googleapis · anishesg · Apr 24, 2026 · Apr 24, 2026 · gemini-code-assist · Apr 24, 2026
@@ -32,6 +32,8 @@
 package com.google.auth.oauth2;
 
 import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.UncheckedIOException;
 
 /**
  * This public class provides shared utilities for common OAuth2 utils or ADC. It also exposes
@@ -70,7 +72,14 @@ static final File getWellKnownCredentialsFile(DefaultCredentialsProvider provide
     if (envPath != null) {
       cloudConfigPath = new File(envPath);
     } else if (provider.getOsName().indexOf("windows") >= 0) {
-      File appDataPath = new File(provider.getEnv("APPDATA"));
+      String appDataEnv = provider.getEnv("APPDATA");
+      if (appDataEnv == null) {
+        throw new UncheckedIOException(
+            new FileNotFoundException(
+                "APPDATA environment variable is not set; cannot locate the well-known"
+                    + " credentials file on Windows."));
+      }
-      if (appDataEnv == null) {
-        throw new UncheckedIOException(
-            new FileNotFoundException(
-                "APPDATA environment variable is not set; cannot locate the well-known"
-                    + " credentials file on Windows."));
-      }
+      if (appDataEnv == null || appDataEnv.trim().isEmpty()) {
+        throw new UncheckedIOException(
+            new FileNotFoundException(
+                "APPDATA environment variable is not set or empty; cannot locate the well-known"
+                    + " credentials file on Windows."));
+      }
-      if (appDataEnv == null) {
-        throw new UncheckedIOException(
-            new FileNotFoundException(
-                "APPDATA environment variable is not set; cannot locate the well-known"
-                    + " credentials file on Windows."));
-      }
+      if (appDataEnv == null || appDataEnv.trim().isEmpty()) {
+        throw new UncheckedIOException(
+            new FileNotFoundException(
+                "APPDATA environment variable is not set or empty; cannot locate the well-known"
+                    + " credentials file on Windows."));
+      }
+      File appDataPath = new File(appDataEnv);
       cloudConfigPath = new File(appDataPath, provider.CLOUDSDK_CONFIG_DIRECTORY);
     } else {
       File configPath = new File(provider.getProperty("user.home", ""), ".config");

@@ -33,12 +33,31 @@
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.UncheckedIOException;
 import org.junit.jupiter.api.Test;
 
 class GoogleAuthUtilsTest {
 
+  @Test
+  void getWellKnownCredentialsFile_windows_nullAppData_throwsUncheckedIOException() {
+    DefaultCredentialsProviderTest.TestDefaultCredentialsProvider provider =
+        new DefaultCredentialsProviderTest.TestDefaultCredentialsProvider();
+    provider.setProperty("os.name", "windows");
+    // APPDATA is intentionally not set, so getEnv("APPDATA") returns null
+
+    UncheckedIOException thrown =
+        assertThrows(
+            UncheckedIOException.class,
+            () -> GoogleAuthUtils.getWellKnownCredentialsFile(provider));
+    assertTrue(thrown.getCause() instanceof FileNotFoundException);
+    assertTrue(thrown.getCause().getMessage().contains("APPDATA"));
+  }
+
   @Test
   void getWellKnownCredentialsPath_correct() {
     DefaultCredentialsProvider provider =