avoid duplication of hardcoded OAuth scopes

Neenu1995 · Neenu1995 · commit c1bed227bd56 · 2026-04-17T19:41:28.000-04:00
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java
@@ -80,6 +80,12 @@ final class BigQueryJdbcOAuthUtility {
           + "Thank you for using JDBC Driver for Google BigQuery!\n"
           + "You may now close the window.</body></html>";
 
+  static final String BIGQUERY_SCOPE = "https://www.googleapis.com/auth/bigquery";
+  static final String DRIVE_READONLY_SCOPE = "https://www.googleapis.com/auth/drive.readonly";
+
+  static final List<String> DEFAULT_SCOPES = Arrays.asList(BIGQUERY_SCOPE);
+  static final List<String> DRIVE_SCOPES = Arrays.asList(BIGQUERY_SCOPE, DRIVE_READONLY_SCOPE);
+
   private static final int USER_AUTH_TIMEOUT_MS = 120000;
   private static final BigQueryJdbcCustomLogger LOG =
       new BigQueryJdbcCustomLogger(BigQueryJdbcOAuthUtility.class.getName());
@@ -119,15 +125,17 @@ static Map<String, String> parseOAuthProperties(DataSource ds, String callerClas
     oauthProperties.put(BigQueryJdbcUrlUtility.OAUTH_TYPE_PROPERTY_NAME, String.valueOf(authType));
 
     Integer reqGoogleDriveScope = ds.getRequestGoogleDriveScope();
-    if( reqGoogleDriveScope != null){
-      Boolean reqGoogleDriveScopeBool = BigQueryJdbcUrlUtility.convertIntToBoolean(String.valueOf(reqGoogleDriveScope), BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME);
+    if (reqGoogleDriveScope != null) {
+      Boolean reqGoogleDriveScopeBool =
+          BigQueryJdbcUrlUtility.convertIntToBoolean(
+              String.valueOf(reqGoogleDriveScope),
+              BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME);
       oauthProperties.put(
           BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME,
           String.valueOf(reqGoogleDriveScopeBool));
       LOG.fine("RequestGoogleDriveScope parsed.");
     }
 
-
     switch (authType) {
       case GOOGLE_SERVICE_ACCOUNT:
         // For using a Google Service Account (OAuth Type 0)
@@ -245,7 +253,7 @@ static Map<String, String> parseOAuthProperties(DataSource ds, String callerClas
           BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME,
           ds.getOAuthSAImpersonationScopes() != null
               ? ds.getOAuthSAImpersonationScopes()
-              : BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_SCOPES_VALUE);
+              : BIGQUERY_SCOPE);
       oauthProperties.put(
           BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME,
           ds.getOAuthSAImpersonationTokenLifetime() != null
@@ -379,11 +387,11 @@ private static GoogleCredentials getGoogleServiceAccountCredentials(
         builder.setUniverseDomain(
             overrideProperties.get(BigQueryJdbcUrlUtility.UNIVERSE_DOMAIN_OVERRIDE_PROPERTY_NAME));
       }
-      if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))){
-        builder.setScopes(
-            Arrays.asList(
-                "https://www.googleapis.com/auth/bigquery",
-                "https://www.googleapis.com/auth/drive.readonly"));
+      if ("true"
+          .equals(
+              authProperties.get(
+                  BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
+        builder.setScopes(DRIVE_SCOPES);
         LOG.fine("Added Google Drive read-only scope to Service Account builder.");
       }
     } catch (URISyntaxException | IOException e) {
@@ -418,11 +426,12 @@ static UserAuthorizer getUserAuthorizer(
       userAuthorizerBuilder.setTokenServerUri(
           new URI(overrideProperties.get(BigQueryJdbcUrlUtility.OAUTH2_TOKEN_URI_PROPERTY_NAME)));
     }
-    List<String> scopes = new ArrayList<>();
-    scopes.add("https://www.googleapis.com/auth/bigquery");
+    List<String> scopes = new java.util.ArrayList<>(DEFAULT_SCOPES);
 
