googleauth 0.8.0 → 0.8.1

data/lib/googleauth/credentials_loader.rb

@@ -27,9 +27,9 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'memoist'
-require 'os'
-require 'rbconfig'
+require "memoist"
+require "os"
+require "rbconfig"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
@@ -39,47 +39,45 @@ module Google
     # credentials files on the file system.
     module CredentialsLoader
       extend Memoist
-      ENV_VAR                   = 'GOOGLE_APPLICATION_CREDENTIALS'.freeze
-      PRIVATE_KEY_VAR           = 'GOOGLE_PRIVATE_KEY'.freeze
-      CLIENT_EMAIL_VAR          = 'GOOGLE_CLIENT_EMAIL'.freeze
-      CLIENT_ID_VAR             = 'GOOGLE_CLIENT_ID'.freeze
-      CLIENT_SECRET_VAR         = 'GOOGLE_CLIENT_SECRET'.freeze
-      REFRESH_TOKEN_VAR         = 'GOOGLE_REFRESH_TOKEN'.freeze
-      ACCOUNT_TYPE_VAR          = 'GOOGLE_ACCOUNT_TYPE'.freeze
-      PROJECT_ID_VAR            = 'GOOGLE_PROJECT_ID'.freeze
-      GCLOUD_POSIX_COMMAND      = 'gcloud'.freeze
-      GCLOUD_WINDOWS_COMMAND    = 'gcloud.cmd'.freeze
-      GCLOUD_CONFIG_COMMAND     = 'config config-helper --format json'.freeze
-
-      CREDENTIALS_FILE_NAME = 'application_default_credentials.json'.freeze
+      ENV_VAR                   = "GOOGLE_APPLICATION_CREDENTIALS".freeze
+      PRIVATE_KEY_VAR           = "GOOGLE_PRIVATE_KEY".freeze
+      CLIENT_EMAIL_VAR          = "GOOGLE_CLIENT_EMAIL".freeze
+      CLIENT_ID_VAR             = "GOOGLE_CLIENT_ID".freeze
+      CLIENT_SECRET_VAR         = "GOOGLE_CLIENT_SECRET".freeze
+      REFRESH_TOKEN_VAR         = "GOOGLE_REFRESH_TOKEN".freeze
+      ACCOUNT_TYPE_VAR          = "GOOGLE_ACCOUNT_TYPE".freeze
+      PROJECT_ID_VAR            = "GOOGLE_PROJECT_ID".freeze
+      GCLOUD_POSIX_COMMAND      = "gcloud".freeze
+      GCLOUD_WINDOWS_COMMAND    = "gcloud.cmd".freeze
+      GCLOUD_CONFIG_COMMAND     = "config config-helper --format json".freeze
+
+      CREDENTIALS_FILE_NAME = "application_default_credentials.json".freeze
       NOT_FOUND_ERROR =
         "Unable to read the credential file specified by #{ENV_VAR}".freeze
       WELL_KNOWN_PATH = "gcloud/#{CREDENTIALS_FILE_NAME}".freeze
-      WELL_KNOWN_ERROR = 'Unable to read the default credential file'.freeze
+      WELL_KNOWN_ERROR = "Unable to read the default credential file".freeze
 
       SYSTEM_DEFAULT_ERROR =
-        'Unable to read the system default credential file'.freeze
+        "Unable to read the system default credential file".freeze
 
-      CLOUD_SDK_CLIENT_ID = '764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app'\
-        's.googleusercontent.com'.freeze
+      CLOUD_SDK_CLIENT_ID = "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.app"\
+        "s.googleusercontent.com".freeze
 
-      CLOUD_SDK_CREDENTIALS_WARNING = 'Your application has authenticated '\
-        'using end user credentials from Google Cloud SDK. We recommend that '\
-        'most server applications use service accounts instead. If your '\
-        'application continues to use end user credentials from Cloud SDK, '\
+      CLOUD_SDK_CREDENTIALS_WARNING = "Your application has authenticated "\
+        "using end user credentials from Google Cloud SDK. We recommend that "\
+        "most server applications use service accounts instead. If your "\
+        "application continues to use end user credentials from Cloud SDK, "\
         'you might receive a "quota exceeded" or "API not enabled" error. For'\
-        ' more information about service accounts, see '\
-        'https://cloud.google.com/docs/authentication/.'.freeze
+        " more information about service accounts, see "\
+        "https://cloud.google.com/docs/authentication/.".freeze
 
