From 5ef857242f1d827d32e4005b96fb08b8a4af28a4 Mon Sep 17 00:00:00 2001
From: yangzhouhan <yangzhouhan@gmail.com>
Date: Wed, 12 Aug 2015 18:26:30 -0700
Subject: [PATCH 1/5] add jwt_token_creds interop test

---
 credentials/oauth/oauth.go | 27 +++++++++++++++++++++++++++
 interop/client/client.go   | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go
index 1e4d74eb..acd7dfee 100644
--- a/credentials/oauth/oauth.go
+++ b/credentials/oauth/oauth.go
@@ -61,6 +61,33 @@ func (ts TokenSource) GetRequestMetadata(ctx context.Context) (map[string]string
 	}, nil
 }
 
+// jwtAccess creates a JWT and send as the access token.
+type jwtAccess struct {
+	ts oauth2.TokenSource
+}
+
+func NewJwtAccessFromFile(keyFile string, audience string) (credentials.Credentials, error) {
+	jsonKey, err := ioutil.ReadFile(keyFile)
+	if err != nil {
+		return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err)
+	}
+	ts, err := google.JWTAccessTokenSourceFromJSON(jsonKey, audience)
+	if err != nil {
+		return nil, err
+	}
+	return jwtAccess{ts: ts}, nil
+}
+
+func (j jwtAccess) GetRequestMetadata(ctx context.Context) (map[string]string, error) {
+	token, err := j.ts.Token()
+	if err != nil {
+		return nil, err
+	}
+	return map[string]string{
+		"authorization": token.TokenType + " " + token.AccessToken,
+	}, nil
+}
+
 // NewComputeEngine constructs the credentials that fetches access tokens from
 // Google Compute Engine (GCE)'s metadata server. It is only valid to use this
 // if your program is running on a GCE instance.
diff --git a/interop/client/client.go b/interop/client/client.go
index 335b1fef..3b9f2bc6 100644
--- a/interop/client/client.go
+++ b/interop/client/client.go
@@ -73,6 +73,7 @@ var (
         timeout_on_sleeping_server: fullduplex streaming;
         compute_engine_creds: large_unary with compute engine auth;
 	service_account_creds: large_unary with service account auth;
+		jwt_token_creds: large_unary with jwt token auth;
 	cancel_after_begin: cancellation after metadata has been sent but before payloads are sent;
 	cancel_after_first_response: cancellation after receiving 1st message from the server.`)
 )
@@ -339,6 +340,26 @@ func doServiceAccountCreds(tc testpb.TestServiceClient) {
 	grpclog.Println("ServiceAccountCreds done")
 }
 
+func doJwtTokenCreds(tc testpb.TestServiceClient) {
+	pl := newPayload(testpb.PayloadType_COMPRESSABLE, largeReqSize)
+	req := &testpb.SimpleRequest{
+		ResponseType: testpb.PayloadType_COMPRESSABLE.Enum(),
+		ResponseSize: proto.Int32(int32(largeRespSize)),
+		Payload:      pl,
+		FillUsername: proto.Bool(true),
+	}
+	reply, err := tc.UnaryCall(context.Background(), req)
+	if err != nil {
+		grpclog.Fatal("/TestService/UnaryCall RPC failed: ", err)
+	}
+	jsonKey := getServiceAccountJSONKey()
+	user := reply.GetUsername()
+	if !strings.Contains(string(jsonKey), user) {
+		grpclog.Fatalf("Got user name %q which is NOT a substring of %q.", user, jsonKey)
+	}
+	grpclog.Println("JwttokenCreds done")
+}
+
 var (
 	testMetadata = metadata.MD{
 		"key1": []string{"value1"},
@@ -418,6 +439,12 @@ func main() {
 				grpclog.Fatalf("Failed to create JWT credentials: %v", err)
 			}
 			opts = append(opts, grpc.WithPerRPCCredentials(jwtCreds))
+		} else if *testCase == "jwt_token_creds" {
+			jwtCreds, err := oauth.NewJwtAccessFromFile(*serviceAccountKeyFile, "https://"+*serverHost+":"+string(*serverPort)+"/"+"TestService")
+			if err != nil {
+				grpclog.Fatalf("Failed to create JWT credentials: %v", err)
+			}
+			opts = append(opts, grpc.WithPerRPCCredentials(jwtCreds))
 		}
 	}
 	conn, err := grpc.Dial(serverAddr, opts...)
@@ -451,6 +478,11 @@ func main() {
 			grpclog.Fatalf("TLS is not enabled. TLS is required to execute service_account_creds test case.")
 		}
 		doServiceAccountCreds(tc)
+	case "jwt_token_creds":
+		if !*useTLS {
+			grpclog.Fatalf("TLS is not enabled. TLS is required to execute service_account_creds test case.")
+		}
+		doJwtTokenCreds(tc)
 	case "cancel_after_begin":
 		doCancelAfterBegin(tc)
 	case "cancel_after_first_response":

