fix(auth): Fix UserCredentials serialization clientSecret leak and key mismatch

Author: lsirac

google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/UserCredentials.java

@@ -328,7 +328,7 @@ private InputStream getUserCredentialsStream() throws IOException {
       json.put("client_secret", clientSecret);
     }
     if (quotaProjectId != null) {
-      json.put("quota_project", clientSecret);
+      json.put("quota_project_id", quotaProjectId);
     }
     json.setFactory(JSON_FACTORY);
     String text = json.toPrettyString();

google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/DefaultCredentialsProviderTest.java

@@ -387,6 +387,7 @@ void getDefaultCredentials_GdchServiceAccount() throws IOException {
     assertNotNull(((GdchCredentials) defaultCredentials).getApiAudience());
   }
 
+  @Test
   void getDefaultCredentials_quota_project() throws IOException {
     InputStream userStream =
         UserCredentialsTest.writeUserStream(

google-auth-library-java/oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java

@@ -635,6 +635,7 @@ void saveAndRestoreUserCredential_saveAndRestored_doesNotThrow() throws IOExcept
             .setClientId(CLIENT_ID)
             .setClientSecret(CLIENT_SECRET)
             .setRefreshToken(REFRESH_TOKEN)
+            .setQuotaProjectId(QUOTA_PROJECT)
             .build();
 
     File file = File.createTempFile("GOOGLE_APPLICATION_CREDENTIALS", null, null);
@@ -649,6 +650,7 @@ void saveAndRestoreUserCredential_saveAndRestored_doesNotThrow() throws IOExcept
       assertEquals(userCredentials.getClientId(), restoredCredentials.getClientId());
       assertEquals(userCredentials.getClientSecret(), restoredCredentials.getClientSecret());
       assertEquals(userCredentials.getRefreshToken(), restoredCredentials.getRefreshToken());
+      assertEquals(userCredentials.getQuotaProjectId(), restoredCredentials.getQuotaProjectId());
     }
   }