fix: disable self signed jwt for domain wide delegation (#873)

commit: 0cd15e2ae20f7caddf9eb2d069064058d3c14ad7 [log] [tgz]
author: arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com> Tue Sep 28 13:40:43 2021 -0700
committer: GitHub <noreply@github.com> Tue Sep 28 13:40:43 2021 -0700
tree: eedc4658e5b3b39cc051a8eb76752d4b34a2de35
parent: a53bd0cf4d30e738dd6bf17067a0759eedce093f [diff]
diff --git a/google/oauth2/service_account.py b/google/oauth2/service_account.py
index 8f18f26..ecaac03 100644
--- a/google/oauth2/service_account.py
+++ b/google/oauth2/service_account.py

@@ -399,7 +399,9 @@
 
     @_helpers.copy_docstring(credentials.Credentials)
     def refresh(self, request):
-        if self._jwt_credentials is not None:
+        # Since domain wide delegation doesn't work with self signed JWT. If
+        # subject exists, then we should not use self signed JWT.
+        if self._subject is None and self._jwt_credentials is not None:
             self._jwt_credentials.refresh(request)
             self.token = self._jwt_credentials.token
             self.expiry = self._jwt_credentials.expiry
commit	0cd15e2ae20f7caddf9eb2d069064058d3c14ad7	[log] [tgz]
author	arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>	Tue Sep 28 13:40:43 2021 -0700
committer	GitHub <noreply@github.com>	Tue Sep 28 13:40:43 2021 -0700
tree	eedc4658e5b3b39cc051a8eb76752d4b34a2de35
parent	a53bd0cf4d30e738dd6bf17067a0759eedce093f [diff]