Add URI parameter to getRequestMetadata.

credentials/java/com/google/auth/Credentials.java

@@ -1,6 +1,7 @@
 package com.google.auth;
 
 import java.io.IOException;
+import java.net.URI;
 import java.util.List;
 import java.util.Map;
 
@@ -27,7 +28,21 @@ public abstract class Credentials {
    *
    * @throws IOException if there was an error getting up-to-date access.
    */
-  public abstract Map<String, List<String>> getRequestMetadata() throws IOException;
+  public Map<String, List<String>> getRequestMetadata() throws IOException {
+    return getRequestMetadata(null);
+  }
+
+  /**
+   * Get the current request metadata, refreshing tokens if required.
+   *
+   * <p>This should be called by the transport layer on each request, and the data should be
+   * populated in headers or other context. The operation can block and fail to complete and may do
+   * things such as refreshing access tokens.
+   *
+   * @param uri URI of the entry point for the request.
+   * @throws IOException if there was an error getting up-to-date access.
+   */
+  public abstract Map<String, List<String>> getRequestMetadata(URI uri) throws IOException;
 
   /**
    * Whether the credentials have metadata entries that should be added to each request.

oauth2_http/java/com/google/auth/http/HttpCredentialsAdapter.java

@@ -7,6 +7,7 @@
 import com.google.api.client.util.Preconditions;
 
 import java.io.IOException;
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -37,7 +38,8 @@ public void initialize(HttpRequest request) throws IOException {
       return;
     }
     HttpHeaders requestHeaders = request.getHeaders();
-    Map<String, List<String>> credentialHeaders = credentials.getRequestMetadata();
+    URI uri = request.getUrl().toURI();
+    Map<String, List<String>> credentialHeaders = credentials.getRequestMetadata(uri);
     if (credentialHeaders == null) {
       return;
     }

oauth2_http/java/com/google/auth/oauth2/OAuth2Credentials.java

@@ -4,6 +4,7 @@
 import com.google.auth.Credentials;
 
 import java.io.IOException;
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -46,7 +47,7 @@ public boolean hasRequestMetadataOnly() {
    * as an authorization bearer token.
    */
   @Override
-  public Map<String, List<String>> getRequestMetadata() throws IOException {
+  public Map<String, List<String>> getRequestMetadata(URI uri) throws IOException {
     synchronized(lock) {
       Long expiresIn = getExpiresInMilliseconds();
       if (temporaryAccess == null || expiresIn != null && expiresIn <= MINIMUM_TOKEN_MILLISECONDS) {

oauth2_http/javatests/com/google/auth/oauth2/ComputeEngineCredentialsTest.java

@@ -13,6 +13,7 @@
 import org.junit.runners.JUnit4;
 
 import java.io.IOException;
+import java.net.URI;
 import java.util.List;
 import java.util.Map;
 
@@ -22,14 +23,16 @@
 @RunWith(JUnit4.class)
 public class ComputeEngineCredentialsTest {
 
+  private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
+
   @Test
   public void getRequestMetadata_hasAccessToken() throws IOException {
     final String accessToken = "1/MkSJoj1xsli0AccessToken_NKPY2";
     MockMetadataServerTransport transport = new MockMetadataServerTransport();
     transport.setAccessToken(accessToken);
     ComputeEngineCredentials credentials = new ComputeEngineCredentials(transport);
 
-    Map<String, List<String>> metadata = credentials.getRequestMetadata();
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);
 
     TestUtils.assertContainsBearerToken(metadata, accessToken);
   }
@@ -43,7 +46,7 @@ public void getRequestMetadata_missingServiceAccount_throws() throws IOException
     ComputeEngineCredentials credentials = new ComputeEngineCredentials(transport);
 
     try {
-      credentials.getRequestMetadata();
+      credentials.getRequestMetadata(CALL_URI);
       fail("Expected error refreshing token.");
     } catch (IOException expected) {
       String message = expected.getMessage();
@@ -61,7 +64,7 @@ public void getRequestMetadata_serverError_throws() throws IOException {
     ComputeEngineCredentials credentials = new ComputeEngineCredentials(transport);
 
     try {
-      credentials.getRequestMetadata();
+      credentials.getRequestMetadata(CALL_URI);
       fail("Expected error refreshing token.");
     } catch (IOException expected) {
       String message = expected.getMessage();

oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java

@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.io.File;
 import java.io.FileNotFoundException;
+import java.net.URI;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
@@ -46,6 +47,7 @@ public class DefaultCredentialsProviderTest {
   private final static String SA_PRIVATE_KEY_PKCS8
       = ServiceAccountCredentialsTest.SA_PRIVATE_KEY_PKCS8;
   private static final Collection<String> SCOPES = Collections.singletonList("dummy.scope");
+  private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
 