       # make_creds proxies the construction of a credentials instance
       #
       # By default, it calls #new on the current class, but this behaviour can
       # be modified, allowing different instances to be created.
-      def make_creds(*args)
+      def make_creds *args
         creds = new(*args)
-        if creds.respond_to?(:configure_connection) && args.size == 1
-          creds = creds.configure_connection(args[0])
-        end
+        creds = creds.configure_connection args[0] if creds.respond_to?(:configure_connection) && args.size == 1
         creds
       end
 
@@ -95,16 +93,16 @@ module Google
       #     The following keys are recognized:
       #     * `:default_connection` The connection object to use.
       #     * `:connection_builder` A `Proc` that returns a connection.
-      def from_env(scope = nil, options = {})
+      def from_env scope = nil, options = {}
         options = interpret_options scope, options
-        if ENV.key?(ENV_VAR)
+        if ENV.key?(ENV_VAR) && !ENV[ENV_VAR].empty?
           path = ENV[ENV_VAR]
-          raise "file #{path} does not exist" unless File.exist?(path)
-          File.open(path) do |f|
-            return make_creds(options.merge(json_key_io: f))
+          raise "file #{path} does not exist" unless File.exist? path
+          File.open path do |f|
+            return make_creds options.merge(json_key_io: f)
           end
         elsif service_account_env_vars? || authorized_user_env_vars?
-          return make_creds(options)
+          return make_creds options
         end
       rescue StandardError => e
         raise "#{NOT_FOUND_ERROR}: #{e}"
@@ -121,16 +119,16 @@ module Google
       #     The following keys are recognized:
       #     * `:default_connection` The connection object to use.
       #     * `:connection_builder` A `Proc` that returns a connection.
-      def from_well_known_path(scope = nil, options = {})
+      def from_well_known_path scope = nil, options = {}
         options = interpret_options scope, options
-        home_var = OS.windows? ? 'APPDATA' : 'HOME'
+        home_var = OS.windows? ? "APPDATA" : "HOME"
         base = WELL_KNOWN_PATH
-        root = ENV[home_var].nil? ? '' : ENV[home_var]
-        base = File.join('.config', base) unless OS.windows?
-        path = File.join(root, base)
-        return nil unless File.exist?(path)
-        File.open(path) do |f|
-          return make_creds(options.merge(json_key_io: f))
+        root = ENV[home_var].nil? ? "" : ENV[home_var]
+        base = File.join ".config", base unless OS.windows?
+        path = File.join root, base
+        return nil unless File.exist? path
+        File.open path do |f|
+          return make_creds options.merge(json_key_io: f)
         end
       rescue StandardError => e
         raise "#{WELL_KNOWN_ERROR}: #{e}"
@@ -147,61 +145,60 @@ module Google
       #     The following keys are recognized:
       #     * `:default_connection` The connection object to use.
       #     * `:connection_builder` A `Proc` that returns a connection.
-      def from_system_default_path(scope = nil, options = {})
+      def from_system_default_path scope = nil, options = {}
         options = interpret_options scope, options
         if OS.windows?
-          return nil unless ENV['ProgramData']
-          prefix = File.join(ENV['ProgramData'], 'Google/Auth')
+          return nil unless ENV["ProgramData"]
+          prefix = File.join ENV["ProgramData"], "Google/Auth"
         else
-          prefix = '/etc/google/auth/'
+          prefix = "/etc/google/auth/"
         end
-        path = File.join(prefix, CREDENTIALS_FILE_NAME)
-        return nil unless File.exist?(path)
-        File.open(path) do |f|
-          return make_creds(options.merge(json_key_io: f))
+        path = File.join prefix, CREDENTIALS_FILE_NAME
+        return nil unless File.exist? path
+        File.open path do |f|
+          return make_creds options.merge(json_key_io: f)
         end
       rescue StandardError => e
         raise "#{SYSTEM_DEFAULT_ERROR}: #{e}"
       end
 