From 3a245b8cab16bd8ac752ffdf28b986c52a087e9e Mon Sep 17 00:00:00 2001
From: yangzhouhan <yangzhouhan@gmail.com>
Date: Wed, 12 Aug 2015 18:28:16 -0700
Subject: [PATCH 2/5] fix the space

---
 interop/client/client.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/interop/client/client.go b/interop/client/client.go
index 3b9f2bc6..6f38330e 100644
--- a/interop/client/client.go
+++ b/interop/client/client.go
@@ -71,9 +71,9 @@ var (
         ping_pong : full-duplex streaming;
         empty_stream : full-duplex streaming with zero message;
         timeout_on_sleeping_server: fullduplex streaming;
-        compute_engine_creds: large_unary with compute engine auth;
-	service_account_creds: large_unary with service account auth;
-		jwt_token_creds: large_unary with jwt token auth;
+		compute_engine_creds: large_unary with compute engine auth;
+		service_account_creds: large_unary with service account auth;
+	jwt_token_creds: large_unary with jwt token auth;
 	cancel_after_begin: cancellation after metadata has been sent but before payloads are sent;
 	cancel_after_first_response: cancellation after receiving 1st message from the server.`)
 )

From 9f5d4180bd02cc6e857d97d078948a3c2861f54c Mon Sep 17 00:00:00 2001
From: yangzhouhan <yangzhouhan@gmail.com>
Date: Wed, 12 Aug 2015 18:29:17 -0700
Subject: [PATCH 3/5] fix the space

---
 interop/client/client.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interop/client/client.go b/interop/client/client.go
index 6f38330e..d8ff5a58 100644
--- a/interop/client/client.go
+++ b/interop/client/client.go
@@ -71,8 +71,8 @@ var (
         ping_pong : full-duplex streaming;
         empty_stream : full-duplex streaming with zero message;
         timeout_on_sleeping_server: fullduplex streaming;
-		compute_engine_creds: large_unary with compute engine auth;
-		service_account_creds: large_unary with service account auth;
+        compute_engine_creds: large_unary with compute engine auth;
+        service_account_creds: large_unary with service account auth;
 	jwt_token_creds: large_unary with jwt token auth;
 	cancel_after_begin: cancellation after metadata has been sent but before payloads are sent;
 	cancel_after_first_response: cancellation after receiving 1st message from the server.`)

From 41ee26a3533e0fa4df75251a5f2771c3d2dee836 Mon Sep 17 00:00:00 2001
From: yangzhouhan <yangzhouhan@gmail.com>
Date: Fri, 14 Aug 2015 11:20:13 -0700
Subject: [PATCH 4/5] add JWTAccessTokenFromKey

---
 credentials/oauth/oauth.go | 10 +++++++++-
 interop/client/client.go   |  8 ++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go
index acd7dfee..01a17188 100644
--- a/credentials/oauth/oauth.go
+++ b/credentials/oauth/oauth.go
@@ -66,7 +66,7 @@ type jwtAccess struct {
 	ts oauth2.TokenSource
 }
 
-func NewJwtAccessFromFile(keyFile string, audience string) (credentials.Credentials, error) {
+func NewJWTAccessFromFile(keyFile string, audience string) (credentials.Credentials, error) {
 	jsonKey, err := ioutil.ReadFile(keyFile)
 	if err != nil {
 		return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err)
@@ -78,6 +78,14 @@ func NewJwtAccessFromFile(keyFile string, audience string) (credentials.Credenti
 	return jwtAccess{ts: ts}, nil
 }
 
