googleapis
diff --git a/‎google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java‎
Lines changed: 2 additions & 27 deletions b/‎google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ComputeEngineCredentials.java‎
Lines changed: 2 additions & 27 deletions
diff --git a/‎google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentials.java‎
Lines changed: 1 addition & 29 deletions b/‎google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ExternalAccountAuthorizedUserCredentials.java‎
Lines changed: 1 addition & 29 deletions
diff --git a/‎google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java‎
Lines changed: 1 addition & 48 deletions b/‎google-auth-library-java/oauth2_http/java/com/google/auth/oauth2/ExternalAccountCredentials.java‎
Lines changed: 1 addition & 48 deletions
@@ -41,7 +41,6 @@
 import com.google.api.client.http.HttpStatusCodes;
 import com.google.api.client.json.JsonObjectParser;
 import com.google.api.client.util.GenericData;
-import com.google.api.core.InternalApi;
 import com.google.auth.CredentialTypeForMetrics;
 import com.google.auth.Credentials;
 import com.google.auth.Retryable;
@@ -72,7 +71,6 @@
 import java.util.Objects;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.util.regex.Pattern;
 
 /**
  * OAuth2 credentials representing the built-in service account for a Google Compute Engine VM.
@@ -82,7 +80,7 @@
  * <p>These credentials use the IAM API to sign data. See {@link #sign(byte[])} for more details.
  */
 public class ComputeEngineCredentials extends GoogleCredentials
-    implements ServiceAccountSigner, IdTokenProvider, RegionalAccessBoundaryProvider {
+    implements ServiceAccountSigner, IdTokenProvider {
 
   static final String METADATA_RESPONSE_EMPTY_CONTENT_ERROR_MESSAGE =
       "Empty content from metadata token server request.";
@@ -118,7 +116,6 @@ public class ComputeEngineCredentials extends GoogleCredentials
 
   private static final String PARSE_ERROR_PREFIX = "Error parsing token refresh response. ";
   private static final String PARSE_ERROR_ACCOUNT = "Error parsing service account response. ";
-  private static final Pattern EMAIL_PATTERN = Pattern.compile("^[^@]+@[^@]+\\.[^@]+$");
   private static final long serialVersionUID = -4113476462526554235L;
 
   private final String transportFactoryClassName;
@@ -457,6 +454,7 @@ public AccessToken refreshAccessToken() throws IOException {
     int expiresInSeconds =
         OAuth2Utils.validateInt32(responseData, "expires_in", PARSE_ERROR_PREFIX);
     long expiresAtMilliseconds = clock.currentTimeMillis() + expiresInSeconds * 1000;
+
     return new AccessToken(accessToken, new Date(expiresAtMilliseconds));
   }
 
@@ -781,11 +779,6 @@ public static Builder newBuilder() {
    *
    * @throws RuntimeException if the default service account cannot be read
    */
-  @Override
-  HttpTransportFactory getTransportFactory() {
-    return transportFactory;
-  }
-
   @Override
   // todo(#314) getAccount should not throw a RuntimeException
   public String getAccount() {
@@ -799,24 +792,6 @@ public String getAccount() {
     return principal;
   }
 
-  @InternalApi
-  @Override
-  public String getRegionalAccessBoundaryUrl() throws IOException {
-    String account = getAccount();
-    // The MDS may return a non-email value for the account and we should skip RAB refresh in that
-    // scenario.
-    if (account == null || !EMAIL_PATTERN.matcher(account).matches()) {
-      LoggingUtils.log(
-          LOGGER_PROVIDER,
-          Level.INFO,
-          Collections.emptyMap(),
-          "Unable to retrieve this instance's email and will skip the regional request routing. Proceeding with request");
-      return null;
-    }
-    return String.format(
-        OAuth2Utils.IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_SERVICE_ACCOUNT, account);
-  }
-
   /**
    * Signs the provided bytes using the private key associated with the service account.
    *
 
@@ -31,9 +31,7 @@
 
 package com.google.auth.oauth2;
 
-import static com.google.auth.oauth2.OAuth2Utils.IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_WORKFORCE_POOL;
 import static com.google.auth.oauth2.OAuth2Utils.JSON_FACTORY;
-import static com.google.auth.oauth2.OAuth2Utils.WORKFORCE_AUDIENCE_PATTERN;
 
 import com.google.api.client.http.GenericUrl;
 import com.google.api.client.http.HttpHeaders;
@@ -45,7 +43,6 @@
 import com.google.api.client.json.JsonObjectParser;
 import com.google.api.client.util.GenericData;
 import com.google.api.client.util.Preconditions;
-import com.google.api.core.InternalApi;
 import com.google.auth.http.HttpTransportFactory;
 import com.google.common.base.MoreObjects;
 import com.google.common.io.BaseEncoding;
@@ -57,7 +54,6 @@
 import java.util.Date;
 import java.util.Map;
 import java.util.Objects;
-import java.util.regex.Matcher;
 import javax.annotation.Nullable;
 
