From 6a53e9b372477f4d64ca519dc0a23af8dd5b3015 Mon Sep 17 00:00:00 2001 From: Tiago Quelhas Date: Tue, 7 Apr 2026 18:23:16 +0200 Subject: [PATCH] RFC: Make DefaultCredentialsProvider public. Motivation: Bazel uses GoogleCredentials.getApplicationDefault() to locate and load Application Default Credentials. Because this method calls through to a DefaultCredentialsProvider singleton instance which caches the credentials, they can never be reloaded; the only way to force a reload is to restart the Bazel server (see bazelbuild/bazel#23368). With this change, Bazel could instantiate a fresh DefaultCredentialsProvider and call getDefaultCredentials() on it directly. I'd also accept any alternative that has the effect of forcing a reload (e.g., a GoogleCredentials.getApplicationDefaultUncached() method; or a reload argument to the existing method; or a cache reset method). All I want is to avoid duplicating the DefaultCredentialsProvider logic in Bazel. --- .../com/google/auth/oauth2/DefaultCredentialsProvider.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java b/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java index acbfe28af..b92736b0a 100644 --- a/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java +++ b/oauth2_http/java/com/google/auth/oauth2/DefaultCredentialsProvider.java @@ -52,7 +52,7 @@ *

An instance represents the per-process state used to get and cache the credential and allows * overriding the state and environment for testing purposes. */ -class DefaultCredentialsProvider { +public class DefaultCredentialsProvider { static final DefaultCredentialsProvider DEFAULT = new DefaultCredentialsProvider(); static final String CREDENTIAL_ENV_VAR = "GOOGLE_APPLICATION_CREDENTIALS"; static final String QUOTA_PROJECT_ENV_VAR = "GOOGLE_CLOUD_QUOTA_PROJECT"; @@ -89,7 +89,7 @@ class DefaultCredentialsProvider { private boolean checkedAppEngine = false; private boolean checkedComputeEngine = false; - DefaultCredentialsProvider() {} + public DefaultCredentialsProvider() {} /** * Returns the Application Default Credentials. @@ -113,7 +113,7 @@ class DefaultCredentialsProvider { * @return the credentials instance. * @throws IOException if the credentials cannot be created in the current environment. */ - final GoogleCredentials getDefaultCredentials(HttpTransportFactory transportFactory) + public final GoogleCredentials getDefaultCredentials(HttpTransportFactory transportFactory) throws IOException { synchronized (this) { if (cachedCredentials == null) {