fix: switch to GSON per security team advice (#586)

* switch to GSON per security team advice

* fix samples

* format

* update Javadoc

* bom version

* google-oauth-client not in BOM

google-oauth-client-appengine/src/main/java/com/google/api/client/extensions/appengine/auth/AbstractAppEngineCallbackServlet.java

@@ -48,10 +48,6 @@
  * {@link
  * com.google.api.client.extensions.appengine.auth.oauth2.AbstractAppEngineAuthorizationCodeCallbackServlet}.
  *
- * <p>Upgrade warning: in version 1.15 there was an implementation of {@link
- * #newJsonFactoryInstance()} that used {@code com.google.api.client.json.jackson.JacksonFactory},
- * but starting with version 1.16 there is no such implementation.
- *
  * @author moshenko@google.com (Jacob Moshenko)
  * @since 1.4
  */

google-oauth-client-appengine/src/main/java/com/google/api/client/extensions/appengine/auth/AbstractAppEngineFlowServlet.java

@@ -29,10 +29,6 @@
  * {@link
  * com.google.api.client.extensions.appengine.auth.oauth2.AbstractAppEngineAuthorizationCodeServlet}.
  *
- * <p>Upgrade warning: in version 1.15 there was an implementation of {@link
- * #newJsonFactoryInstance()} that used {@code com.google.api.client.json.jackson.JacksonFactory},
- * but starting with version 1.16 there is no such implementation.
- *
  * @author moshenko@google.com (Jacob Moshenko)
  * @since 1.4
  */

google-oauth-client-appengine/src/main/java/com/google/api/client/extensions/appengine/auth/oauth2/AbstractAppEngineAuthorizationCodeCallbackServlet.java

@@ -70,7 +70,7 @@
  * protected AuthorizationCodeFlow initializeFlow() throws IOException {
  * return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
  * new UrlFetchTransport(),
- * new JacksonFactory(),
+ * new GsonFactory(),
  * new GenericUrl("https://server.example.com/token"),
  * new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
  * "s6BhdRkqt3",

google-oauth-client-appengine/src/main/java/com/google/api/client/extensions/appengine/auth/oauth2/AbstractAppEngineAuthorizationCodeServlet.java

@@ -63,7 +63,7 @@
  * protected AuthorizationCodeFlow initializeFlow() throws IOException {
  * return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
  * new UrlFetchTransport(),
- * new JacksonFactory(),
+ * new GsonFactory(),
  * new GenericUrl("https://server.example.com/token"),
  * new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
  * "s6BhdRkqt3",

google-oauth-client-java6/pom.xml

@@ -92,7 +92,7 @@
     </dependency>
     <dependency>
       <groupId>com.google.http-client</groupId>
-      <artifactId>google-http-client-jackson2</artifactId>
+      <artifactId>google-http-client-gson</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>

google-oauth-client-java6/src/test/java/com/google/api/client/extensions/java6/auth/oauth2/FileCredentialStoreTest.java

@@ -25,7 +25,7 @@
 import com.google.api.client.http.LowLevelHttpResponse;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.JsonGenerator;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpRequest;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
@@ -48,7 +48,7 @@
 @Deprecated
 public class FileCredentialStoreTest extends TestCase {
 
-  static final JsonFactory JSON_FACTORY = new JacksonFactory();
+  static final JsonFactory JSON_FACTORY = new GsonFactory();
   private static final String ACCESS_TOKEN = "abc";
   static final String NEW_ACCESS_TOKEN = "def";
   private static final GenericUrl TOKEN_SERVER_URL = new GenericUrl("http://example.com/token");

google-oauth-client-servlet/src/main/java/com/google/api/client/extensions/servlet/auth/AbstractCallbackServlet.java

@@ -137,7 +137,7 @@ protected final HttpTransport getHttpTransport() {
    * json factory and should be as simple as:
    *
    * <pre>
-   * new JacksonFactory();
+   * new GsonFactory();
    * </pre>
    *
    * @return {@link JsonFactory} instance for your particular environment

google-oauth-client-servlet/src/main/java/com/google/api/client/extensions/servlet/auth/AbstractFlowUserServlet.java

@@ -168,7 +168,7 @@ protected final HttpTransport getHttpTransport() {
    * json factory and should be as simple as:
    *
    * <pre>
-   * new JacksonFactory();
+   * new GsonFactory();
    * </pre>
    *
    * @return {@link JsonFactory} instance for your particular environment

google-oauth-client-servlet/src/main/java/com/google/api/client/extensions/servlet/auth/oauth2/AbstractAuthorizationCodeCallbackServlet.java