 /**
@@ -78,8 +74,7 @@
  * }
  * </pre>
  */
-public class ExternalAccountAuthorizedUserCredentials extends GoogleCredentials
-    implements RegionalAccessBoundaryProvider {
+public class ExternalAccountAuthorizedUserCredentials extends GoogleCredentials {
   private static final LoggerProvider LOGGER_PROVIDER =
       LoggerProvider.forClazz(ExternalAccountAuthorizedUserCredentials.class);
 
@@ -234,29 +229,6 @@ public AccessToken refreshAccessToken() throws IOException {
         .build();
   }
 
-  @InternalApi
-  @Override
-  public String getRegionalAccessBoundaryUrl() throws IOException {
-    String audience = getAudience();
-    if (audience == null) {
-      throw new IllegalStateException(
-          "The audience is null, which is not in the correct format for a workforce pool.");
-    }
-    Matcher matcher = WORKFORCE_AUDIENCE_PATTERN.matcher(audience);
-    if (!matcher.matches()) {
-      throw new IllegalStateException(
-          "The provided audience is not in the correct format for a workforce pool. "
-              + "Refer: https://docs.cloud.google.com/iam/docs/principal-identifiers");
-    }
-    String poolId = matcher.group("pool");
-    return String.format(IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_WORKFORCE_POOL, poolId);
-  }
-
-  @Override
-  HttpTransportFactory getTransportFactory() {
-    return transportFactory;
-  }
-
   @Nullable
   public String getAudience() {
     return audience;
 
@@ -31,14 +31,11 @@
 
 package com.google.auth.oauth2;
 
-import static com.google.auth.oauth2.OAuth2Utils.WORKFORCE_AUDIENCE_PATTERN;
-import static com.google.auth.oauth2.OAuth2Utils.WORKLOAD_AUDIENCE_PATTERN;
 import static com.google.common.base.Preconditions.checkNotNull;
 
 import com.google.api.client.http.HttpHeaders;
 import com.google.api.client.json.GenericJson;
 import com.google.api.client.util.Data;
-import com.google.api.core.InternalApi;
 import com.google.auth.RequestMetadataCallback;
 import com.google.auth.http.HttpTransportFactory;
 import com.google.common.base.MoreObjects;
@@ -57,7 +54,6 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.concurrent.Executor;
-import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.annotation.Nullable;
 
@@ -67,8 +63,7 @@
  * <p>Handles initializing external credentials, calls to the Security Token Service, and service
  * account impersonation.
  */
-public abstract class ExternalAccountCredentials extends GoogleCredentials
-    implements RegionalAccessBoundaryProvider {
+public abstract class ExternalAccountCredentials extends GoogleCredentials {
 
   private static final long serialVersionUID = 8049126194174465023L;
 
@@ -582,11 +577,6 @@ protected AccessToken exchangeExternalCredentialForAccessToken(
    */
   public abstract String retrieveSubjectToken() throws IOException;
 
-  @Override
-  HttpTransportFactory getTransportFactory() {
-    return transportFactory;
-  }
-
   public String getAudience() {
     return audience;
   }
@@ -630,43 +620,6 @@ public String getServiceAccountEmail() {
     return ImpersonatedCredentials.extractTargetPrincipal(serviceAccountImpersonationUrl);
   }
 
-  @InternalApi
-  @Override
-  public String getRegionalAccessBoundaryUrl() throws IOException {
-    if (getServiceAccountEmail() != null) {
-      return String.format(
-          OAuth2Utils.IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_SERVICE_ACCOUNT,
-          getServiceAccountEmail());
-    }
-
-    String audience = getAudience();
-    if (audience == null) {
-      throw new IllegalStateException(
-          "The audience is null, which is not in a valid format for either a workload identity pool or a workforce pool.");
-    }
-
-    Matcher workforceMatcher = WORKFORCE_AUDIENCE_PATTERN.matcher(audience);
-    if (workforceMatcher.matches()) {
-      String poolId = workforceMatcher.group("pool");
-      return String.format(
-          OAuth2Utils.IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_WORKFORCE_POOL, poolId);
-    }
-
-    Matcher workloadMatcher = WORKLOAD_AUDIENCE_PATTERN.matcher(audience);
-    if (workloadMatcher.matches()) {
-      String projectNumber = workloadMatcher.group("project");
-      String poolId = workloadMatcher.group("pool");
-      return String.format(
-          OAuth2Utils.IAM_CREDENTIALS_ALLOWED_LOCATIONS_URL_FORMAT_WORKLOAD_POOL,
-          projectNumber,
-          poolId);
-    }
-
-    throw new IllegalStateException(
-        "The provided audience is not in a valid format for either a workload identity pool or a workforce pool."
-            + " Refer: https://docs.cloud.google.com/iam/docs/principal-identifiers");
-  }
-
   @Nullable
   public String getClientId() {
     return clientId;