fix: ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh (#1131)

* fix: Ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh * fix: review

Author: lsirac

oauth2_http/java/com/google/auth/oauth2/OAuth2Credentials.java

@@ -151,6 +151,18 @@ public final AccessToken getAccessToken() {
  return null;
  }
 
+ /** Returns the credentials' refresh margin. */
+ @VisibleForTesting
+ Duration getRefreshMargin() {
+ return this.refreshMargin;
+ }
+
+ /** Returns the credentials' expiration margin. */
+ @VisibleForTesting
+ Duration getExpirationMargin() {
+ return this.expirationMargin;
+ }
+
  @Override
  public void getRequestMetadata(
  final URI uri, Executor executor, final RequestMetadataCallback callback) {

oauth2_http/java/com/google/auth/oauth2/OAuth2CredentialsWithRefresh.java

@@ -49,6 +49,16 @@ public interface OAuth2RefreshHandler {
 
  private final OAuth2RefreshHandler refreshHandler;
 
+ protected OAuth2CredentialsWithRefresh(Builder builder) {
+ super(builder.getAccessToken(), builder.getRefreshMargin(), builder.getExpirationMargin());
+ // An expiration time must be provided.
+ if (builder.getAccessToken() != null && builder.getAccessToken().getExpirationTime() == null) {
+ throw new IllegalArgumentException(
+ "The provided access token must contain the expiration time.");
+ }
+ this.refreshHandler = checkNotNull(builder.refreshHandler);
+ }
+
  protected OAuth2CredentialsWithRefresh(
  AccessToken accessToken, OAuth2RefreshHandler refreshHandler) {
  super(accessToken);
@@ -101,7 +111,7 @@ public Builder setRefreshHandler(OAuth2RefreshHandler handler) {
  }
 
  public OAuth2CredentialsWithRefresh build() {
- return new OAuth2CredentialsWithRefresh(getAccessToken(), refreshHandler);
+ return new OAuth2CredentialsWithRefresh(this);
  }
  }
 }

oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsWithRefreshTest.java

@@ -31,19 +31,26 @@
 
 package com.google.auth.oauth2;
 
+import static com.google.auth.oauth2.OAuth2Credentials.DEFAULT_EXPIRATION_MARGIN;
+import static com.google.auth.oauth2.OAuth2Credentials.DEFAULT_REFRESH_MARGIN;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 
+import com.google.auth.TestUtils;
 import java.io.IOException;
+import java.net.URI;
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
 import java.util.Date;
+import java.util.List;
+import java.util.Map;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
 /** Tests for {@link OAuth2CredentialsWithRefresh}. */
 @RunWith(JUnit4.class)
 public class OAuth2CredentialsWithRefreshTest {
-
  private static final AccessToken ACCESS_TOKEN = new AccessToken("accessToken", new Date());
 
  @Test
@@ -65,6 +72,85 @@ public AccessToken refreshAccessToken() {
  assertEquals(refreshHandler, credential.getRefreshHandler());
  }
 
+ @Test
+ public void builder_withRefreshAndExpirationMargins() {
+ OAuth2CredentialsWithRefresh.OAuth2RefreshHandler refreshHandler =
+ new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+ @Override
+ public AccessToken refreshAccessToken() {
+ return null;
+ }
+ };
+
+ Duration refreshMargin = Duration.of(10, ChronoUnit.SECONDS);
+ Duration expirationMargin = Duration.of(12, ChronoUnit.SECONDS);
+
+ OAuth2CredentialsWithRefresh credential =
+ (OAuth2CredentialsWithRefresh)
+ OAuth2CredentialsWithRefresh.newBuilder()
+ .setAccessToken(ACCESS_TOKEN)
+ .setRefreshHandler(refreshHandler)
+ .setRefreshMargin(refreshMargin)
+ .setExpirationMargin(expirationMargin)
+ .build();
+
+ assertEquals(ACCESS_TOKEN, credential.getAccessToken());
+ assertEquals(refreshMargin, credential.getRefreshMargin());
+ assertEquals(expirationMargin, credential.getExpirationMargin());
+ assertEquals(refreshHandler, credential.getRefreshHandler());
+ }
+
+ @Test
+ public void builder_onlyRefreshMarginSet() {
+ OAuth2CredentialsWithRefresh.OAuth2RefreshHandler refreshHandler =
+ new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+ @Override
+ public AccessToken refreshAccessToken() {
+ return null;
+ }
+ };
+
+ Duration refreshMargin = Duration.of(10, ChronoUnit.SECONDS);
+
+ OAuth2CredentialsWithRefresh credential =
+ (OAuth2CredentialsWithRefresh)
+ OAuth2CredentialsWithRefresh.newBuilder()
+ .setAccessToken(ACCESS_TOKEN)
+ .setRefreshHandler(refreshHandler)
+ .setRefreshMargin(refreshMargin)
+ .build();
+
+ assertEquals(ACCESS_TOKEN, credential.getAccessToken());
+ assertEquals(refreshMargin, credential.getRefreshMargin());
+ assertEquals(DEFAULT_EXPIRATION_MARGIN, credential.getExpirationMargin());
+ assertEquals(refreshHandler, credential.getRefreshHandler());
+ }
+
+ @Test
+ public void builder_onlyExpirationMarginSet() {
+ OAuth2CredentialsWithRefresh.OAuth2RefreshHandler refreshHandler =
+ new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+ @Override
+ public AccessToken refreshAccessToken() {
+ return null;
+ }
+ };
+
+ Duration expirationMargin = Duration.of(12, ChronoUnit.SECONDS);
+ OAuth2CredentialsWithRefresh credential =
+ (OAuth2CredentialsWithRefresh)
+ OAuth2CredentialsWithRefresh.newBuilder()
+ .setAccessToken(ACCESS_TOKEN)
+ .setRefreshHandler(refreshHandler)
+ .setExpirationMargin(expirationMargin)
+ .build();
+
+ assertEquals(ACCESS_TOKEN, credential.getAccessToken());
+ assertEquals(DEFAULT_REFRESH_MARGIN, credential.getRefreshMargin());
+ assertEquals(expirationMargin, credential.getExpirationMargin());
+ assertEquals(refreshHandler, credential.getRefreshHandler());
+ }
+
  @Test
  public void builder_noAccessToken() {
  OAuth2CredentialsWithRefresh.newBuilder()
@@ -119,4 +205,25 @@ public AccessToken refreshAccessToken() {
 
  assertEquals(refreshedToken, accessToken);
  }
+
+ @Test
+ public void getRequestMetadata() throws IOException {
+ URI uri = URI.create("http://googleapis.com/testapi/v1/foo");
+ final AccessToken refreshedToken = new AccessToken("refreshedAccessToken", new Date());
+ OAuth2CredentialsWithRefresh credentials =
+ OAuth2CredentialsWithRefresh.newBuilder()
+ .setAccessToken(ACCESS_TOKEN)
+ .setRefreshHandler(
+ new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+ @Override
+ public AccessToken refreshAccessToken() {
+ return refreshedToken;
+ }
+ })
+ .build();
+
+ Map<String, List<String>> metadata = credentials.getRequestMetadata(uri);
+
+ TestUtils.assertContainsBearerToken(metadata, refreshedToken.getTokenValue());
+ }
 }