Update go dependencies

vendor/golang.org/x/oauth2/google/default.go

@@ -18,20 +18,6 @@ import (
 	"golang.org/x/oauth2"
 )
 
-// DefaultCredentials holds "Application Default Credentials".
-// For more details, see:
-// https://developers.google.com/accounts/docs/application-default-credentials
-type DefaultCredentials struct {
-	ProjectID   string // may be empty
-	TokenSource oauth2.TokenSource
-
-	// JSON contains the raw bytes from a JSON credentials file.
-	// This field may be nil if authentication is provided by the
-	// environment and not with a credentials file, e.g. when code is
-	// running on Google Cloud Platform.
-	JSON []byte
-}
-
 // DefaultClient returns an HTTP Client that uses the
 // DefaultTokenSource to obtain authentication credentials.
 func DefaultClient(ctx context.Context, scope ...string) (*http.Client, error) {
@@ -53,25 +39,12 @@ func DefaultTokenSource(ctx context.Context, scope ...string) (oauth2.TokenSourc
 	return creds.TokenSource, nil
 }
 
-// FindDefaultCredentials searches for "Application Default Credentials".
-//
-// It looks for credentials in the following places,
-// preferring the first location found:
-//
-//   1. A JSON file whose path is specified by the
-//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
-//   2. A JSON file in a location known to the gcloud command-line tool.
-//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
-//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
-//   3. On Google App Engine it uses the appengine.AccessToken function.
-//   4. On Google Compute Engine and Google App Engine Managed VMs, it fetches
-//      credentials from the metadata server.
-//      (In this final case any provided scopes are ignored.)
-func FindDefaultCredentials(ctx context.Context, scope ...string) (*DefaultCredentials, error) {
+// Common implementation for FindDefaultCredentials.
+func findDefaultCredentials(ctx context.Context, scopes []string) (*DefaultCredentials, error) {
 	// First, try the environment variable.
 	const envVar = "GOOGLE_APPLICATION_CREDENTIALS"
 	if filename := os.Getenv(envVar); filename != "" {
-		creds, err := readCredentialsFile(ctx, filename, scope)
+		creds, err := readCredentialsFile(ctx, filename, scopes)
 		if err != nil {
 			return nil, fmt.Errorf("google: error getting credentials using %v environment variable: %v", envVar, err)
 		}
@@ -80,7 +53,7 @@ func FindDefaultCredentials(ctx context.Context, scope ...string) (*DefaultCrede
 
 	// Second, try a well-known file.
 	filename := wellKnownFile()
-	if creds, err := readCredentialsFile(ctx, filename, scope); err == nil {
+	if creds, err := readCredentialsFile(ctx, filename, scopes); err == nil {
 		return creds, nil
 	} else if !os.IsNotExist(err) {
 		return nil, fmt.Errorf("google: error getting credentials using well-known file (%v): %v", filename, err)
@@ -90,7 +63,7 @@ func FindDefaultCredentials(ctx context.Context, scope ...string) (*DefaultCrede
 	if appengineTokenFunc != nil && !appengineFlex {
 		return &DefaultCredentials{
 			ProjectID:   appengineAppIDFunc(ctx),
-			TokenSource: AppEngineTokenSource(ctx, scope...),
+			TokenSource: AppEngineTokenSource(ctx, scopes...),
 		}, nil
 	}
 
@@ -108,6 +81,23 @@ func FindDefaultCredentials(ctx context.Context, scope ...string) (*DefaultCrede
 	return nil, fmt.Errorf("google: could not find default credentials. See %v for more information.", url)
 }
 
