Update Endpoints auth samples.

endpoints/getting-started/clients/service_to_service_google_id_token/main.py

@@ -24,9 +24,9 @@
 from google.appengine.api import app_identity
 import webapp2
 
-DEFAUTL_SERVICE_ACCOUNT = "YOUR-CLIENT-PROJECT-ID@appspot.gserviceaccount.com"
+SERVICE_ACCOUNT_EMAIL = "YOUR-CLIENT-PROJECT-ID@appspot.gserviceaccount.com"
 HOST = "YOUR-SERVER-PROJECT-ID.appspot.com"
-TARGET_AUD = "YOUR-SERVER-PROJECT-ID@appspot.gserviceaccount.com"
+TARGET_AUD = "https://YOUR-SERVER-PROJECT-ID.appspot.com"
 
 
 def generate_jwt():
@@ -42,11 +42,10 @@ def generate_jwt():
         "iat": now,
         # expires after one hour.
         "exp": now + 3600,
-        # iss is the Google App Engine default service account email.
-        "iss": DEFAUTL_SERVICE_ACCOUNT,
-        # scope must match 'audience' for google_id_token in the security
-        # configuration in your swagger spec.
-        "scope": TARGET_AUD,
+        # iss is the service account email.
+        "iss": SERVICE_ACCOUNT_EMAIL,
+        # target_audience is the URL of the target service.
+        "target_audience": TARGET_AUD,
         # aud must be Google token endpoints URL.
         "aud": "https://www.googleapis.com/oauth2/v4/token"
     })

endpoints/getting-started/openapi.yaml

@@ -141,8 +141,8 @@ securityDefinitions:
     authorizationUrl: ""
     flow: "implicit"
     type: "oauth2"
-    x-google-issuer: "accounts.google.com"
-    x-google-jwks_uri: "https://www.googleapis.com/oauth2/v1/certs"
+    x-google-issuer: "https://accounts.google.com"
+    x-google-jwks_uri: "https://www.googleapis.com/oauth2/v3/certs"
     # Your OAuth2 client's Client ID must be added here. You can add multiple client IDs to accept tokens form multiple clients.
     x-google-audiences: "YOUR-CLIENT-ID"
   # This section configures authentication using Firebase Auth.