diff --git a/credentials/credentials.go b/credentials/credentials.go
index 63c42a29..0c2b24c0 100644
--- a/credentials/credentials.go
+++ b/credentials/credentials.go
@@ -47,9 +47,6 @@ import (
 	"time"
 
 	"golang.org/x/net/context"
-	"golang.org/x/oauth2"
-	"golang.org/x/oauth2/google"
-	"golang.org/x/oauth2/jwt"
 )
 
 var (
@@ -199,72 +196,3 @@ func NewServerTLSFromFile(certFile, keyFile string) (TransportAuthenticator, err
 	}
 	return NewTLS(&tls.Config{Certificates: []tls.Certificate{cert}}), nil
 }
-
-// TokenSource supplies credentials from an oauth2.TokenSource.
-type TokenSource struct {
-	oauth2.TokenSource
-}
-
-// GetRequestMetadata gets the request metadata as a map from a TokenSource.
-func (ts TokenSource) GetRequestMetadata(ctx context.Context) (map[string]string, error) {
-	token, err := ts.Token()
-	if err != nil {
-		return nil, err
-	}
-	return map[string]string{
-		"authorization": token.TokenType + " " + token.AccessToken,
-	}, nil
-}
-
-// NewComputeEngine constructs the credentials that fetches access tokens from
-// Google Compute Engine (GCE)'s metadata server. It is only valid to use this
-// if your program is running on a GCE instance.
-// TODO(dsymonds): Deprecate and remove this.
-func NewComputeEngine() Credentials {
-	return TokenSource{google.ComputeTokenSource("")}
-}
-
-// serviceAccount represents credentials via JWT signing key.
-type serviceAccount struct {
-	config *jwt.Config
-}
-
-func (s serviceAccount) GetRequestMetadata(ctx context.Context) (map[string]string, error) {
-	token, err := s.config.TokenSource(ctx).Token()
-	if err != nil {
-		return nil, err
-	}
-	return map[string]string{
-		"authorization": token.TokenType + " " + token.AccessToken,
-	}, nil
-}
-
-// NewServiceAccountFromKey constructs the credentials using the JSON key slice
-// from a Google Developers service account.
-func NewServiceAccountFromKey(jsonKey []byte, scope ...string) (Credentials, error) {
-	config, err := google.JWTConfigFromJSON(jsonKey, scope...)
-	if err != nil {
-		return nil, err
-	}
-	return serviceAccount{config: config}, nil
-}
-
-// NewServiceAccountFromFile constructs the credentials using the JSON key file
-// of a Google Developers service account.
-func NewServiceAccountFromFile(keyFile string, scope ...string) (Credentials, error) {
-	jsonKey, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		return nil, fmt.Errorf("credentials: failed to read the service account key file: %v", err)
-	}
-	return NewServiceAccountFromKey(jsonKey, scope...)
-}
-
-// NewApplicationDefault returns "Application Default Credentials". For more
-// detail, see https://developers.google.com/accounts/docs/application-default-credentials.
-func NewApplicationDefault(ctx context.Context, scope ...string) (Credentials, error) {
-	t, err := google.DefaultTokenSource(ctx, scope...)
-	if err != nil {
-		return nil, err
-	}
-	return TokenSource{t}, nil
-}
diff --git a/grpc-auth-support.md b/grpc-auth-support.md
index 36fe0bd0..d9fb34fc 100644
--- a/grpc-auth-support.md
+++ b/grpc-auth-support.md
@@ -26,13 +26,13 @@ server.Serve(lis)
 ## Google Compute Engine (GCE)
 
 ```Go
-conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(credentials.NewComputeEngine())))
+conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(oauth.NewComputeEngine())))
 ```
 
 ## JWT
 
 ```Go
-jwtCreds, err := credentials.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
+jwtCreds, err := oauth.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
 if err != nil {
   log.Fatalf("Failed to create JWT credentials: %v", err)
 }
diff --git a/interop/client/client.go b/interop/client/client.go
index 1525c8bf..cc599cf4 100644
--- a/interop/client/client.go
+++ b/interop/client/client.go
@@ -46,6 +46,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/oauth"
 	"google.golang.org/grpc/grpclog"
 	testpb "google.golang.org/grpc/interop/grpc_testing"
 	"google.golang.org/grpc/metadata"
@@ -373,9 +374,9 @@ func main() {
 		}
 		opts = append(opts, grpc.WithTransportCredentials(creds))
 		if *testCase == "compute_engine_creds" {
-			opts = append(opts, grpc.WithPerRPCCredentials(credentials.NewComputeEngine()))
+			opts = append(opts, grpc.WithPerRPCCredentials(oauth.NewComputeEngine()))
 		} else if *testCase == "service_account_creds" {
-			jwtCreds, err := credentials.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
+			jwtCreds, err := oauth.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
 			if err != nil {
 				grpclog.Fatalf("Failed to create JWT credentials: %v", err)
 			}