+// Common implementation for CredentialsFromJSON.
+func credentialsFromJSON(ctx context.Context, jsonData []byte, scopes []string) (*DefaultCredentials, error) {
+	var f credentialsFile
+	if err := json.Unmarshal(jsonData, &f); err != nil {
+		return nil, err
+	}
+	ts, err := f.tokenSource(ctx, append([]string(nil), scopes...))
+	if err != nil {
+		return nil, err
+	}
+	return &DefaultCredentials{
+		ProjectID:   f.ProjectID,
+		TokenSource: ts,
+		JSON:        jsonData,
+	}, nil
+}
+
 func wellKnownFile() string {
 	const f = "application_default_credentials.json"
 	if runtime.GOOS == "windows" {
@@ -121,17 +111,5 @@ func readCredentialsFile(ctx context.Context, filename string, scopes []string)
 	if err != nil {
 		return nil, err
 	}
-	var f credentialsFile
-	if err := json.Unmarshal(b, &f); err != nil {
-		return nil, err
-	}
-	ts, err := f.tokenSource(ctx, append([]string(nil), scopes...))
-	if err != nil {
-		return nil, err
-	}
-	return &DefaultCredentials{
-		ProjectID:   f.ProjectID,
-		TokenSource: ts,
-		JSON:        b,
-	}, nil
+	return CredentialsFromJSON(ctx, b, scopes...)
 }

vendor/golang.org/x/oauth2/google/doc_go19.go

@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.9
+
+// Package google provides support for making OAuth2 authorized and authenticated
+// HTTP requests to Google APIs. It supports the Web server flow, client-side
+// credentials, service accounts, Google Compute Engine service accounts, and Google
+// App Engine service accounts.
+//
+// A brief overview of the package follows. For more information, please read
+// https://developers.google.com/accounts/docs/OAuth2
+// and
+// https://developers.google.com/accounts/docs/application-default-credentials.
+//
+// OAuth2 Configs
+//
+// Two functions in this package return golang.org/x/oauth2.Config values from Google credential
+// data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
+// the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
+// create an http.Client.
+//
+//
+// Credentials
+//
+// The Credentials type represents Google credentials, including Application Default
+// Credentials.
+//
+// Use FindDefaultCredentials to obtain Application Default Credentials.
+// FindDefaultCredentials looks in some well-known places for a credentials file, and
+// will call AppEngineTokenSource or ComputeTokenSource as needed.
+//
+// DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
+// then use the credentials to construct an http.Client or an oauth2.TokenSource.
+//
+// Use CredentialsFromJSON to obtain credentials from either of the two JSON formats
+// described in OAuth2 Configs, above. The TokenSource in the returned value is the
+// same as the one obtained from the oauth2.Config returned from ConfigFromJSON or
+// JWTConfigFromJSON, but the Credentials may contain additional information
+// that is useful is some circumstances.
+package google // import "golang.org/x/oauth2/google"

vendor/golang.org/x/oauth2/google/doc_not_go19.go

@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.9
+
+// Package google provides support for making OAuth2 authorized and authenticated
+// HTTP requests to Google APIs. It supports the Web server flow, client-side
+// credentials, service accounts, Google Compute Engine service accounts, and Google
+// App Engine service accounts.
+//
+// A brief overview of the package follows. For more information, please read
+// https://developers.google.com/accounts/docs/OAuth2
+// and
+// https://developers.google.com/accounts/docs/application-default-credentials.
+//
+// OAuth2 Configs
+//
+// Two functions in this package return golang.org/x/oauth2.Config values from Google credential
+// data. Google supports two JSON formats for OAuth2 credentials: one is handled by ConfigFromJSON,
+// the other by JWTConfigFromJSON. The returned Config can be used to obtain a TokenSource or
+// create an http.Client.
+//
+//
+// Credentials
+//
+// The DefaultCredentials type represents Google Application Default Credentials, as
+// well as other forms of credential.
+//
+// Use FindDefaultCredentials to obtain Application Default Credentials.
+// FindDefaultCredentials looks in some well-known places for a credentials file, and
+// will call AppEngineTokenSource or ComputeTokenSource as needed.
+//
+// DefaultClient and DefaultTokenSource are convenience methods. They first call FindDefaultCredentials,
+// then use the credentials to construct an http.Client or an oauth2.TokenSource.
+//
+// Use CredentialsFromJSON to obtain credentials from either of the two JSON
+// formats described in OAuth2 Configs, above. (The DefaultCredentials returned may
+// not be "Application Default Credentials".) The TokenSource in the returned value
+// is the same as the one obtained from the oauth2.Config returned from
+// ConfigFromJSON or JWTConfigFromJSON, but the DefaultCredentials may contain
+// additional information that is useful is some circumstances.
+package google // import "golang.org/x/oauth2/google"