-    if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
-      scopes.add("https://www.googleapis.com/auth/drive.readonly");
+    if ("true"
+        .equals(
+            authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
+      scopes.add(DRIVE_READONLY_SCOPE);
       LOG.fine("Added Google Drive read-only scope to User Account builder.");
     }
 
@@ -501,22 +510,19 @@ private static GoogleCredentials getPreGeneratedAccessTokenCredentials(
     }
 
     LOG.info("Connection established. Auth Method: Pre-generated Access Token.");
-    GoogleCredentials credentials =  builder
-        .setAccessToken(
-            AccessToken.newBuilder()
-                .setTokenValue(
-                    authProperties.get(BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_PROPERTY_NAME))
-                .build())
-        .build();
-
-
-    if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
-      credentials = credentials.createScoped(
-          Arrays.asList(
-              "https://www.googleapis.com/auth/bigquery",
-              "https://www.googleapis.com/auth/drive.readonly"
-          )
-      );
+    GoogleCredentials credentials =
+        builder
+            .setAccessToken(
+                AccessToken.newBuilder()
+                    .setTokenValue(
+                        authProperties.get(BigQueryJdbcUrlUtility.OAUTH_ACCESS_TOKEN_PROPERTY_NAME))
+                    .build())
+            .build();
+
+    if ("true"
+        .equals(
+            authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
+      credentials = credentials.createScoped(DRIVE_SCOPES);
     }
 
     return credentials;
@@ -567,19 +573,17 @@ static UserCredentials getPreGeneratedRefreshTokenCredentials(
 
     UserCredentials userCredentials = userCredentialsBuilder.build();
 
-    if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
-      userCredentials =  (UserCredentials) userCredentials.createScoped(
-          Arrays.asList(
-              "https://www.googleapis.com/auth/bigquery",
-              "https://www.googleapis.com/auth/drive.readonly"
-          )
-      );
+    if ("true"
+        .equals(
+            authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
+      userCredentials = (UserCredentials) userCredentials.createScoped(DRIVE_SCOPES);
     }
     LOG.info("Connection established. Auth Method: Pre-generated Refresh Token.");
     return userCredentials;
   }
 
-  private static GoogleCredentials getApplicationDefaultCredentials(Map<String, String> authProperties, String callerClassName) {
+  private static GoogleCredentials getApplicationDefaultCredentials(
+      Map<String, String> authProperties, String callerClassName) {
     LOG.finest("++enter++\t" + callerClassName);
     try {
       GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();
@@ -595,13 +599,11 @@ private static GoogleCredentials getApplicationDefaultCredentials(Map<String, St
           "Connection established. Auth Method: Application Default Credentials, Principal: %s.",
           principal);
 
-      if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
-        credentials = credentials.createScoped(
-            Arrays.asList(
-                "https://www.googleapis.com/auth/bigquery",
-                "https://www.googleapis.com/auth/drive.readonly"
-            )
-        );
+      if ("true"
+          .equals(
+              authProperties.get(
+                  BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
+        credentials = credentials.createScoped(DRIVE_SCOPES);
         LOG.fine("Added Google Drive read-only scope to ADC credentials.");
       }
 
@@ -652,23 +654,22 @@ private static GoogleCredentials getExternalAccountAuthCredentials(
 
       GoogleCredentials credentials;
       if (credentialsPath != null) {
-        credentials = ExternalAccountCredentials.fromStream(
-            Files.newInputStream(Paths.get(credentialsPath)));
+        credentials =
+            ExternalAccountCredentials.fromStream(Files.newInputStream(Paths.get(credentialsPath)));
       } else if (jsonObject != null) {
-        credentials = ExternalAccountCredentials.fromStream(
-            new ByteArrayInputStream(jsonObject.toString().getBytes()));
+        credentials =
+            ExternalAccountCredentials.fromStream(
+                new ByteArrayInputStream(jsonObject.toString().getBytes()));
       } else {
         throw new IllegalArgumentException(
             "Insufficient info provided for external authentication");
       }
 
