Merge pull request #536 from richieforeman/jwt-fips

Switch ServiceAccountCredential signing to be FIPS compliant

Src/GoogleApis.Auth.DotNet4/OAuth2/ServiceAccountCredential.cs

@@ -140,7 +140,10 @@ public override async Task<bool> RequestAccessTokenAsync(CancellationToken taskC
                 .Append(UrlSafeBase64Encode(serializedPayload));
 
             // Sign the header and the payload.
-            var signature = UrlSafeBase64Encode(key.SignData(Encoding.ASCII.GetBytes(assertion.ToString()), "SHA256"));
+            var hashAlg = new SHA256CryptoServiceProvider();
+            byte[] assertionHash = hashAlg.ComputeHash(Encoding.ASCII.GetBytes(assertion.ToString()));
+
+            var signature = UrlSafeBase64Encode(key.SignHash(assertionHash, "2.16.840.1.101.3.4.2.1" /* SHA256 OIG */)); 
             assertion.Append(".").Append(signature);
 
             // Create the request.