Add documentation, remove versions from pom.xml

Author: nbayati

cab-token-generator/java/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactory.java

@@ -61,6 +61,22 @@ private ClientSideCredentialAccessBoundaryFactory(Builder builder) {
     this.tokenExchangeEndpoint = builder.tokenExchangeEndpoint;
   }
 
+  /**
+   * Refreshes the source credential and exchanges it for an intermediary access token using the STS
+   * endpoint.
+   *
+   * <p>If the source credential is expired, it will be refreshed. A token exchange request is then
+   * made to the STS endpoint. The resulting intermediary access token and access boundary session
+   * key are stored. The intermediary access token's expiration time is determined as follows:
+   *
+   * <ol>
+   *   <li>If the STS response includes `expires_in`, that value is used.
+   *   <li>Otherwise, if the source credential has an expiration time, that value is used.
+   *   <li>Otherwise, the intermediary token will have no expiration time.
+   * </ol>
+   *
+   * @throws IOException If an error occurs during credential refresh or token exchange.
+   */
   private void refreshCredentials() throws IOException {
     try {
       this.sourceCredential.refreshIfExpired();
@@ -70,7 +86,7 @@ private void refreshCredentials() throws IOException {
 
     AccessToken sourceAccessToken = sourceCredential.getAccessToken();
     if (sourceAccessToken == null || Strings.isNullOrEmpty(sourceAccessToken.getTokenValue())) {
-      throw new IOException("The source credential does not have an access token.");
+      throw new IllegalStateException("The source credential does not have an access token.");
     }
 
     StsTokenExchangeRequest request =

cab-token-generator/pom.xml

@@ -20,28 +20,23 @@
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-oauth2-http</artifactId>
-      <version>${project.version}</version>
     </dependency>
     <dependency>
       <groupId>com.google.auth</groupId>
       <artifactId>google-auth-library-credentials</artifactId>
-      <version>1.29.1-SNAPSHOT</version>
     </dependency>
     <dependency>
       <groupId>com.google.http-client</groupId>
       <artifactId>google-http-client</artifactId>
-      <version>1.45.0</version>
     </dependency>
     <dependency>
       <groupId>com.google.errorprone</groupId>
       <artifactId>error_prone_annotations</artifactId>
-      <version>2.35.1</version>
     </dependency>
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
-      <version>33.3.1-android</version>
     </dependency>
   </dependencies>
 
-</project>
+</project>

oauth2_http/javatests/com/google/auth/oauth2/MockStsTransport.java

@@ -65,7 +65,7 @@ public final class MockStsTransport extends MockHttpTransport {
   private static final String ACCESS_TOKEN = "accessToken";
   private static final String TOKEN_TYPE = "Bearer";
   private static final Long EXPIRES_IN = 3600L;
-  private static final String ACCESS_BOUNDARY_SESSION_KEY = "accessBoundarySessionKey";
+  private static final String ACCESS_BOUNDARY_SESSION_KEY_VALUE = "accessBoundarySessionKey";
 
   private final Queue<IOException> responseErrorSequence = new ArrayDeque<>();
   private final Queue<List<String>> scopeSequence = new ArrayDeque<>();
@@ -137,7 +137,7 @@ public LowLevelHttpResponse execute() throws IOException {
             }
 
             if (returnAccessBoundarySessionKey) {
-              response.put("access_boundary_session_key", ACCESS_BOUNDARY_SESSION_KEY);
+              response.put("access_boundary_session_key", ACCESS_BOUNDARY_SESSION_KEY_VALUE);
             }
 
             return new MockLowLevelHttpResponse()
@@ -177,7 +177,7 @@ public Long getExpiresIn() {
   }
 
   public String getAccessBoundarySessionKey() {
-    return ACCESS_BOUNDARY_SESSION_KEY;
+    return ACCESS_BOUNDARY_SESSION_KEY_VALUE;
   }
 
   public void setReturnExpiresIn(boolean returnExpiresIn) {