vendor/golang.org/x/oauth2/google/example_test.go

@@ -1,150 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build appenginevm appengine
-
-package google_test
-
-import (
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net/http"
-
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/google"
-	"golang.org/x/oauth2/jwt"
-	"google.golang.org/appengine"
-	"google.golang.org/appengine/urlfetch"
-)
-
-func ExampleDefaultClient() {
-	client, err := google.DefaultClient(oauth2.NoContext,
-		"https://www.googleapis.com/auth/devstorage.full_control")
-	if err != nil {
-		log.Fatal(err)
-	}
-	client.Get("...")
-}
-
-func Example_webServer() {
-	// Your credentials should be obtained from the Google
-	// Developer Console (https://console.developers.google.com).
-	conf := &oauth2.Config{
-		ClientID:     "YOUR_CLIENT_ID",
-		ClientSecret: "YOUR_CLIENT_SECRET",
-		RedirectURL:  "YOUR_REDIRECT_URL",
-		Scopes: []string{
-			"https://www.googleapis.com/auth/bigquery",
-			"https://www.googleapis.com/auth/blogger",
-		},
-		Endpoint: google.Endpoint,
-	}
-	// Redirect user to Google's consent page to ask for permission
-	// for the scopes specified above.
-	url := conf.AuthCodeURL("state")
-	fmt.Printf("Visit the URL for the auth dialog: %v", url)
-
-	// Handle the exchange code to initiate a transport.
-	tok, err := conf.Exchange(oauth2.NoContext, "authorization-code")
-	if err != nil {
-		log.Fatal(err)
-	}
-	client := conf.Client(oauth2.NoContext, tok)
-	client.Get("...")
-}
-
-func ExampleJWTConfigFromJSON() {
-	// Your credentials should be obtained from the Google
-	// Developer Console (https://console.developers.google.com).
-	// Navigate to your project, then see the "Credentials" page
-	// under "APIs & Auth".
-	// To create a service account client, click "Create new Client ID",
-	// select "Service Account", and click "Create Client ID". A JSON
-	// key file will then be downloaded to your computer.
-	data, err := ioutil.ReadFile("/path/to/your-project-key.json")
-	if err != nil {
-		log.Fatal(err)
-	}
-	conf, err := google.JWTConfigFromJSON(data, "https://www.googleapis.com/auth/bigquery")
-	if err != nil {
-		log.Fatal(err)
-	}
-	// Initiate an http.Client. The following GET request will be
-	// authorized and authenticated on the behalf of
-	// your service account.
-	client := conf.Client(oauth2.NoContext)
-	client.Get("...")
-}
-
-func ExampleSDKConfig() {
-	// The credentials will be obtained from the first account that
-	// has been authorized with `gcloud auth login`.
-	conf, err := google.NewSDKConfig("")
-	if err != nil {
-		log.Fatal(err)
-	}
-	// Initiate an http.Client. The following GET request will be
-	// authorized and authenticated on the behalf of the SDK user.
-	client := conf.Client(oauth2.NoContext)
-	client.Get("...")
-}
-
-func Example_serviceAccount() {
-	// Your credentials should be obtained from the Google
-	// Developer Console (https://console.developers.google.com).
-	conf := &jwt.Config{
-		Email: "xxx@developer.gserviceaccount.com",
-		// The contents of your RSA private key or your PEM file
-		// that contains a private key.
-		// If you have a p12 file instead, you
-		// can use `openssl` to export the private key into a pem file.
-		//
-		//    $ openssl pkcs12 -in key.p12 -passin pass:notasecret -out key.pem -nodes
-		//
-		// The field only supports PEM containers with no passphrase.
-		// The openssl command will convert p12 keys to passphrase-less PEM containers.
-		PrivateKey: []byte("-----BEGIN RSA PRIVATE KEY-----..."),
-		Scopes: []string{
-			"https://www.googleapis.com/auth/bigquery",
-			"https://www.googleapis.com/auth/blogger",
-		},
-		TokenURL: google.JWTTokenURL,
-		// If you would like to impersonate a user, you can
-		// create a transport with a subject. The following GET
-		// request will be made on the behalf of user@example.com.
-		// Optional.
-		Subject: "user@example.com",
-	}
-	// Initiate an http.Client, the following GET request will be
-	// authorized and authenticated on the behalf of user@example.com.
-	client := conf.Client(oauth2.NoContext)
-	client.Get("...")
-}
-
-func ExampleAppEngineTokenSource() {
-	var req *http.Request // from the ServeHTTP handler
-	ctx := appengine.NewContext(req)
-	client := &http.Client{
-		Transport: &oauth2.Transport{
-			Source: google.AppEngineTokenSource(ctx, "https://www.googleapis.com/auth/bigquery"),
-			Base: &urlfetch.Transport{
-				Context: ctx,
-			},
-		},
-	}
-	client.Get("...")
-}
-
-func ExampleComputeTokenSource() {
-	client := &http.Client{
-		Transport: &oauth2.Transport{
-			// Fetch from Google Compute Engine's metadata server to retrieve
-			// an access token for the provided account.
-			// If no account is specified, "default" is used.
-			Source: google.ComputeTokenSource(""),
-		},
-	}
-	client.Get("...")
-}