   @Test
   public void getDefaultCredentials_noCredentials_throws() throws Exception {
@@ -101,7 +103,7 @@ public void getDefaultCredentials_compute_providesToken() throws IOException {
     GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transport);
 
     assertNotNull(defaultCredentials);
-    Map<String, List<String>> metadata = defaultCredentials.getRequestMetadata();
+    Map<String, List<String>> metadata = defaultCredentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }
 
@@ -139,7 +141,7 @@ public void getDefaultCredentials_envServiceAccount_providesToken() throws IOExc
 
     assertNotNull(defaultCredentials);
     defaultCredentials = defaultCredentials.createScoped(SCOPES);
-    Map<String, List<String>> metadata = defaultCredentials.getRequestMetadata();
+    Map<String, List<String>> metadata = defaultCredentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }
 
@@ -241,7 +243,7 @@ private void testUserProvidesToken(TestDefaultCredentialsProvider testProvider,
     GoogleCredentials defaultCredentials = testProvider.getDefaultCredentials(transport);
 
     assertNotNull(defaultCredentials);
-    Map<String, List<String>> metadata = defaultCredentials.getRequestMetadata();
+    Map<String, List<String>> metadata = defaultCredentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, accessToken);
   }
 

oauth2_http/javatests/com/google/auth/oauth2/GoogleCredentialsTest.java

@@ -15,6 +15,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.IOException;
+import java.net.URI;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
@@ -40,6 +41,7 @@ public class GoogleCredentialsTest {
   private static final String REFRESH_TOKEN = "1/Tl6awhpFjkMkSJoj1xsli0H2eL5YsMgU_NKPY2TyGWY";
   private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
   private static final HttpTransport DUMMY_TRANSPORT = new MockTokenServerTransport();
+  private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
 
   private static final Collection<String> SCOPES =
     Collections.unmodifiableCollection(Arrays.asList("scope1", "scope2"));
@@ -85,7 +87,7 @@ public void fromStream_serviceAccount_providesToken() throws IOException {
 
     assertNotNull(credentials);
     credentials = credentials.createScoped(SCOPES);
-    Map<String, List<String>> metadata = credentials.getRequestMetadata();
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }
 
@@ -136,7 +138,7 @@ public void fromStream_user_providesToken() throws IOException {
     GoogleCredentials credentials = GoogleCredentials.fromStream(userStream, transport);
 
     assertNotNull(credentials);
-    Map<String, List<String>> metadata = credentials.getRequestMetadata();
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }
 

oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsTest.java

@@ -12,6 +12,7 @@
 import org.junit.runners.JUnit4;
 
 import java.io.IOException;
+import java.net.URI;
 import java.util.Map;
 import java.util.List;
 
@@ -24,6 +25,7 @@ public class OAuth2CredentialsTest {
   private static final String CLIENT_SECRET = "jakuaL9YyieakhECKL2SwZcu";
   private static final String CLIENT_ID = "ya29.1.AADtN_UtlxN3PuGAxrN2XQnZTVRvDyVWnYq4I6dws";
   private static final String REFRESH_TOKEN = "1/Tl6awhpFjkMkSJoj1xsli0H2eL5YsMgU_NKPY2TyGWY";
+  private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
 
   @Test
   public void getAuthenticationType_returnsOAuth2() {
@@ -56,20 +58,20 @@ public void getRequestMetadata_cachesExpiringToken() throws IOException {
     credentials.clock = clock;
 
     // Verify getting the first token
-    Map<String, List<String>> metadata = credentials.getRequestMetadata();
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, accessToken1);
 
     // Change server to a different token
     transport.addRefreshToken(REFRESH_TOKEN, accessToken2);
 
