourceCredentials = getSourceCredentials(); - try { - ImpersonatedCredentials targetCredentials = - ImpersonatedCredentials.create( - sourceCredentials, IMPERSONATED_CLIENT_EMAIL, null, SCOPES, INVALID_LIFETIME); - targetCredentials.refreshAccessToken().getTokenValue(); - fail( - String.format( - "Should throw exception with message containing '%s'", - "lifetime must be less than or equal to 3600")); - } catch (IllegalStateException expected) { - assertTrue(expected.getMessage().contains("lifetime must be less than or equal to 3600")); - } - } - @Test() public void credential_with_invalid_scope() throws IOException, IllegalStateException {