vendor/golang.org/x/oauth2/google/go19.go

@@ -0,0 +1,57 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.9
+
+package google
+
+import (
+	"golang.org/x/net/context"
+	"golang.org/x/oauth2"
+)
+
+// Credentials holds Google credentials, including "Application Default Credentials".
+// For more details, see:
+// https://developers.google.com/accounts/docs/application-default-credentials
+type Credentials struct {
+	ProjectID   string // may be empty
+	TokenSource oauth2.TokenSource
+
+	// JSON contains the raw bytes from a JSON credentials file.
+	// This field may be nil if authentication is provided by the
+	// environment and not with a credentials file, e.g. when code is
+	// running on Google Cloud Platform.
+	JSON []byte
+}
+
+// DefaultCredentials is the old name of Credentials.
+//
+// Deprecated: use Credentials instead.
+type DefaultCredentials = Credentials
+
+// FindDefaultCredentials searches for "Application Default Credentials".
+//
+// It looks for credentials in the following places,
+// preferring the first location found:
+//
+//   1. A JSON file whose path is specified by the
+//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
+//   2. A JSON file in a location known to the gcloud command-line tool.
+//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
+//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
+//   3. On Google App Engine it uses the appengine.AccessToken function.
+//   4. On Google Compute Engine and Google App Engine Managed VMs, it fetches
+//      credentials from the metadata server.
+//      (In this final case any provided scopes are ignored.)
+func FindDefaultCredentials(ctx context.Context, scopes ...string) (*Credentials, error) {
+	return findDefaultCredentials(ctx, scopes)
+}
+
+// CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can
+// represent either a Google Developers Console client_credentials.json file (as in
+// ConfigFromJSON) or a Google Developers service account key file (as in
+// JWTConfigFromJSON).
+func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*Credentials, error) {
+	return credentialsFromJSON(ctx, jsonData, scopes)
+}

vendor/golang.org/x/oauth2/google/google.go

@@ -2,17 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package google provides support for making OAuth2 authorized and
-// authenticated HTTP requests to Google APIs.
-// It supports the Web server flow, client-side credentials, service accounts,
-// Google Compute Engine service accounts, and Google App Engine service
-// accounts.
-//
-// For more information, please read
-// https://developers.google.com/accounts/docs/OAuth2
-// and
-// https://developers.google.com/accounts/docs/application-default-credentials.
-package google // import "golang.org/x/oauth2/google"
+package google
 
 import (
 	"encoding/json"

