check for empty authorization header

Author: scotthart

google/cloud/internal/oauth2_credentials.cc

@@ -28,7 +28,7 @@ Credentials::AuthenticationHeaders(std::chrono::system_clock::time_point tp,
   std::vector<rest_internal::HttpHeader> headers;
   auto authorization = Authorization(tp);
   if (!authorization) return std::move(authorization).status();
-  headers.push_back(*std::move(authorization));
+  if (!authorization->empty()) headers.push_back(*std::move(authorization));
 
   auto allowed_locations = AllowedLocations(tp, endpoint);
   // Not all credential types support the x-allowed-locations header. For those

google/cloud/internal/oauth2_credentials_test.cc

@@ -60,6 +60,17 @@ TEST(Credentials, AuthenticationHeaderError) {
   EXPECT_EQ(actual.status(), UnavailableError("try-again"));
 }
 
+TEST(Credentials, AuthenticationHeaderEmpty) {
+  MockCredentials mock;
+  EXPECT_CALL(mock, GetToken)
+      .WillOnce(Return(AccessToken{"", std::chrono::system_clock::now()}));
+  EXPECT_CALL(mock, AllowedLocations)
+      .WillOnce(Return(rest_internal::HttpHeader()));
+  auto actual = mock.AuthenticationHeaders(std::chrono::system_clock::now(),
+                                           "my-endpoint");
+  EXPECT_THAT(actual, IsOkAndHolds(std::vector<rest_internal::HttpHeader>{}));
+}
+
 TEST(Credentials, ProjectId) {
   MockCredentials mock;
   EXPECT_THAT(mock.project_id(), Not(IsOk()));