feat: allow cached ADC to be refreshed

diegomarquezp · diegomarquezp · commit 6293e1916db8 · 2025-04-01T13:50:08.000-04:00
Fixes #2541 This introduces the new method `public static GoogleCredential getApplicationDefault(boolean resetCachedCredentials)` which will reset the cached credentials when the argument is `true`.
diff --git a/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProvider.java b/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProvider.java
@@ -82,6 +82,7 @@ private static enum Environment {
    * authorize the whole application. This is the built-in service account if running on Google
    * Compute Engine or the credentials file from the path in the environment variable
    * GOOGLE_APPLICATION_CREDENTIALS.
+   * If the credentials have been cached, the cached credential will be returned.
    *
    * @param transport the transport for Http calls.
    * @param jsonFactory the factory for Json parsing and formatting.
@@ -90,8 +91,28 @@ private static enum Environment {
    */
   final GoogleCredential getDefaultCredential(HttpTransport transport, JsonFactory jsonFactory)
       throws IOException {
+    return getDefaultCredential(transport, jsonFactory, false);
+  }
+
+  /**
+   * {@link Beta} <br>
+   * Returns the Application Default Credentials.
+   *
+   * <p>Returns the Application Default Credentials which are credentials that identify and
+   * authorize the whole application. This is the built-in service account if running on Google
+   * Compute Engine or the credentials file from the path in the environment variable
+   * GOOGLE_APPLICATION_CREDENTIALS.
+   *
+   * @param transport the transport for Http calls.
+   * @param jsonFactory the factory for Json parsing and formatting.
+   * @param resetCachedCredentials if true, the cached credential will be reset.
+   * @return the credential instance.
+   * @throws IOException if the credential cannot be created in the current environment.
+   */
+  final GoogleCredential getDefaultCredential(HttpTransport transport, JsonFactory jsonFactory, boolean resetCachedCredentials)
+      throws IOException {
     synchronized (this) {
-      if (cachedCredential == null) {
+      if (cachedCredential == null || resetCachedCredentials) {
         cachedCredential = getDefaultCredentialUnsynchronized(transport, jsonFactory);
       }
       if (cachedCredential != null) {
diff --git a/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java b/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.java
@@ -153,7 +153,7 @@ public class GoogleCredential extends Credential {
   static final String SERVICE_ACCOUNT_FILE_TYPE = "service_account";
 
   @Beta
-  private static DefaultCredentialProvider defaultCredentialProvider =
+  private static final DefaultCredentialProvider defaultCredentialProvider =
       new DefaultCredentialProvider();
 
   /**
@@ -170,7 +170,7 @@ public class GoogleCredential extends Credential {
    */
   @Beta
   public static GoogleCredential getApplicationDefault() throws IOException {
-    return getApplicationDefault(Utils.getDefaultTransport(), Utils.getDefaultJsonFactory());
+    return getApplicationDefault(Utils.getDefaultTransport(), Utils.getDefaultJsonFactory(), false);
   }
 
   /**
@@ -181,18 +181,56 @@ public static GoogleCredential getApplicationDefault() throws IOException {
    * authorize the whole application. This is the built-in service account if running on Google
    * Compute Engine or the credentials file from the path in the environment variable
    * GOOGLE_APPLICATION_CREDENTIALS.
+   * @param resetCachedCredentials whether to reset the cached credentials
+   * @return the credential instance.
+   * @throws IOException if the credential cannot be created in the current environment.
+   */
+  @Beta
+  public static GoogleCredential getApplicationDefault(boolean resetCachedCredentials) throws IOException {
+    return getApplicationDefault(Utils.getDefaultTransport(), Utils.getDefaultJsonFactory(), resetCachedCredentials);
+  }
+
+  /**
+   * {@link Beta} <br>
+   * Returns the Application Default Credentials.
    *
+   * <p>Returns the Application Default Credentials which are credentials that identify and
+   * authorize the whole application. This is the built-in service account if running on Google
+   * Compute Engine or the credentials file from the path in the environment variable
+   * GOOGLE_APPLICATION_CREDENTIALS.
+   *
+   * @param resetCachedCredentials whether to reset the cached credentials.
    * @param transport the transport for Http calls.
    * @param jsonFactory the factory for Json parsing and formatting.
    * @return the credential instance.
    * @throws IOException if the credential cannot be created in the current environment.
    */
   @Beta
   public static GoogleCredential getApplicationDefault(
-      HttpTransport transport, JsonFactory jsonFactory) throws IOException {
+      HttpTransport transport, JsonFactory jsonFactory, boolean resetCachedCredentials) throws IOException {
     Preconditions.checkNotNull(transport);
     Preconditions.checkNotNull(jsonFactory);
-    return defaultCredentialProvider.getDefaultCredential(transport, jsonFactory);
+    return defaultCredentialProvider.getDefaultCredential(transport, jsonFactory, resetCachedCredentials);
+  }
+
+  /**
+   * {@link Beta} <br>
+   * Returns the Application Default Credentials.
+   *
+   * <p>Returns the Application Default Credentials which are credentials that identify and
+   * authorize the whole application. This is the built-in service account if running on Google
+   * Compute Engine or the credentials file from the path in the environment variable
+   * GOOGLE_APPLICATION_CREDENTIALS.
+   *
+   * @param transport the transport for Http calls.
+   * @param jsonFactory the factory for Json parsing and formatting.
+   * @return the credential instance.
+   * @throws IOException if the credential cannot be created in the current environment.
+   */
+  @Beta
+  public static GoogleCredential getApplicationDefault(
+      HttpTransport transport, JsonFactory jsonFactory) throws IOException {
+    return getApplicationDefault(transport, jsonFactory, false);
   }
 
   /**
diff --git a/google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProviderTest.java b/google-api-client/src/test/java/com/google/api/client/googleapis/auth/oauth2/DefaultCredentialProviderTest.java
@@ -87,6 +87,20 @@ public void testDefaultCredentialAppEngineDeployed() throws IOException {
     assertSame(JSON_FACTORY, defaultCredential.getJsonFactory());
   }
 
+
+  public void testGetApplicationDefaultResetCacheTrueReturnsNewCredentials() throws IOException {
+    TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
+    HttpTransport transport = new MockHttpTransport();
+    testProvider.addType(
+        DefaultCredentialProvider.APP_ENGINE_CREDENTIAL_CLASS, MockAppEngineCredential.class);
+    testProvider.addType(GAE_SIGNAL_CLASS, MockAppEngineSystemProperty.class);
+    Credential credential1 = testProvider.getDefaultCredential(transport, JSON_FACTORY, false);
+    Credential credential2 = testProvider.getDefaultCredential(transport, JSON_FACTORY, false);
+    Credential credential3 = testProvider.getDefaultCredential(transport, JSON_FACTORY, true);
+    assertSame(credential1, credential2);
+    assertNotSame(credential2, credential3);
+  }
+
   public void testDefaultCredentialAppEngineComponentOffAppEngineGivesNotFoundError() {
     HttpTransport transport = new MockHttpTransport();
     TestDefaultCredentialProvider testProvider = new TestDefaultCredentialProvider();