@@ -67,7 +67,7 @@
  * protected AuthorizationCodeFlow initializeFlow() throws IOException {
  * return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
  * new NetHttpTransport(),
- * new JacksonFactory(),
+ * new GsonFactory(),
  * new GenericUrl("https://server.example.com/token"),
  * new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
  * "s6BhdRkqt3",

google-oauth-client-servlet/src/main/java/com/google/api/client/extensions/servlet/auth/oauth2/AbstractAuthorizationCodeServlet.java

@@ -69,7 +69,7 @@
  * protected AuthorizationCodeFlow initializeFlow() throws IOException {
  * return new AuthorizationCodeFlow.Builder(BearerToken.authorizationHeaderAccessMethod(),
  * new NetHttpTransport(),
- * new JacksonFactory(),
+ * new GsonFactory(),
  * new GenericUrl("https://server.example.com/token"),
  * new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw"),
  * "s6BhdRkqt3",

google-oauth-client/pom.xml

@@ -81,7 +81,7 @@
     </dependency>
     <dependency>
       <groupId>com.google.http-client</groupId>
-      <artifactId>google-http-client-jackson2</artifactId>
+      <artifactId>google-http-client-gson</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>

google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/AuthorizationCodeTokenRequest.java

@@ -38,7 +38,7 @@
  * static void requestAccessToken() throws IOException {
  * try {
  * TokenResponse response =
- * new AuthorizationCodeTokenRequest(new NetHttpTransport(), new JacksonFactory(),
+ * new AuthorizationCodeTokenRequest(new NetHttpTransport(), new GsonFactory(),
  * new GenericUrl("https://server.example.com/token"), "SplxlOBeZQQYbYS6WxSbIA")
  * .setRedirectUri("https://client.example.com/rd")
  * .setClientAuthentication(

google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/ClientCredentialsTokenRequest.java

@@ -36,7 +36,7 @@
  * static void requestAccessToken() throws IOException {
  * try {
  * TokenResponse response =
- * new ClientCredentialsTokenRequest(new NetHttpTransport(), new JacksonFactory(),
+ * new ClientCredentialsTokenRequest(new NetHttpTransport(), new GsonFactory(),
  * new GenericUrl("https://server.example.com/token"))
  * .setRedirectUri("https://client.example.com/rd")
  * .setClientAuthentication(

google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/ClientParametersAuthentication.java

@@ -37,7 +37,7 @@
  * static void requestAccessToken() throws IOException {
  * try {
  * TokenResponse response = new AuthorizationCodeTokenRequest(new NetHttpTransport(),
- * new JacksonFactory(), new GenericUrl("https://server.example.com/token"),
+ * new GsonFactory(), new GenericUrl("https://server.example.com/token"),
  * "SplxlOBeZQQYbYS6WxSbIA").setRedirectUri("https://client.example.com/rd")
  * .setClientAuthentication(
  * new ClientParametersAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw")).execute();

google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/PasswordTokenRequest.java

@@ -39,7 +39,7 @@
  * static void requestAccessToken() throws IOException {
  * try {
  * TokenResponse response =
- * new PasswordTokenRequest(new NetHttpTransport(), new JacksonFactory(),
+ * new PasswordTokenRequest(new NetHttpTransport(), new GsonFactory(),
  * new GenericUrl("https://server.example.com/token"), "johndoe", "A3ddj3w")
  * .setRedirectUri("https://client.example.com/rd")
  * .setClientAuthentication(

google-oauth-client/src/main/java/com/google/api/client/auth/oauth2/RefreshTokenRequest.java

@@ -38,7 +38,7 @@
  * static void refreshAccessToken() throws IOException {
  * try {
  * TokenResponse response =
- * new RefreshTokenRequest(new NetHttpTransport(), new JacksonFactory(), new GenericUrl(
+ * new RefreshTokenRequest(new NetHttpTransport(), new GsonFactory(), new GenericUrl(
  * "https://server.example.com/token"), "tGzv3JOkF0XG5Qx2TlKWIA")
  * .setClientAuthentication(
  * new BasicAuthentication("s6BhdRkqt3", "7Fjfp0ZBr1KtDRbnfVdmIw")).execute();

google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/AuthenticationTestBase.java

@@ -19,7 +19,7 @@
 import com.google.api.client.http.LowLevelHttpResponse;
 import com.google.api.client.json.Json;
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpRequest;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
@@ -34,7 +34,7 @@
  */
 public abstract class AuthenticationTestBase extends TestCase {
 
-  protected static final JsonFactory JSON_FACTORY = new JacksonFactory();
+  protected static final JsonFactory JSON_FACTORY = new GsonFactory();
   protected static final String ACCESS_TOKEN = "abc";
   protected static final String NEW_ACCESS_TOKEN = "def";
   protected static final GenericUrl TOKEN_SERVER_URL = new GenericUrl("http://example.com/token");

google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/AuthorizationCodeFlowTest.java

