Revert "feat: setting the audience to always point to google token en…

…dpoint"

This reverts commit 14e7f54.

.gitignore

@@ -5,15 +5,11 @@ target/
 .classpath
 .project
 .settings
-.factorypath
 
 # Intellij
 *.iml
 *.factorypath
 .idea/
 
 # VS Code
-.vscode/
-
-# MacOS
-.DS_Store
+.vscode/

oauth2_http/java/com/google/auth/oauth2/ServiceAccountCredentials.java

@@ -522,7 +522,7 @@ public boolean createScopedRequired() {
   public AccessToken refreshAccessToken() throws IOException {
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTime = clock.currentTimeMillis();
-    String assertion = createAssertion(jsonFactory, currentTime);
+    String assertion = createAssertion(jsonFactory, currentTime, tokenServerUri.toString());
 
     GenericData tokenRequest = new GenericData();
     tokenRequest.set("grant_type", GRANT_TYPE);
@@ -831,7 +831,7 @@ public boolean equals(Object obj) {
         && Objects.equals(this.defaultRetriesEnabled, other.defaultRetriesEnabled);
   }
 
-  String createAssertion(JsonFactory jsonFactory, long currentTime)
+  String createAssertion(JsonFactory jsonFactory, long currentTime, String audience)
       throws IOException {
     JsonWebSignature.Header header = new JsonWebSignature.Header();
     header.setAlgorithm("RS256");
@@ -849,9 +849,13 @@ String createAssertion(JsonFactory jsonFactory, long currentTime)
       payload.put("scope", Joiner.on(' ').join(scopes));
     }
 
-    payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
-    String assertion;
+    if (audience == null) {
+      payload.setAudience(OAuth2Utils.TOKEN_SERVER_URI.toString());
+    } else {
+      payload.setAudience(audience);
+    }
 
+    String assertion;
     try {
       assertion = JsonWebSignature.signUsingRsaSha256(privateKey, jsonFactory, header, payload);
     } catch (GeneralSecurityException e) {

oauth2_http/javatests/com/google/auth/oauth2/ServiceAccountCredentialsTest.java

@@ -244,7 +244,7 @@ void createAssertion_correct() throws IOException {
 
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
-    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);
+    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
 
     JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
     JsonWebToken.Payload payload = signature.getPayload();
@@ -274,7 +274,7 @@ void createAssertion_defaultScopes_correct() throws IOException {
 
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
-    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);
+    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
 
     JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
     JsonWebToken.Payload payload = signature.getPayload();
@@ -292,7 +292,7 @@ void createAssertion_custom_lifetime() throws IOException {
 
     JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
     long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
-    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis);
+    String assertion = credentials.createAssertion(jsonFactory, currentTimeMillis, null);
 
     JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
     JsonWebToken.Payload payload = signature.getPayload();
@@ -374,6 +374,36 @@ void createAssertionForIdToken_incorrect() throws IOException {
     assertEquals(USER, payload.getSubject());
   }
 
+  @Test
+  void createAssertion_withTokenUri_correct() throws IOException {
+    PrivateKey privateKey = ServiceAccountCredentials.privateKeyFromPkcs8(PRIVATE_KEY_PKCS8);
+    List<String> scopes = Arrays.asList("scope1", "scope2");
+    ServiceAccountCredentials credentials =
+        ServiceAccountCredentials.newBuilder()
+            .setClientId(CLIENT_ID)
+            .setClientEmail(CLIENT_EMAIL)
+            .setPrivateKey(privateKey)
+            .setPrivateKeyId(PRIVATE_KEY_ID)
+            .setScopes(scopes)
+            .setServiceAccountUser(USER)
+            .setProjectId(PROJECT_ID)
+            .build();
+
+    JsonFactory jsonFactory = OAuth2Utils.JSON_FACTORY;
+    long currentTimeMillis = Clock.SYSTEM.currentTimeMillis();
+    String assertion =
+        credentials.createAssertion(jsonFactory, currentTimeMillis, "https://foo.com/bar");
+
+    JsonWebSignature signature = JsonWebSignature.parse(jsonFactory, assertion);
+    JsonWebToken.Payload payload = signature.getPayload();
+    assertEquals(CLIENT_EMAIL, payload.getIssuer());
+    assertEquals("https://foo.com/bar", payload.getAudience());
+    assertEquals(currentTimeMillis / 1000, (long) payload.getIssuedAtTimeSeconds());
+    assertEquals(currentTimeMillis / 1000 + 3600, (long) payload.getExpirationTimeSeconds());
+    assertEquals(USER, payload.getSubject());
+    assertEquals(String.join(" ", scopes), payload.get("scope"));
+  }
+
   @Test
   void createdScoped_enablesAccessTokens() throws IOException {
     MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();