address review comments

Author: whowes

sdk-platform-java/java-core/google-cloud-core/src/main/java/com/google/cloud/ServiceOptions.java

@@ -666,9 +666,10 @@ public Credentials getScopedCredentials() {
         && ((GoogleCredentials) credentials).createScopedRequired()) {
       credentialsToReturn = ((GoogleCredentials) credentials).createScoped(getScopes());
     }
-    if (getUseJwtAccessWithScope() && credentialsToReturn instanceof ServiceAccountCredentials) {
+    if (credentialsToReturn instanceof ServiceAccountCredentials) {
       credentialsToReturn =
-          ((ServiceAccountCredentials) credentialsToReturn).createWithUseJwtAccessWithScope(true);
+          ((ServiceAccountCredentials) credentialsToReturn)
+              .createWithUseJwtAccessWithScope(getUseJwtAccessWithScope());
     }
     return credentialsToReturn;
   }

sdk-platform-java/java-core/google-cloud-core/src/test/java/com/google/cloud/ServiceOptionsTest.java

@@ -631,7 +631,7 @@ void testIsValidUniverseDomain_userUniverseDomainConfig_nonGDUCredentials() thro
   }
 
   @Test
-  void testGetScopedCredentials_enablesSelfSignedJwtForServiceAccount() {
+  void testGetScopedCredentials_useJwtAccessWithScope_enablesByDefault() {
     TestServiceOptions options =
         TestServiceOptions.newBuilder()
             .setProjectId("project-id")
@@ -643,7 +643,7 @@ void testGetScopedCredentials_enablesSelfSignedJwtForServiceAccount() {
   }
 
   @Test
-  void testGetScopedCredentials_optsOutSelfSignedJwt() {
+  void testGetScopedCredentials_useJwtAccessWithScope_canBeDisabled() {
     TestServiceOptions options =
         new TestServiceOptions.Builder()
             .setProjectId("project-id")
@@ -655,6 +655,21 @@ void testGetScopedCredentials_optsOutSelfSignedJwt() {
     assertThat(((ServiceAccountCredentials) scoped).getUseJwtAccessWithScope()).isFalse();
   }
 
+  @Test
+  void testGetScopedCredentials_useJwtAccessWithScope_overridesCredentials() {
+    ServiceAccountCredentials trueCredentials =
+        ((ServiceAccountCredentials) credentials).createWithUseJwtAccessWithScope(true);
+    TestServiceOptions options =
+        new TestServiceOptions.Builder()
+            .setProjectId("project-id")
+            .setCredentials(trueCredentials)
+            .setUseJwtAccessWithScope(false)
+            .build();
+    com.google.auth.Credentials scoped = options.getScopedCredentials();
+    assertThat(scoped).isInstanceOf(ServiceAccountCredentials.class);
+    assertThat(((ServiceAccountCredentials) scoped).getUseJwtAccessWithScope()).isFalse();
+  }
+
   private HttpResponse createHttpResponseWithHeader(final Multimap<String, String> headers)
       throws Exception {
     HttpTransport mockHttpTransport =