@@ -16,7 +16,7 @@
 
 import com.google.api.client.auth.oauth2.AuthorizationCodeFlow.CredentialCreatedListener;
 import com.google.api.client.http.BasicAuthentication;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.util.Joiner;
 import java.io.IOException;
 import java.util.Arrays;
@@ -64,7 +64,7 @@ public void testCredentialCreatedListener() throws IOException {
         new AuthorizationCodeFlow.Builder(
                 BearerToken.queryParameterAccessMethod(),
                 new AccessTokenTransport(),
-                new JacksonFactory(),
+                new GsonFactory(),
                 TOKEN_SERVER_URL,
                 new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
                 CLIENT_ID,
@@ -84,7 +84,7 @@ public void testRefreshListeners() throws IOException {
         new AuthorizationCodeFlow.Builder(
                 BearerToken.queryParameterAccessMethod(),
                 new AccessTokenTransport(),
-                new JacksonFactory(),
+                new GsonFactory(),
                 TOKEN_SERVER_URL,
                 new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
                 CLIENT_ID,
@@ -118,7 +118,7 @@ public void subsetTestNewAuthorizationUrl(Collection<String> scopes) {
         new AuthorizationCodeFlow.Builder(
                 BearerToken.queryParameterAccessMethod(),
                 new AccessTokenTransport(),
-                new JacksonFactory(),
+                new GsonFactory(),
                 TOKEN_SERVER_URL,
                 new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
                 CLIENT_ID,
@@ -139,7 +139,7 @@ public void testPKCE() {
         new AuthorizationCodeFlow.Builder(
                 BearerToken.queryParameterAccessMethod(),
                 new AccessTokenTransport(),
-                new JacksonFactory(),
+                new GsonFactory(),
                 TOKEN_SERVER_URL,
                 new BasicAuthentication(CLIENT_ID, CLIENT_SECRET),
                 CLIENT_ID,

google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/CustomTokenRequestTest.java

@@ -20,7 +20,7 @@
 import com.google.api.client.http.LowLevelHttpRequest;
 import com.google.api.client.http.LowLevelHttpResponse;
 import com.google.api.client.json.Json;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.testing.http.MockHttpTransport;
 import com.google.api.client.testing.http.MockLowLevelHttpRequest;
 import com.google.api.client.testing.http.MockLowLevelHttpResponse;
@@ -35,7 +35,7 @@
 public class CustomTokenRequestTest extends TestCase {
 
   private static final MockHttpTransport TRANSPORT = new MockHttpTransport();
-  private static final JacksonFactory JSON_FACTORY = new JacksonFactory();
+  private static final GsonFactory JSON_FACTORY = new GsonFactory();
   private static final GenericUrl AUTHORIZATION_SERVER_URL =
       new GenericUrl("https://server.example.com/authorize");
   private static final String JWT_ENCODED_CONTENT =

google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/CustomTokenResponseTest.java

@@ -15,7 +15,7 @@
 package com.google.api.client.auth.oauth2;
 
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.util.Key;
 import junit.framework.TestCase;
 
@@ -48,7 +48,7 @@ public StringExpiresTokenResponse setExpiresInSeconds(Long expiresInSeconds) {
   }
 
   public void testStringExpires() throws Exception {
-    JsonFactory jsonFactory = new JacksonFactory();
+    JsonFactory jsonFactory = new GsonFactory();
     TokenResponse response = jsonFactory.fromString(JSON, StringExpiresTokenResponse.class);
     assertEquals("2YotnFZFEjr1zCsicMWpAA", response.getAccessToken());
     assertEquals("example", response.getTokenType());

google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/TokenErrorResponseTest.java

@@ -15,7 +15,7 @@
 package com.google.api.client.auth.oauth2;
 
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import junit.framework.TestCase;
 
 /**
@@ -31,7 +31,7 @@ public class TokenErrorResponseTest extends TestCase {
           + "\"error_description\":\"error description\"}";
 
   public void test() throws Exception {
-    JsonFactory jsonFactory = new JacksonFactory();
+    JsonFactory jsonFactory = new GsonFactory();
     TokenErrorResponse response = jsonFactory.fromString(JSON, TokenErrorResponse.class);
     assertEquals("invalid_request", response.getError());
     assertEquals("http://www.example.com/error", response.getErrorUri());

google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/TokenRequestTest.java

@@ -15,7 +15,7 @@
 package com.google.api.client.auth.oauth2;
 
 import com.google.api.client.http.GenericUrl;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.testing.http.MockHttpTransport;
 import junit.framework.TestCase;
 