vendor/golang.org/x/oauth2/google/google_test.go

@@ -1,116 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package google
-
-import (
-	"strings"
-	"testing"
-)
-
-var webJSONKey = []byte(`
-{
-    "web": {
-        "auth_uri": "https://google.com/o/oauth2/auth",
-        "client_secret": "3Oknc4jS_wA2r9i",
-        "token_uri": "https://google.com/o/oauth2/token",
-        "client_email": "222-nprqovg5k43uum874cs9osjt2koe97g8@developer.gserviceaccount.com",
-        "redirect_uris": ["https://www.example.com/oauth2callback"],
-        "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/222-nprqovg5k43uum874cs9osjt2koe97g8@developer.gserviceaccount.com",
-        "client_id": "222-nprqovg5k43uum874cs9osjt2koe97g8.apps.googleusercontent.com",
-        "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
-        "javascript_origins": ["https://www.example.com"]
-    }
-}`)
-
-var installedJSONKey = []byte(`{
-  "installed": {
-      "client_id": "222-installed.apps.googleusercontent.com",
-      "redirect_uris": ["https://www.example.com/oauth2callback"]
-    }
-}`)
-
-var jwtJSONKey = []byte(`{
-  "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
-  "private_key": "super secret key",
-  "client_email": "gopher@developer.gserviceaccount.com",
-  "client_id": "gopher.apps.googleusercontent.com",
-  "token_uri": "https://accounts.google.com/o/gophers/token",
-  "type": "service_account"
-}`)
-
-var jwtJSONKeyNoTokenURL = []byte(`{
-  "private_key_id": "268f54e43a1af97cfc71731688434f45aca15c8b",
-  "private_key": "super secret key",
-  "client_email": "gopher@developer.gserviceaccount.com",
-  "client_id": "gopher.apps.googleusercontent.com",
-  "type": "service_account"
-}`)
-
-func TestConfigFromJSON(t *testing.T) {
-	conf, err := ConfigFromJSON(webJSONKey, "scope1", "scope2")
-	if err != nil {
-		t.Error(err)
-	}
-	if got, want := conf.ClientID, "222-nprqovg5k43uum874cs9osjt2koe97g8.apps.googleusercontent.com"; got != want {
-		t.Errorf("ClientID = %q; want %q", got, want)
-	}
-	if got, want := conf.ClientSecret, "3Oknc4jS_wA2r9i"; got != want {
-		t.Errorf("ClientSecret = %q; want %q", got, want)
-	}
-	if got, want := conf.RedirectURL, "https://www.example.com/oauth2callback"; got != want {
-		t.Errorf("RedictURL = %q; want %q", got, want)
-	}
-	if got, want := strings.Join(conf.Scopes, ","), "scope1,scope2"; got != want {
-		t.Errorf("Scopes = %q; want %q", got, want)
-	}
-	if got, want := conf.Endpoint.AuthURL, "https://google.com/o/oauth2/auth"; got != want {
-		t.Errorf("AuthURL = %q; want %q", got, want)
-	}
-	if got, want := conf.Endpoint.TokenURL, "https://google.com/o/oauth2/token"; got != want {
-		t.Errorf("TokenURL = %q; want %q", got, want)
-	}
-}
-
-func TestConfigFromJSON_Installed(t *testing.T) {
-	conf, err := ConfigFromJSON(installedJSONKey)
-	if err != nil {
-		t.Error(err)
-	}
-	if got, want := conf.ClientID, "222-installed.apps.googleusercontent.com"; got != want {
-		t.Errorf("ClientID = %q; want %q", got, want)
-	}
-}
-
-func TestJWTConfigFromJSON(t *testing.T) {
-	conf, err := JWTConfigFromJSON(jwtJSONKey, "scope1", "scope2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if got, want := conf.Email, "gopher@developer.gserviceaccount.com"; got != want {
-		t.Errorf("Email = %q, want %q", got, want)
-	}
-	if got, want := string(conf.PrivateKey), "super secret key"; got != want {
-		t.Errorf("PrivateKey = %q, want %q", got, want)
-	}
-	if got, want := conf.PrivateKeyID, "268f54e43a1af97cfc71731688434f45aca15c8b"; got != want {
-		t.Errorf("PrivateKeyID = %q, want %q", got, want)
-	}
-	if got, want := strings.Join(conf.Scopes, ","), "scope1,scope2"; got != want {
-		t.Errorf("Scopes = %q; want %q", got, want)
-	}
-	if got, want := conf.TokenURL, "https://accounts.google.com/o/gophers/token"; got != want {
-		t.Errorf("TokenURL = %q; want %q", got, want)
-	}
-}
-
-func TestJWTConfigFromJSONNoTokenURL(t *testing.T) {
-	conf, err := JWTConfigFromJSON(jwtJSONKeyNoTokenURL, "scope1", "scope2")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if got, want := conf.TokenURL, "https://accounts.google.com/o/oauth2/token"; got != want {
-		t.Errorf("TokenURL = %q; want %q", got, want)
-	}
-}

