refactor!: remove additionalOptions from AuthClients

src/auth/awsclient.ts

@@ -20,7 +20,6 @@ import {
   BaseExternalAccountClientOptions,
 } from './baseexternalclient';
 import {Headers} from './oauth2client';
-import {AuthClientOptions} from './authclient';
 
 /**
  * AWS credentials JSON interface. This is used for AWS workloads.
@@ -82,16 +81,9 @@ export class AwsClient extends BaseExternalAccountClient {
    * An error is thrown if the credential is not a valid AWS credential.
    * @param options The external account options object typically loaded
    *   from the external account JSON credential file.
-   * @param additionalOptions **DEPRECATED, all options are available in the
-   *   `options` parameter.** Optional additional behavior customization options.
-   *   These currently customize expiration threshold time and whether to retry
-   *   on 401/403 API request errors.
    */
-  constructor(
-    options: AwsClientOptions,
-    additionalOptions?: AuthClientOptions
-  ) {
-    super(options, additionalOptions);
+  constructor(options: AwsClientOptions) {
+    super(options);
     this.environmentId = options.credential_source.environment_id;
     // This is only required if the AWS region is not available in the
     // AWS_REGION or AWS_DEFAULT_REGION environment variables.

src/auth/baseexternalclient.ts

@@ -156,18 +156,13 @@ export abstract class BaseExternalAccountClient extends AuthClient {
    * @param options The external account options object typically loaded
    *   from the external account JSON credential file. The camelCased options
    *   are aliases for the snake_cased options.
-   * @param additionalOptions **DEPRECATED, all options are available in the
-   *   `options` parameter.** Optional additional behavior customization options.
-   *   These currently customize expiration threshold time and whether to retry
-   *   on 401/403 API request errors.
    */
   constructor(
     options:
       | BaseExternalAccountClientOptions
-      | SnakeToCamelObject<BaseExternalAccountClientOptions>,
-    additionalOptions?: AuthClientOptions
+      | SnakeToCamelObject<BaseExternalAccountClientOptions>
   ) {
-    super({...options, ...additionalOptions});
+    super(options);
 
     const opts = originalOrCamelOptions(
       options as BaseExternalAccountClientOptions

src/auth/downscopedclient.ts

@@ -22,7 +22,7 @@ import * as stream from 'stream';
 
 import {BodyResponseCallback} from '../transporters';
 import {Credentials} from './credentials';
-import {AuthClient, AuthClientOptions} from './authclient';
+import {AuthClient} from './authclient';
 
 import {GetAccessTokenResponse, Headers} from './oauth2client';
 import * as sts from './stscredentials';
@@ -123,18 +123,12 @@ export class DownscopedClient extends AuthClient {
    *   on the resource that the rule applies to, the upper bound of the
    *   permissions that are available on that resource and an optional
    *   condition to further restrict permissions.
-   * @param additionalOptions **DEPRECATED, set this in the provided `authClient`.**
-   *   Optional additional behavior customization options.
-   * @param quotaProjectId **DEPRECATED, set this in the provided `authClient`.**
-   *   Optional quota project id for setting up in the x-goog-user-project header.
    */
   constructor(
     private readonly authClient: AuthClient,
-    private readonly credentialAccessBoundary: CredentialAccessBoundary,
-    additionalOptions?: AuthClientOptions,
-    quotaProjectId?: string
+    private readonly credentialAccessBoundary: CredentialAccessBoundary
   ) {
-    super({...additionalOptions, quotaProjectId});
+    super();
     // Check 1-10 Access Boundary Rules are defined within Credential Access
     // Boundary.
     if (

src/auth/externalAccountAuthorizedUserClient.ts

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import {AuthClient, AuthClientOptions} from './authclient';
+import {AuthClient} from './authclient';
 import {Headers} from './oauth2client';
 import {
   ClientAuthentication,
@@ -161,16 +161,9 @@ export class ExternalAccountAuthorizedUserClient extends AuthClient {
    * An error is throws if the credential is not valid.
    * @param options The external account authorized user option object typically
    *   from the external accoutn authorized user JSON credential file.
-   * @param additionalOptions **DEPRECATED, all options are available in the
-   *   `options` parameter.** Optional additional behavior customization options.
-   *   These currently customize expiration threshold time and whether to retry
-   *   on 401/403 API request errors.
    */
-  constructor(
-    options: ExternalAccountAuthorizedUserClientOptions,
-    additionalOptions?: AuthClientOptions
-  ) {
-    super({...options, ...additionalOptions});
+  constructor(options: ExternalAccountAuthorizedUserClientOptions) {
+    super(options);
     this.refreshToken = options.refresh_token;
     const clientAuth = {
       confidentialClientType: 'basic',
@@ -190,13 +183,13 @@ export class ExternalAccountAuthorizedUserClient extends AuthClient {
     // As threshold could be zero,
     // eagerRefreshThresholdMillis || EXPIRATION_TIME_OFFSET will override the
     // zero value.
-    if (typeof additionalOptions?.eagerRefreshThresholdMillis !== 'number') {
+    if (typeof options?.eagerRefreshThresholdMillis !== 'number') {
       this.eagerRefreshThresholdMillis = EXPIRATION_TIME_OFFSET;
     } else {
-      this.eagerRefreshThresholdMillis = additionalOptions!
+      this.eagerRefreshThresholdMillis = options!
         .eagerRefreshThresholdMillis as number;
     }
-    this.forceRefreshOnFailure = !!additionalOptions?.forceRefreshOnFailure;
+    this.forceRefreshOnFailure = !!options?.forceRefreshOnFailure;
 