-      if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
-        credentials = credentials.createScoped(
-            Arrays.asList(
-                "https://www.googleapis.com/auth/bigquery",
-                "https://www.googleapis.com/auth/drive.readonly"
-            )
-        );
+      if ("true"
+          .equals(
+              authProperties.get(
+                  BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
+        credentials = credentials.createScoped(DRIVE_SCOPES);
         LOG.fine("Added Google Drive read-only scope to External Account credentials.");
       }
 
@@ -706,9 +707,11 @@ private static GoogleCredentials getServiceAccountImpersonatedCredentials(
                     .get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME)
                     .split(",")));
 
-    if ("true".equals(authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
-      if (!impersonationScopes.contains("https://www.googleapis.com/auth/drive.readonly")) {
-        impersonationScopes.add("https://www.googleapis.com/auth/drive.readonly");
+    if ("true"
+        .equals(
+            authProperties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME))) {
+      if (!impersonationScopes.contains(DRIVE_READONLY_SCOPE)) {
+        impersonationScopes.add(DRIVE_READONLY_SCOPE);
         LOG.fine("Added Google Drive read-only scope to impersonation scopes.");
       }
     }
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcUrlUtility.java b/java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcUrlUtility.java
@@ -70,8 +70,7 @@ protected boolean removeEldestEntry(Map.Entry<String, Map<String, String>> eldes
   static final String HTAPI_ACTIVATION_RATIO_PROPERTY_NAME = "HighThroughputActivationRatio";
   static final String KMS_KEY_NAME_PROPERTY_NAME = "KMSKeyName";
   static final String QUERY_PROPERTIES_NAME = "QueryProperties";
-  static final int DEFAULT_HTAPI_ACTIVATION_RATIO_VALUE =
-      2; // TODO: to adjust this value before private preview based on performance testing.
+  static final int DEFAULT_HTAPI_ACTIVATION_RATIO_VALUE = 2;
   static final String HTAPI_MIN_TABLE_SIZE_PROPERTY_NAME = "HighThroughputMinTableSize";
   static final int DEFAULT_HTAPI_MIN_TABLE_SIZE_VALUE = 100;
   static final int DEFAULT_OAUTH_TYPE_VALUE = -1;
@@ -86,8 +85,6 @@ protected boolean removeEldestEntry(Map.Entry<String, Map<String, String>> eldes
   static final String DEFAULT_OAUTH_SA_IMPERSONATION_CHAIN_VALUE = null;
   static final String OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME =
       "ServiceAccountImpersonationScopes";
-  static final String DEFAULT_OAUTH_SA_IMPERSONATION_SCOPES_VALUE =
-      "https://www.googleapis.com/auth/bigquery";
   static final String OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME =
       "ServiceAccountImpersonationTokenLifetime";
   static final String DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE = "3600";
diff --git a/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java b/java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java
@@ -381,8 +381,7 @@ public void testParseOAuthProperties_UserAccount_RequestDriveScopeDefault() {
         BigQueryJdbcOAuthUtility.parseOAuthProperties(
             DataSource.fromUrl(url), this.getClass().getName());
     assertEquals(
-        "false",
-        properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME));
+        "false", properties.get(BigQueryJdbcUrlUtility.REQUEST_GOOGLE_DRIVE_SCOPE_PROPERTY_NAME));
   }
 
   @Test
@@ -473,7 +472,7 @@ public void testParseUserImpersonationDefault() {
         "impersonated",
         result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME));
     assertEquals(
-        BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_SCOPES_VALUE,
+        BigQueryJdbcOAuthUtility.BIGQUERY_SCOPE,
         result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_SCOPES_PROPERTY_NAME));
     assertEquals(
         BigQueryJdbcUrlUtility.DEFAULT_OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_VALUE,