vendor/golang.org/x/oauth2/google/jwt_test.go

@@ -1,91 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package google
-
-import (
-	"bytes"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/json"
-	"encoding/pem"
-	"strings"
-	"testing"
-	"time"
-
-	"golang.org/x/oauth2/jws"
-)
-
-func TestJWTAccessTokenSourceFromJSON(t *testing.T) {
-	// Generate a key we can use in the test data.
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// Encode the key and substitute into our example JSON.
-	enc := pem.EncodeToMemory(&pem.Block{
-		Type:  "PRIVATE KEY",
-		Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
-	})
-	enc, err = json.Marshal(string(enc))
-	if err != nil {
-		t.Fatalf("json.Marshal: %v", err)
-	}
-	jsonKey := bytes.Replace(jwtJSONKey, []byte(`"super secret key"`), enc, 1)
-
-	ts, err := JWTAccessTokenSourceFromJSON(jsonKey, "audience")
-	if err != nil {
-		t.Fatalf("JWTAccessTokenSourceFromJSON: %v\nJSON: %s", err, string(jsonKey))
-	}
-
-	tok, err := ts.Token()
-	if err != nil {
-		t.Fatalf("Token: %v", err)
-	}
-
-	if got, want := tok.TokenType, "Bearer"; got != want {
-		t.Errorf("TokenType = %q, want %q", got, want)
-	}
-	if got := tok.Expiry; tok.Expiry.Before(time.Now()) {
-		t.Errorf("Expiry = %v, should not be expired", got)
-	}
-
-	err = jws.Verify(tok.AccessToken, &privateKey.PublicKey)
-	if err != nil {
-		t.Errorf("jws.Verify on AccessToken: %v", err)
-	}
-
-	claim, err := jws.Decode(tok.AccessToken)
-	if err != nil {
-		t.Fatalf("jws.Decode on AccessToken: %v", err)
-	}
-
-	if got, want := claim.Iss, "gopher@developer.gserviceaccount.com"; got != want {
-		t.Errorf("Iss = %q, want %q", got, want)
-	}
-	if got, want := claim.Sub, "gopher@developer.gserviceaccount.com"; got != want {
-		t.Errorf("Sub = %q, want %q", got, want)
-	}
-	if got, want := claim.Aud, "audience"; got != want {
-		t.Errorf("Aud = %q, want %q", got, want)
-	}
-
-	// Finally, check the header private key.
-	parts := strings.Split(tok.AccessToken, ".")
-	hdrJSON, err := base64.RawURLEncoding.DecodeString(parts[0])
-	if err != nil {
-		t.Fatalf("base64 DecodeString: %v\nString: %q", err, parts[0])
-	}
-	var hdr jws.Header
-	if err := json.Unmarshal([]byte(hdrJSON), &hdr); err != nil {
-		t.Fatalf("json.Unmarshal: %v (%q)", err, hdrJSON)
-	}
-
-	if got, want := hdr.KeyID, "268f54e43a1af97cfc71731688434f45aca15c8b"; got != want {
-		t.Errorf("Header KeyID = %q, want %q", got, want)
-	}
-}

vendor/golang.org/x/oauth2/google/not_go19.go

@@ -0,0 +1,54 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.9
+
+package google
+
+import (
+	"golang.org/x/net/context"
+	"golang.org/x/oauth2"
+)
+
+// DefaultCredentials holds Google credentials, including "Application Default Credentials".
+// For more details, see:
+// https://developers.google.com/accounts/docs/application-default-credentials
+type DefaultCredentials struct {
+	ProjectID   string // may be empty
+	TokenSource oauth2.TokenSource
+
+	// JSON contains the raw bytes from a JSON credentials file.
+	// This field may be nil if authentication is provided by the
+	// environment and not with a credentials file, e.g. when code is
+	// running on Google Cloud Platform.
+	JSON []byte
+}
+
+// FindDefaultCredentials searches for "Application Default Credentials".
+//
+// It looks for credentials in the following places,
+// preferring the first location found:
+//
+//   1. A JSON file whose path is specified by the
+//      GOOGLE_APPLICATION_CREDENTIALS environment variable.
+//   2. A JSON file in a location known to the gcloud command-line tool.
+//      On Windows, this is %APPDATA%/gcloud/application_default_credentials.json.
+//      On other systems, $HOME/.config/gcloud/application_default_credentials.json.
+//   3. On Google App Engine it uses the appengine.AccessToken function.
+//   4. On Google Compute Engine and Google App Engine Managed VMs, it fetches
+//      credentials from the metadata server.
+//      (In this final case any provided scopes are ignored.)
+func FindDefaultCredentials(ctx context.Context, scopes ...string) (*DefaultCredentials, error) {
+	return findDefaultCredentials(ctx, scopes)
+}
+
+// CredentialsFromJSON obtains Google credentials from a JSON value. The JSON can
+// represent either a Google Developers Console client_credentials.json file (as in
+// ConfigFromJSON) or a Google Developers service account key file (as in
+// JWTConfigFromJSON).
+//
+// Note: despite the name, the returned credentials may not be Application Default Credentials.
+func CredentialsFromJSON(ctx context.Context, jsonData []byte, scopes ...string) (*DefaultCredentials, error) {
+	return credentialsFromJSON(ctx, jsonData, scopes)
+}