+func NewJWTAccessFromKey(jsonKey []byte, audience string) (credentials.Credentials, error) {
+	ts, err := google.JWTAccessTokenSourceFromJSON(jsonKey, audience)
+	if err != nil {
+		return nil, err
+	}
+	return jwtAccess{ts: ts}, nil
+}
+
 func (j jwtAccess) GetRequestMetadata(ctx context.Context) (map[string]string, error) {
 	token, err := j.ts.Token()
 	if err != nil {
diff --git a/interop/client/client.go b/interop/client/client.go
index d8ff5a58..865bcb34 100644
--- a/interop/client/client.go
+++ b/interop/client/client.go
@@ -340,7 +340,7 @@ func doServiceAccountCreds(tc testpb.TestServiceClient) {
 	grpclog.Println("ServiceAccountCreds done")
 }
 
-func doJwtTokenCreds(tc testpb.TestServiceClient) {
+func doJWTTokenCreds(tc testpb.TestServiceClient) {
 	pl := newPayload(testpb.PayloadType_COMPRESSABLE, largeReqSize)
 	req := &testpb.SimpleRequest{
 		ResponseType: testpb.PayloadType_COMPRESSABLE.Enum(),
@@ -357,7 +357,7 @@ func doJwtTokenCreds(tc testpb.TestServiceClient) {
 	if !strings.Contains(string(jsonKey), user) {
 		grpclog.Fatalf("Got user name %q which is NOT a substring of %q.", user, jsonKey)
 	}
-	grpclog.Println("JwttokenCreds done")
+	grpclog.Println("JWTtokenCreds done")
 }
 
 var (
@@ -440,7 +440,7 @@ func main() {
 			}
 			opts = append(opts, grpc.WithPerRPCCredentials(jwtCreds))
 		} else if *testCase == "jwt_token_creds" {
-			jwtCreds, err := oauth.NewJwtAccessFromFile(*serviceAccountKeyFile, "https://"+*serverHost+":"+string(*serverPort)+"/"+"TestService")
+			jwtCreds, err := oauth.NewJWTAccessFromFile(*serviceAccountKeyFile, "https://"+*serverHost+":"+string(*serverPort)+"/"+"TestService")
 			if err != nil {
 				grpclog.Fatalf("Failed to create JWT credentials: %v", err)
 			}
@@ -482,7 +482,7 @@ func main() {
 		if !*useTLS {
 			grpclog.Fatalf("TLS is not enabled. TLS is required to execute service_account_creds test case.")
 		}
-		doJwtTokenCreds(tc)
+		doJWTTokenCreds(tc)
 	case "cancel_after_begin":
 		doCancelAfterBegin(tc)
 	case "cancel_after_first_response":

From 32444cd24d01805b739e3436d974fccf2b2772b7 Mon Sep 17 00:00:00 2001
From: yangzhouhan <yangzhouhan@gmail.com>
Date: Fri, 14 Aug 2015 11:35:15 -0700
Subject: [PATCH 5/5] minor changes

---
 credentials/oauth/oauth.go | 7 +------
 interop/client/client.go   | 2 +-
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/credentials/oauth/oauth.go b/credentials/oauth/oauth.go
index 01a17188..28ed0c39 100644
--- a/credentials/oauth/oauth.go
+++ b/credentials/oauth/oauth.go
@@ -61,7 +61,6 @@ func (ts TokenSource) GetRequestMetadata(ctx context.Context) (map[string]string
 	}, nil
 }
 
-// jwtAccess creates a JWT and send as the access token.
 type jwtAccess struct {
 	ts oauth2.TokenSource
 }
@@ -71,11 +70,7 @@ func NewJWTAccessFromFile(keyFile string, audience string) (credentials.Credenti
 	if err != nil {
 		return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err)
 	}
-	ts, err := google.JWTAccessTokenSourceFromJSON(jsonKey, audience)
-	if err != nil {
-		return nil, err
-	}
-	return jwtAccess{ts: ts}, nil
+	return NewJWTAccessFromKey(jsonKey, audience)
 }
 
 func NewJWTAccessFromKey(jsonKey []byte, audience string) (credentials.Credentials, error) {
diff --git a/interop/client/client.go b/interop/client/client.go
index 865bcb34..122261d9 100644
--- a/interop/client/client.go
+++ b/interop/client/client.go
@@ -480,7 +480,7 @@ func main() {
 		doServiceAccountCreds(tc)
 	case "jwt_token_creds":
 		if !*useTLS {
-			grpclog.Fatalf("TLS is not enabled. TLS is required to execute service_account_creds test case.")
+			grpclog.Fatalf("TLS is not enabled. TLS is required to execute jwt_token_creds test case.")
 		}
 		doJWTTokenCreds(tc)
 	case "cancel_after_begin":