     // Advance 5 minutes and verify original token
     clock.addToCurrentTime(5 * 60 * 1000);
-    metadata = credentials.getRequestMetadata();
+    metadata = credentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, accessToken1);
 
     // Advance 60 minutes and verify revised token
     clock.addToCurrentTime(60 * 60 * 1000);
-    metadata = credentials.getRequestMetadata();
+    metadata = credentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, accessToken2);
   }
 
@@ -86,7 +88,7 @@ public void refresh_refreshesToken() throws IOException {
     userCredentials.clock = new TestClock();
 
     // Get a first token
-    Map<String, List<String>> metadata = userCredentials.getRequestMetadata();
+    Map<String, List<String>> metadata = userCredentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, accessToken1);
 
     // Change server to a different token
@@ -97,7 +99,7 @@ public void refresh_refreshesToken() throws IOException {
 
     // Refresh to force getting next token
     userCredentials.refresh();
-    metadata = userCredentials.getRequestMetadata();
+    metadata = userCredentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, accessToken2);
   }
 }

oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java

@@ -16,6 +16,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.io.IOException;
+import java.net.URI;
 import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -51,6 +52,7 @@ public class ServiceAccountCredentialsTest {
   private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
   private final static Collection<String> SCOPES = Collections.singletonList("dummy.scope");
   private final static Collection<String> EMPTY_SCOPES = Collections.<String>emptyList();
+  private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
 
   @Test
   public void createdScoped_clones() throws IOException {
@@ -77,14 +79,14 @@ public void createdScoped_enablesAccessTokens() throws IOException {
         SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, null, transport);
 
     try {
-      credentials.getRequestMetadata();
+      credentials.getRequestMetadata(CALL_URI);
       fail("Should not be able to get token without scopes");
     } catch (Exception expected) {
     }
 
     GoogleCredentials scopedCredentials = credentials.createScoped(SCOPES);
 
-    Map<String, List<String>> metadata = scopedCredentials.getRequestMetadata();
+    Map<String, List<String>> metadata = scopedCredentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }
 
@@ -114,7 +116,7 @@ public void fromJSON_hasAccessToken() throws IOException {
     GoogleCredentials credentials = ServiceAccountCredentials.fromJson(json, transport);
 
     credentials = credentials.createScoped(SCOPES);
-    Map<String, List<String>> metadata = credentials.getRequestMetadata();
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }
 
@@ -125,7 +127,7 @@ public void getRequestMetadata_hasAccessToken() throws IOException {
     OAuth2Credentials credentials = ServiceAccountCredentials.fromPkcs8(
         SA_CLIENT_ID, SA_CLIENT_EMAIL, SA_PRIVATE_KEY_PKCS8, SA_PRIVATE_KEY_ID, SCOPES, transport);
 
-    Map<String, List<String>> metadata = credentials.getRequestMetadata();
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);
 
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }

oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java

@@ -12,6 +12,7 @@
 
 import java.io.InputStream;
 import java.io.IOException;
+import java.net.URI;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
@@ -28,6 +29,7 @@ public class UserCredentialsTest {
   private static final String REFRESH_TOKEN = "1/Tl6awhpFjkMkSJoj1xsli0H2eL5YsMgU_NKPY2TyGWY";
   private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
   private final static Collection<String> SCOPES = Collections.singletonList("dummy.scope");
+  private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
 
   @Test
   public void createScoped_same() {
@@ -50,7 +52,7 @@ public void fromJson_hasAccessToken() throws IOException {
 
     GoogleCredentials credentials = UserCredentials.fromJson(json, transport);
 
-    Map<String, List<String>> metadata = credentials.getRequestMetadata();
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(CALL_URI);
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }
 
@@ -62,7 +64,7 @@ public void getRequestMetadata_hasAccessToken() throws IOException {
     OAuth2Credentials userCredentials = new UserCredentials(
         CLIENT_ID, CLIENT_SECRET, REFRESH_TOKEN, transport);
 
-    Map<String, List<String>> metadata = userCredentials.getRequestMetadata();
+    Map<String, List<String>> metadata = userCredentials.getRequestMetadata(CALL_URI);
 
     TestUtils.assertContainsBearerToken(metadata, ACCESS_TOKEN);
   }