feat: add useJWTAccessAlways and defaultServicePath variable

.gitignore

@@ -13,3 +13,4 @@ package-lock.json
 yarn.lock
 dist/
 __pycache__
+.DS_Store

src/auth/googleauth.ts

@@ -111,6 +111,8 @@ export class GoogleAuth {
    * @private
    */
   private checkIsGCE?: boolean = undefined;
+  useJWTAccessAlways?: boolean;
+  defaultServicePath?: string;
 
   // Note:  this properly is only public to satisify unit tests.
   // https://github.com/Microsoft/TypeScript/issues/5228
@@ -150,6 +152,15 @@ export class GoogleAuth {
     this.clientOptions = opts.clientOptions;
   }
 
+  // GAPIC client libraries should always use self-signed JWTs. The following
+  // variables are set on the JWT client in order to indicate the type of library,
+  // and sign the JWT with the correct audience and scopes (if not supplied).
+  setGapicJWTValues(client: JWT) {
+    client.defaultServicePath = this.defaultServicePath;
+    client.useJWTAccessAlways = this.useJWTAccessAlways;
+    client.defaultScopes = this.defaultScopes;
+  }
+
   /**
    * Obtains the default project ID for the application.
    * @param callback Optional callback
@@ -265,7 +276,6 @@ export class GoogleAuth {
       await this._tryGetApplicationCredentialsFromEnvironmentVariable(options);
     if (credential) {
       if (credential instanceof JWT) {
-        credential.defaultScopes = this.defaultScopes;
         credential.scopes = this.scopes;
       } else if (credential instanceof BaseExternalAccountClient) {
         credential.scopes = this.getAnyScopes();
@@ -281,7 +291,6 @@ export class GoogleAuth {
     );
     if (credential) {
       if (credential instanceof JWT) {
-        credential.defaultScopes = this.defaultScopes;
         credential.scopes = this.scopes;
       } else if (credential instanceof BaseExternalAccountClient) {
         credential.scopes = this.getAnyScopes();
@@ -456,7 +465,7 @@ export class GoogleAuth {
     } else {
       (options as JWTOptions).scopes = this.scopes;
       client = new JWT(options);
-      client.defaultScopes = this.defaultScopes;
+      this.setGapicJWTValues(client);
       client.fromJSON(json);
     }
     return client;
@@ -488,7 +497,7 @@ export class GoogleAuth {
     } else {
       (options as JWTOptions).scopes = this.scopes;
       client = new JWT(options);
-      client.defaultScopes = this.defaultScopes;
+      this.setGapicJWTValues(client);
       client.fromJSON(json);
     }
     // cache both raw data used to instantiate client and client itself.
@@ -564,6 +573,7 @@ export class GoogleAuth {
                 keyFile: this.keyFilename,
               });
               this.cachedCredential = client;
+              this.setGapicJWTValues(client);
               return resolve(client);
             }
           } catch (err) {

src/auth/jwtclient.ts

@@ -46,7 +46,8 @@ export class JWT extends OAuth2Client implements IdTokenProvider {
   subject?: string;
   gtoken?: GoogleToken;
   additionalClaims?: {};
-
+  useJWTAccessAlways?: boolean;
+  defaultServicePath?: string;
   private access?: JWTAccess;
 
   /**

test/test.googleauth.ts

@@ -407,6 +407,19 @@ describe('googleauth', () => {
       const result = auth.fromJSON(json);
       assert.strictEqual(undefined, (result as JWT).scopes);
     });
+    it('fromJSON should set useJWTAccessAlways with private key', () => {
+      auth.useJWTAccessAlways = true;
+      const json = createJwtJSON();
+      const result = auth.fromJSON(json);
+      assert.ok((result as JWT).useJWTAccessAlways);
+    });
+
+    it('fromJSON should set default service path with private key', () => {
+      auth.defaultServicePath = 'a/b/c';
+      const json = createJwtJSON();
+      const result = auth.fromJSON(json);
+      assert.strictEqual((result as JWT).defaultServicePath, 'a/b/c');
+    });
 
     it('fromJSON should create JWT with null subject', () => {
       const json = createJwtJSON();