google/google: set JWT Audience in JWTConfigFromJSON()

Add support to set JWT Audience in JWTConfigFromJSON() to allow setting
the audience field from the JSON config, rather than only allowing it
the default value of the token_uri.

Previous change 272766 (approved but abandoned).

Change-Id: I14d46f3628df0a04801949bf99520b210e778f99
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/406836
Reviewed-by: Cody Oss <codyoss@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>

Author: shapor

google/google.go

@@ -139,6 +139,7 @@ func (f *credentialsFile) jwtConfig(scopes []string, subject string) *jwt.Config
 		Scopes:       scopes,
 		TokenURL:     f.TokenURL,
 		Subject:      subject, // This is the user email to impersonate
+		Audience:     f.Audience,
 	}
 	if cfg.TokenURL == "" {
 		cfg.TokenURL = JWTTokenURL

google/google_test.go

@@ -37,7 +37,8 @@ var jwtJSONKey = []byte(`{
   "client_email": "gopher@developer.gserviceaccount.com",
   "client_id": "gopher.apps.googleusercontent.com",
   "token_uri": "https://accounts.google.com/o/gophers/token",
-  "type": "service_account"
+  "type": "service_account",
+  "audience": "https://testservice.googleapis.com/"
 }`)
 
 var jwtJSONKeyNoTokenURL = []byte(`{
@@ -48,6 +49,15 @@ var jwtJSONKeyNoTokenURL = []byte(`{
   "type": "service_account"
 }`)
 
+var jwtJSONKeyNoAudience = []byte(`{
+  "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
+  "private_key": "super secret key",
+  "client_email": "gopher@developer.gserviceaccount.com",
+  "client_id": "gopher.apps.googleusercontent.com",
+  "token_uri": "https://accounts.google.com/o/gophers/token",
+  "type": "service_account"
+}`)
+
 func TestConfigFromJSON(t *testing.T) {
 	conf, err := ConfigFromJSON(webJSONKey, "scope1", "scope2")
 	if err != nil {
@@ -103,6 +113,9 @@ func TestJWTConfigFromJSON(t *testing.T) {
 	if got, want := conf.TokenURL, "https://accounts.google.com/o/gophers/token"; got != want {
 		t.Errorf("TokenURL = %q; want %q", got, want)
 	}
+	if got, want := conf.Audience, "https://testservice.googleapis.com/"; got != want {
+		t.Errorf("Audience = %q; want %q", got, want)
+	}
 }
 
 func TestJWTConfigFromJSONNoTokenURL(t *testing.T) {
@@ -114,3 +127,13 @@ func TestJWTConfigFromJSONNoTokenURL(t *testing.T) {
 		t.Errorf("TokenURL = %q; want %q", got, want)
 	}
 }
+
+func TestJWTConfigFromJSONNoAudience(t *testing.T) {
+	conf, err := JWTConfigFromJSON(jwtJSONKeyNoAudience, "scope1", "scope2")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if got, want := conf.Audience, ""; got != want {
+		t.Errorf("Audience = %q; want %q", got, want)
+	}
+}