From b21ee3bedf3c63cdeb319afb3c87787e899e0e49 Mon Sep 17 00:00:00 2001
From: Juan Amari <11861490+juanamari94@users.noreply.github.com>
Date: Fri, 14 Jun 2024 11:44:54 -0300
Subject: [PATCH] fix(auth): use the full format for the JWT payload in
 IAPToken (#765)

Some of the GCP products when retrieving the JWT token from the GCE
Metadata Server come with the `email` claim, but some have recently
started not returning that claim as part of the JWT payload. Adding the
`format=full` query parameter to the GCE Metadata Server API seems to
return the `email` claim for these cases, along with other GCE Metadata
which for the time being we do not need and thus, we discard.

[See these docs for more
information.](https://cloud.google.com/compute/docs/instances/verifying-instance-identity#request_signature)
---
 auth/gcloud/aio/auth/token.py | 2 +-
 auth/pyproject.toml           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/auth/gcloud/aio/auth/token.py b/auth/gcloud/aio/auth/token.py
index a3f725b9f..958f2bd4f 100644
--- a/auth/gcloud/aio/auth/token.py
+++ b/auth/gcloud/aio/auth/token.py
@@ -57,7 +57,7 @@
 )
 GCE_ENDPOINT_ID_TOKEN = (
     f'{GCE_METADATA_BASE}/instance/service-accounts'
-    '/default/identity?audience={audience}'
+    '/default/identity?audience={audience}&format=full'
 )
 GCLOUD_ENDPOINT_GENERATE_ACCESS_TOKEN = (
     'https://iamcredentials.googleapis.com'
diff --git a/auth/pyproject.toml b/auth/pyproject.toml
index 265864a19..896793458 100644
--- a/auth/pyproject.toml
+++ b/auth/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "gcloud-aio-auth"
-version = "5.3.1"
+version = "5.3.2"
 description = "Python Client for Google Cloud Auth"
 readme = "README.rst"