From df5af9a7e3cab9db77e2f783d64969466cd8c96d Mon Sep 17 00:00:00 2001 From: Wes Tarle Date: Mon, 15 Jun 2026 12:16:00 +0000 Subject: [PATCH 1/2] test(auth): verify ID token caching Add explicit unit test coverage in IdTokenCredentialsTest to verify that IdTokenCredentials successfully caches fetched ID tokens and prevents subsequent network calls when the token is not expired. Other language client libraries (such as Python and Go) verify that ID token caching behaves as expected, but the Java client library was missing explicit test coverage to assert that the token provider's retrieve method is called exactly once across multiple credential calls. --- .../auth/oauth2/IdTokenCredentialsTest.java | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java b/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java index e3dcec4b520c..6554b6d83b49 100644 --- a/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java +++ b/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java @@ -32,7 +32,14 @@ package com.google.auth.oauth2; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import com.google.api.client.util.Clock; import java.io.IOException; import org.junit.jupiter.api.Test; @@ -110,4 +117,29 @@ void serialize() throws IOException, ClassNotFoundException { IdTokenCredentials deserializedCredentials = serializeAndDeserialize(tokenCredential); assertEquals(tokenCredential, deserializedCredentials); } + + @Test + void caching() throws IOException { + IdTokenProvider mockProvider = mock(IdTokenProvider.class); + IdToken idToken = IdToken.create(ComputeEngineCredentialsTest.STANDARD_ID_TOKEN); + when(mockProvider.idTokenWithAudience(anyString(), any())).thenReturn(idToken); + + IdTokenCredentials credentials = + IdTokenCredentials.newBuilder() + .setIdTokenProvider(mockProvider) + .setTargetAudience("https://foo.bar") + .build(); + credentials.clock = + new Clock() { + @Override + public long currentTimeMillis() { + return 1564471451000L; // 2019-07-30T08:24:11Z (STANDARD_ID_TOKEN iat) + } + }; + + credentials.refreshIfExpired(); + credentials.refreshIfExpired(); + + verify(mockProvider, times(1)).idTokenWithAudience(anyString(), any()); + } } From a6da9895d0117a5ee36e310dbcf67de7ace974a8 Mon Sep 17 00:00:00 2001 From: Wes Tarle Date: Mon, 15 Jun 2026 12:12:58 -0400 Subject: [PATCH 2/2] Update google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- .../com/google/auth/oauth2/IdTokenCredentialsTest.java | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java b/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java index 6554b6d83b49..7d837c4add10 100644 --- a/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java +++ b/google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/IdTokenCredentialsTest.java @@ -129,13 +129,7 @@ void caching() throws IOException { .setIdTokenProvider(mockProvider) .setTargetAudience("https://foo.bar") .build(); - credentials.clock = - new Clock() { - @Override - public long currentTimeMillis() { - return 1564471451000L; // 2019-07-30T08:24:11Z (STANDARD_ID_TOKEN iat) - } - }; + credentials.clock = () -> 1564471451000L; // 2019-07-30T08:24:11Z (STANDARD_ID_TOKEN iat) credentials.refreshIfExpired(); credentials.refreshIfExpired();