Implement sia provider for client assertion use cases for fetching access tokens

[havetisyan]

Description

When fetching access tokens with using client assertion (jwt), there was no way for the client to automatically cache the access tokens since the assertion was provided as part of the access token call. We defined a couple of new methods in the ServiceIdentityProvider that would return the client assertion type and value (jwt) automatically based on either the private key or shared secret specified. It simplifies the use of zts client in these scenario.

The test example code has been updated to show how it can be used to fetch access tokens.

Contribution Checklist:

• The pull request does not introduce any breaking changes
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Attach Screenshots (Optional)

[gemini-code-assist]

Summary of Changes

Hello @havetisyan, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant improvement for clients fetching access tokens using client assertions (JWTs) by providing a mechanism for automatic JWT generation. Previously, clients had to manually handle the assertion process, which complicated caching. The new ServiceIdentityProvider implementations (ServiceIdentityJWTPrivateKeyProvider and ServiceIdentityJWTSecretProvider) abstract this complexity, allowing the ZTS client to automatically generate and manage JWTs based on configured private keys or shared secrets. This change simplifies client-side integration and enhances the efficiency of access token retrieval and caching.

Highlights

• New Client Assertion Providers: Introduced ServiceIdentityJWTPrivateKeyProvider and ServiceIdentityJWTSecretProvider to automatically generate JWT client assertions using private keys or shared secrets, respectively, simplifying the process of obtaining access tokens.
• Enhanced OAuthTokenRequestBuilder: The OAuthTokenRequestBuilder now supports a clientAssertionProvider interface, allowing for dynamic generation of client assertion types and values, which streamlines access token requests.
• Updated ZTS Client Example: The ZTSTLSClientAccessToken example has been updated to demonstrate how to fetch access tokens using the newly implemented client assertion providers, showcasing their practical application.
• Improved Caching Logic: The getCacheKey method in OAuthTokenRequestBuilder has been updated to incorporate the clientAssertionProvider or a hashed client assertion value for more accurate caching of access tokens.
• ServiceIdentityProvider Extension: The ServiceIdentityProvider interface has been extended with default methods getClientAssertionType() and getClientAssertionValue() to support client assertion use cases, providing a standardized way for identity providers to offer assertion details.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces significant enhancements by implementing ServiceIdentityProvider for client assertion use cases, allowing for automatic caching of access tokens when using JWT-based client assertions. This simplifies the use of the ZTS client in such scenarios. The changes include new ServiceIdentityJWTPrivateKeyProvider and ServiceIdentityJWTSecretProvider classes, updates to OAuthTokenRequestBuilder to integrate these providers, and corresponding example and test code modifications. The addition of commons-codec dependency is appropriate for hashing client assertions in cache keys. Overall, the implementation looks solid and addresses the described problem effectively.