vendor/golang.org/x/oauth2/google/sdk.go

@@ -5,9 +5,11 @@
 package google
 
 import (
+	"bufio"
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"os"
 	"os/user"
@@ -18,7 +20,6 @@ import (
 
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/internal"
 )
 
 type sdkCredentials struct {
@@ -76,7 +77,7 @@ func NewSDKConfig(account string) (*SDKConfig, error) {
 			return nil, fmt.Errorf("oauth2/google: failed to load SDK properties: %v", err)
 		}
 		defer f.Close()
-		ini, err := internal.ParseINI(f)
+		ini, err := parseINI(f)
 		if err != nil {
 			return nil, fmt.Errorf("oauth2/google: failed to parse SDK properties %q: %v", propertiesPath, err)
 		}
@@ -146,6 +147,34 @@ func (c *SDKConfig) Scopes() []string {
 	return c.conf.Scopes
 }
 
+func parseINI(ini io.Reader) (map[string]map[string]string, error) {
+	result := map[string]map[string]string{
+		"": {}, // root section
+	}
+	scanner := bufio.NewScanner(ini)
+	currentSection := ""
+	for scanner.Scan() {
+		line := strings.TrimSpace(scanner.Text())
+		if strings.HasPrefix(line, ";") {
+			// comment.
+			continue
+		}
+		if strings.HasPrefix(line, "[") && strings.HasSuffix(line, "]") {
+			currentSection = strings.TrimSpace(line[1 : len(line)-1])
+			result[currentSection] = map[string]string{}
+			continue
+		}
+		parts := strings.SplitN(line, "=", 2)
+		if len(parts) == 2 && parts[0] != "" {
+			result[currentSection][strings.TrimSpace(parts[0])] = strings.TrimSpace(parts[1])
+		}
+	}
+	if err := scanner.Err(); err != nil {
+		return nil, fmt.Errorf("error scanning ini: %v", err)
+	}
+	return result, nil
+}
+
 // sdkConfigPath tries to guess where the gcloud config is located.
 // It can be overridden during tests.
 var sdkConfigPath = func() (string, error) {

vendor/golang.org/x/oauth2/google/sdk_test.go

@@ -1,46 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package google
-
-import "testing"
-
-func TestSDKConfig(t *testing.T) {
-	sdkConfigPath = func() (string, error) {
-		return "testdata/gcloud", nil
-	}
-
-	tests := []struct {
-		account     string
-		accessToken string
-		err         bool
-	}{
-		{"", "bar_access_token", false},
-		{"foo@example.com", "foo_access_token", false},
-		{"bar@example.com", "bar_access_token", false},
-		{"baz@serviceaccount.example.com", "", true},
-	}
-	for _, tt := range tests {
-		c, err := NewSDKConfig(tt.account)
-		if got, want := err != nil, tt.err; got != want {
-			if !tt.err {
-				t.Errorf("got %v, want nil", err)
-			} else {
-				t.Errorf("got nil, want error")
-			}
-			continue
-		}
-		if err != nil {
-			continue
-		}
-		tok := c.initialToken
-		if tok == nil {
-			t.Errorf("got nil, want %q", tt.accessToken)
-			continue
-		}
-		if tok.AccessToken != tt.accessToken {
-			t.Errorf("got %q, want %q", tok.AccessToken, tt.accessToken)
-		}
-	}
-}