Use new auth URIs

lib/googleauth/credentials.rb

@@ -38,8 +38,8 @@ module Auth
     # This class is intended to be inherited by API-specific classes
     # which overrides the SCOPE constant.
     class Credentials
-      TOKEN_CREDENTIAL_URI = 'https://accounts.google.com/o/oauth2/token'.freeze
-      AUDIENCE = 'https://accounts.google.com/o/oauth2/token'.freeze
+      TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'.freeze
+      AUDIENCE = 'https://oauth2.googleapis.com/token'.freeze
       SCOPE = [].freeze
       PATH_ENV_VARS = [].freeze
       JSON_ENV_VARS = [].freeze

lib/googleauth/user_refresh.rb

@@ -46,9 +46,9 @@ module Auth
     #
     # cf [Application Default Credentials](http://goo.gl/mkAHpZ)
     class UserRefreshCredentials < Signet::OAuth2::Client
-      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
+      TOKEN_CRED_URI = 'https://oauth2.googleapis.com/token'.freeze
       AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze
-      REVOKE_TOKEN_URI = 'https://accounts.google.com/o/oauth2/revoke'.freeze
+      REVOKE_TOKEN_URI = 'https://oauth2.googleapis.com/revoke'.freeze
       extend CredentialsLoader
 
       # Create a UserRefreshCredentials.

spec/googleauth/credentials_spec.rb

@@ -49,8 +49,8 @@
     allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
     allow(mocked_signet).to receive(:client_id)
     allow(Signet::OAuth2::Client).to receive(:new) do |options|
-      expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
-      expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
+      expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
+      expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
       expect(options[:scope]).to eq([])
       expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
       expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@@ -66,8 +66,8 @@
     allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
     allow(mocked_signet).to receive(:client_id)
     allow(Signet::OAuth2::Client).to receive(:new) do |options|
-      expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
-      expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
+      expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
+      expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
       expect(options[:scope]).to eq(['http://example.com/scope'])
       expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
       expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@@ -98,8 +98,8 @@ class TestCredentials < Google::Auth::Credentials
     allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
     allow(mocked_signet).to receive(:client_id)
     allow(Signet::OAuth2::Client).to receive(:new) do |options|
-      expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
-      expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
+      expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
+      expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
       expect(options[:scope]).to eq(['http://example.com/scope'])
       expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
       expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@@ -130,8 +130,8 @@ class TestCredentials < Google::Auth::Credentials
     allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
     allow(mocked_signet).to receive(:client_id)
     allow(Signet::OAuth2::Client).to receive(:new) do |options|
-      expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
-      expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
+      expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
+      expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
       expect(options[:scope]).to eq(['http://example.com/scope'])
       expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
       expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@@ -161,8 +161,8 @@ class TestCredentials < Google::Auth::Credentials
     allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
     allow(mocked_signet).to receive(:client_id)
     allow(Signet::OAuth2::Client).to receive(:new) do |options|
-      expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
-      expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
+      expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
+      expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
       expect(options[:scope]).to eq(['http://example.com/scope'])
       expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
       expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@@ -193,8 +193,8 @@ class TestCredentials < Google::Auth::Credentials
     allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
     allow(mocked_signet).to receive(:client_id)
     allow(Signet::OAuth2::Client).to receive(:new) do |options|
-      expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
-      expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
+      expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
+      expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
       expect(options[:scope]).to eq(['http://example.com/scope'])
       expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
       expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@@ -231,8 +231,8 @@ class TestCredentials < Google::Auth::Credentials
       default_keyfile_hash
     end
     allow(Signet::OAuth2::Client).to receive(:new) do |options|
-      expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
-      expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
+      expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
+      expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
       expect(options[:scope]).to eq(['http://example.com/scope'])
       expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
       expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)

spec/googleauth/signet_spec.rb

@@ -41,10 +41,10 @@
   before(:example) do
     @key = OpenSSL::PKey::RSA.new(2048)
     @client = Signet::OAuth2::Client.new(
-      token_credential_uri: 'https://accounts.google.com/o/oauth2/token',
+      token_credential_uri: 'https://oauth2.googleapis.com/token',
       scope: 'https://www.googleapis.com/auth/userinfo.profile',
       issuer: 'app@example.com',
-      audience: 'https://accounts.google.com/o/oauth2/token',
+      audience: 'https://oauth2.googleapis.com/token',
       signing_key: @key
     )
   end
@@ -60,7 +60,7 @@ def make_auth_stubs(opts)
                                    @key.public_key, true,
                                    algorithm: 'RS256')
     end
-    stub_request(:post, 'https://accounts.google.com/o/oauth2/token')
+    stub_request(:post, 'https://oauth2.googleapis.com/token')
       .with(body: hash_including(
         'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer'
       ), &blk)

spec/googleauth/user_authorizer_spec.rb

@@ -242,7 +242,7 @@
     end
 
     before(:example) do
-      stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
+      stub_request(:post, 'https://oauth2.googleapis.com/token')
         .to_return(body: token_json, status: 200, headers: {
                      'Content-Type' => 'application/json'
                    })
@@ -270,7 +270,7 @@
 
   context 'with invalid authorization code' do
     before(:example) do
-      stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
+      stub_request(:post, 'https://oauth2.googleapis.com/token')
         .to_return(status: 400)
     end
 
@@ -300,15 +300,15 @@
     before(:example) do
       token_store.store('user1', token_json)
       stub_request(
-        :get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken'
+        :get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
       )
         .to_return(status: 200)
     end
 
     it 'should revoke the grant' do
       authorizer.revoke_authorization('user1')
       expect(a_request(
-               :get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken'
+               :get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
       ))
         .to have_been_made
     end

spec/googleauth/user_refresh_spec.rb

@@ -68,7 +68,7 @@ def make_auth_stubs(opts = {})
     body = MultiJson.dump('access_token' => access_token,
                           'token_type' => 'Bearer',
                           'expires_in' => 3600)
-    stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
+    stub_request(:post, 'https://oauth2.googleapis.com/token')
       .with(body: hash_including('grant_type' => 'refresh_token'))
       .to_return(body: body,
                  status: 200,
@@ -246,7 +246,7 @@ def cred_json_text(missing = nil)
 
   describe 'when revoking a refresh token' do
     let(:stub) do
-      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+      stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
                          '?token=refreshtoken')
         .to_return(status: 200,
                    headers: { 'Content-Type' => 'application/json' })
@@ -262,7 +262,7 @@ def cred_json_text(missing = nil)
 
   describe 'when revoking an access token' do
     let(:stub) do
-      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+      stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
                          '?token=accesstoken')
         .to_return(status: 200,
                    headers: { 'Content-Type' => 'application/json' })
@@ -280,7 +280,7 @@ def cred_json_text(missing = nil)
 
   describe 'when revoking an invalid token' do
     let(:stub) do
-      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+      stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
                          '?token=refreshtoken')
         .to_return(status: 400,
                    headers: { 'Content-Type' => 'application/json' })

spec/googleauth/web_user_authorizer_spec.rb

@@ -107,7 +107,7 @@
     end
 
     before(:example) do
-      stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
+      stub_request(:post, 'https://oauth2.googleapis.com/token')
         .to_return(body: token_json,
                    status: 200,
                    headers: { 'Content-Type' => 'application/json' })