oauth2: Deep copy context client in NewClient

abeltay · gopherbot · commit 0042180b24f3 · 2025-03-03T12:46:08.000-08:00
OAuth2 client creation currently doesn't faithfully reuse the client passed into the context. This causes config settings such as timeout to be set to Default and may end up to be a gotcha for anyone who sends in a context client with timeout set assuming that the timeout will be copied to the new client. Fix: #368 Change-Id: I4f5f052361ebe07f50fbd694379892833cd1056c Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/180920 Auto-Submit: Sean Liao <sean@liao.dev> Reviewed-by: Sean Liao <sean@liao.dev> Reviewed-by: Junyang Shao <shaojunyang@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com>
diff --git a/oauth2.go b/oauth2.go
@@ -356,11 +356,15 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client {
 	if src == nil {
 		return internal.ContextClient(ctx)
 	}
+	cc := internal.ContextClient(ctx)
 	return &http.Client{
 		Transport: &Transport{
-			Base:   internal.ContextClient(ctx).Transport,
+			Base:   cc.Transport,
 			Source: ReuseTokenSource(nil, src),
 		},
+		CheckRedirect: cc.CheckRedirect,
+		Jar:           cc.Jar,
+		Timeout:       cc.Timeout,
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -356,11 +356,15 @@ func NewClient(ctx context.Context, src TokenSource) *http.Client {`
`356`	`356`	`if src == nil {`
`357`	`357`	`return internal.ContextClient(ctx)`
`358`	`358`	`}`
	`359`	`+ cc := internal.ContextClient(ctx)`
`359`	`360`	`return &http.Client{`
`360`	`361`	`Transport: &Transport{`
`361`		`- Base: internal.ContextClient(ctx).Transport,`
	`362`	`+ Base: cc.Transport,`
`362`	`363`	`Source: ReuseTokenSource(nil, src),`
`363`	`364`	`},`
	`365`	`+ CheckRedirect: cc.CheckRedirect,`
	`366`	`+ Jar: cc.Jar,`
	`367`	`+ Timeout: cc.Timeout,`
`364`	`368`	`}`
`365`	`369`	`}`
`366`	`370`