From b3f2197051e342278b80c6f3d69172abf007fd87 Mon Sep 17 00:00:00 2001
From: Cody Oss <codyoss@google.com>
Date: Tue, 29 Jun 2021 12:50:58 -0500
Subject: [PATCH 1/2] fix(internal): fix self-signed detection with scopes

Fixes: #1092
---
 internal/creds.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/creds.go b/internal/creds.go
index 9cb2b74c0ed..56b4e1b1c58 100644
--- a/internal/creds.go
+++ b/internal/creds.go
@@ -99,7 +99,7 @@ func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*g
 }
 
 func isSelfSignedJWTFlow(data []byte, ds *DialSettings) (bool, error) {
-	if (ds.EnableJwtWithScope || ds.HasCustomAudience() || len(ds.GetScopes()) == 0) &&
+	if ((ds.EnableJwtWithScope && len(ds.GetScopes()) > 0) || ds.HasCustomAudience()) &&
 		ds.ImpersonationConfig == nil {
 		// Check if JSON is a service account and if so create a self-signed JWT.
 		var f struct {

From 2382681ea6935a239a9a398f0e72f883c7728cd7 Mon Sep 17 00:00:00 2001
From: Cody Oss <codyoss@google.com>
Date: Tue, 29 Jun 2021 13:10:01 -0500
Subject: [PATCH 2/2] light refactor

---
 internal/creds.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/creds.go b/internal/creds.go
index 56b4e1b1c58..855604b75df 100644
--- a/internal/creds.go
+++ b/internal/creds.go
@@ -99,7 +99,7 @@ func credentialsFromJSON(ctx context.Context, data []byte, ds *DialSettings) (*g
 }
 
 func isSelfSignedJWTFlow(data []byte, ds *DialSettings) (bool, error) {
-	if ((ds.EnableJwtWithScope && len(ds.GetScopes()) > 0) || ds.HasCustomAudience()) &&
+	if (ds.EnableJwtWithScope || ds.HasCustomAudience()) &&
 		ds.ImpersonationConfig == nil {
 		// Check if JSON is a service account and if so create a self-signed JWT.
 		var f struct {