     if (options.universe_domain) {
       this.universeDomain = options.universe_domain;

src/auth/externalclient.ts

@@ -32,7 +32,6 @@ import {
   PluggableAuthClient,
   PluggableAuthClientOptions,
 } from './pluggable-auth-client';
-import {AuthClientOptions} from './authclient';
 
 export type ExternalAccountClientOptions =
   | IdentityPoolClientOptions
@@ -60,32 +59,21 @@ export class ExternalAccountClient {
    * underlying credential source.
    * @param options The external account options object typically loaded
    *   from the external account JSON credential file.
-   * @param additionalOptions **DEPRECATED, all options are available in the
-   *   `options` parameter.** Optional additional behavior customization options.
-   *   These currently customize expiration threshold time and whether to retry
-   *   on 401/403 API request errors.
    * @return A BaseExternalAccountClient instance or null if the options
    *   provided do not correspond to an external account credential.
    */
   static fromJSON(
-    options: ExternalAccountClientOptions,
-    additionalOptions?: AuthClientOptions
+    options: ExternalAccountClientOptions
   ): BaseExternalAccountClient | null {
     if (options && options.type === EXTERNAL_ACCOUNT_TYPE) {
       if ((options as AwsClientOptions).credential_source?.environment_id) {
-        return new AwsClient(options as AwsClientOptions, additionalOptions);
+        return new AwsClient(options as AwsClientOptions);
       } else if (
         (options as PluggableAuthClientOptions).credential_source?.executable
       ) {
-        return new PluggableAuthClient(
-          options as PluggableAuthClientOptions,
-          additionalOptions
-        );
+        return new PluggableAuthClient(options as PluggableAuthClientOptions);
       } else {
-        return new IdentityPoolClient(
-          options as IdentityPoolClientOptions,
-          additionalOptions
-        );
+        return new IdentityPoolClient(options as IdentityPoolClientOptions);
       }
     } else {
       return null;

src/auth/googleauth.ts

@@ -622,16 +622,16 @@ export class GoogleAuth<T extends AuthClient = JSONClient> {
     } else if (json.type === IMPERSONATED_ACCOUNT_TYPE) {
       client = this.fromImpersonatedJSON(json as ImpersonatedJWTInput);
     } else if (json.type === EXTERNAL_ACCOUNT_TYPE) {
-      client = ExternalAccountClient.fromJSON(
-        json as ExternalAccountClientOptions,
-        options
-      )!;
+      client = ExternalAccountClient.fromJSON({
+        ...json,
+        ...options,
+      } as ExternalAccountClientOptions)!;
       client.scopes = this.getAnyScopes();
     } else if (json.type === EXTERNAL_ACCOUNT_AUTHORIZED_USER_TYPE) {
-      client = new ExternalAccountAuthorizedUserClient(
-        json as ExternalAccountAuthorizedUserClientOptions,
-        options
-      );
+      client = new ExternalAccountAuthorizedUserClient({
+        ...json,
+        ...options,
+      } as ExternalAccountAuthorizedUserClientOptions);
     } else {
       (options as JWTOptions).scopes = this.scopes;
       client = new JWT(options);

src/auth/identitypoolclient.ts

@@ -20,7 +20,6 @@ import {
   BaseExternalAccountClient,
   BaseExternalAccountClientOptions,
 } from './baseexternalclient';
-import {AuthClientOptions} from './authclient';
 import {SnakeToCamelObject, originalOrCamelOptions} from '../util';
 
 // fs.readfile is undefined in browser karma tests causing
@@ -76,18 +75,13 @@ export class IdentityPoolClient extends BaseExternalAccountClient {
    * @param options The external account options object typically loaded
    *   from the external account JSON credential file. The camelCased options
    *   are aliases for the snake_cased options.
-   * @param additionalOptions **DEPRECATED, all options are available in the
-   *   `options` parameter.** Optional additional behavior customization options.
-   *   These currently customize expiration threshold time and whether to retry
-   *   on 401/403 API request errors.
    */
   constructor(
     options:
       | IdentityPoolClientOptions
-      | SnakeToCamelObject<IdentityPoolClientOptions>,
-    additionalOptions?: AuthClientOptions
+      | SnakeToCamelObject<IdentityPoolClientOptions>
   ) {
-    super(options, additionalOptions);
+    super(options);
 
     const opts = originalOrCamelOptions(options as IdentityPoolClientOptions);
     const credentialSource = opts.get('credential_source');

src/auth/pluggable-auth-client.ts

@@ -21,7 +21,6 @@ import {
   InvalidExpirationTimeFieldError,
 } from './executable-response';
 import {PluggableAuthHandler} from './pluggable-auth-handler';
-import {AuthClientOptions} from './authclient';
 
 /**
  * Defines the credential source portion of the configuration for PluggableAuthClient.
@@ -189,16 +188,9 @@ export class PluggableAuthClient extends BaseExternalAccountClient {
    * An error is thrown if the credential is not a valid pluggable auth credential.
    * @param options The external account options object typically loaded from
    *   the external account JSON credential file.
-   * @param additionalOptions **DEPRECATED, all options are available in the
-   *   `options` parameter.** Optional additional behavior customization options.
-   *   These currently customize expiration threshold time and whether to retry
-   *   on 401/403 API request errors.
    */
-  constructor(
-    options: PluggableAuthClientOptions,
-    additionalOptions?: AuthClientOptions
-  ) {
-    super(options, additionalOptions);
+  constructor(options: PluggableAuthClientOptions) {
+    super(options);
     if (!options.credential_source.executable) {
       throw new Error('No valid Pluggable Auth "credential_source" provided.');
     }