@@ -27,7 +27,7 @@
 public class TokenRequestTest extends TestCase {
 
   static final MockHttpTransport TRANSPORT = new MockHttpTransport();
-  static final JacksonFactory JSON_FACTORY = new JacksonFactory();
+  static final GsonFactory JSON_FACTORY = new GsonFactory();
   static final GenericUrl AUTHORIZATION_SERVER_URL =
       new GenericUrl("https://server.example.com/authorize");
 

google-oauth-client/src/test/java/com/google/api/client/auth/oauth2/TokenResponseTest.java

@@ -15,7 +15,7 @@
 package com.google.api.client.auth.oauth2;
 
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import junit.framework.TestCase;
 
 /**
@@ -32,7 +32,7 @@ public class TokenResponseTest extends TestCase {
           + "\"example_parameter\":\"example_value\"}";
 
   public void test() throws Exception {
-    JsonFactory jsonFactory = new JacksonFactory();
+    JsonFactory jsonFactory = new GsonFactory();
     TokenResponse response = jsonFactory.fromString(JSON, TokenResponse.class);
     assertEquals("2YotnFZFEjr1zCsicMWpAA", response.getAccessToken());
     assertEquals("example", response.getTokenType());

samples/dailymotion-cmdline-sample/pom.xml

@@ -35,7 +35,7 @@
       </plugin>
       <plugin>
         <artifactId>maven-checkstyle-plugin</artifactId>
-        <version>2.17</version>
+        <version>3.0.0</version>
         <configuration>
           <configLocation>../checkstyle.xml</configLocation>
           <consoleOutput>true</consoleOutput>
@@ -103,7 +103,7 @@
     </dependency>
     <dependency>
       <groupId>com.google.http-client</groupId>
-      <artifactId>google-http-client-jackson2</artifactId>
+      <artifactId>google-http-client-gson</artifactId>
     </dependency>
   </dependencies>
   <properties>

samples/dailymotion-cmdline-sample/src/main/java/com/google/api/services/samples/dailymotion/cmdline/DailyMotionSample.java

@@ -28,7 +28,7 @@
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.json.JsonObjectParser;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.util.store.DataStoreFactory;
 import com.google.api.client.util.store.FileDataStoreFactory;
 import java.io.File;
@@ -60,7 +60,7 @@ public class DailyMotionSample {
   private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
 
   /** Global instance of the JSON factory. */
-  static final JsonFactory JSON_FACTORY = new JacksonFactory();
+  static final JsonFactory JSON_FACTORY = new GsonFactory();
 
   private static final String TOKEN_SERVER_URL = "https://api.dailymotion.com/oauth/token";
   private static final String AUTHORIZATION_SERVER_URL =

samples/keycloak-pkce-cmdline-sample/pom.xml

@@ -35,7 +35,7 @@
       </plugin>
       <plugin>
         <artifactId>maven-checkstyle-plugin</artifactId>
-        <version>2.17</version>
+        <version>3.0.0</version>
         <configuration>
           <configLocation>../checkstyle.xml</configLocation>
           <consoleOutput>true</consoleOutput>
@@ -103,7 +103,7 @@
     </dependency>
     <dependency>
       <groupId>com.google.http-client</groupId>
-      <artifactId>google-http-client-jackson2</artifactId>
+      <artifactId>google-http-client-gson</artifactId>
     </dependency>
   </dependencies>
   <properties>

samples/keycloak-pkce-cmdline-sample/src/main/java/com/google/api/services/samples/keycloak/cmdline/PKCESample.java

@@ -24,7 +24,7 @@
 import com.google.api.client.http.HttpTransport;
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.JsonFactory;
-import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.json.gson.GsonFactory;
 import com.google.api.client.util.store.DataStoreFactory;
 import com.google.api.client.util.store.MemoryDataStoreFactory;
 import java.io.IOException;
@@ -56,7 +56,7 @@ public class PKCESample {
   private static final HttpTransport HTTP_TRANSPORT = new NetHttpTransport();
 
   /** Global instance of the JSON factory. */
-  static final JsonFactory JSON_FACTORY = new JacksonFactory();
+  static final JsonFactory JSON_FACTORY = new GsonFactory();
 
   private static final String TOKEN_SERVER_URL =
       "http://127.0.0.1:8080/auth/realms/master/protocol/openid-connect/token";

samples/snippets/pom.xml

@@ -30,7 +30,7 @@
       <dependency>
         <groupId>com.google.cloud</groupId>
         <artifactId>libraries-bom</artifactId>
-        <version></version>
+        <version>16.2.0</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -41,6 +41,7 @@
     <dependency>
       <groupId>com.google.oauth-client</groupId>
       <artifactId>google-oauth-client</artifactId>
+      <version>1.31.2</version>
     </dependency>
     <!-- [END google-oauth-client_install_with_bom] -->