+      module_function
+
       # Issues warning if cloud sdk client id is used
-      def warn_if_cloud_sdk_credentials(client_id)
+      def warn_if_cloud_sdk_credentials client_id
         warn CLOUD_SDK_CREDENTIALS_WARNING if client_id == CLOUD_SDK_CLIENT_ID
       end
-      module_function :warn_if_cloud_sdk_credentials
 
       # Finds project_id from gcloud CLI configuration
       def load_gcloud_project_id
         gcloud = GCLOUD_WINDOWS_COMMAND if OS.windows?
         gcloud = GCLOUD_POSIX_COMMAND unless OS.windows?
-        config = MultiJson.load(`#{gcloud} #{GCLOUD_CONFIG_COMMAND}`)
-        config['configuration']['properties']['core']['project']
-      rescue
+        gcloud_json = IO.popen("#{gcloud} #{GCLOUD_CONFIG_COMMAND}", &:read)
+        config = MultiJson.load gcloud_json
+        config["configuration"]["properties"]["core"]["project"]
+      rescue StandardError
         nil
       end
-      module_function :load_gcloud_project_id
 
       private
 
-      def interpret_options(scope, options)
+      def interpret_options scope, options
         if scope.is_a? Hash
           options = scope
           scope = nil
         end
-        if scope && !options[:scope]
-          options.merge(scope: scope)
-        else
-          options
-        end
+        return options.merge scope: scope if scope && !options[:scope]
+        options
       end
 
       def service_account_env_vars?
-        ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty?
+        ([PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR] - ENV.keys).empty? &&
+          !ENV.to_h.fetch_values(PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR).join(" ").empty?
       end
 
       def authorized_user_env_vars?
-        ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] -
-          ENV.keys).empty?
+        ([CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR] - ENV.keys).empty? &&
+          !ENV.to_h.fetch_values(CLIENT_ID_VAR, CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR).join(" ").empty?
       end
     end
   end

data/lib/googleauth/default_credentials.rb

@@ -27,12 +27,12 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'multi_json'
-require 'stringio'
+require "multi_json"
+require "stringio"
 
-require 'googleauth/credentials_loader'
-require 'googleauth/service_account'
-require 'googleauth/user_refresh'
+require "googleauth/credentials_loader"
+require "googleauth/service_account"
+require "googleauth/user_refresh"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
@@ -45,17 +45,17 @@ module Google
 
       # override CredentialsLoader#make_creds to use the class determined by
       # loading the json.
-      def self.make_creds(options = {})
+      def self.make_creds options = {}
         json_key_io = options[:json_key_io]
         if json_key_io
-          json_key, clz = determine_creds_class(json_key_io)
-          warn_if_cloud_sdk_credentials json_key['client_id']
-          io = StringIO.new(MultiJson.dump(json_key))
-          clz.make_creds(options.merge(json_key_io: io))
+          json_key, clz = determine_creds_class json_key_io
+          warn_if_cloud_sdk_credentials json_key["client_id"]
+          io = StringIO.new MultiJson.dump(json_key)
+          clz.make_creds options.merge(json_key_io: io)
         else
           warn_if_cloud_sdk_credentials ENV[CredentialsLoader::CLIENT_ID_VAR]
           clz = read_creds
-          clz.make_creds(options)
+          clz.make_creds options
         end
       end
 
@@ -64,9 +64,9 @@ module Google
         type = ENV[env_var]
         raise "#{env_var} is undefined in env" unless type
         case type
-        when 'service_account'
+        when "service_account"
           ServiceAccountCredentials
-        when 'authorized_user'
+        when "authorized_user"
           UserRefreshCredentials
         else
           raise "credentials type '#{type}' is not supported"
@@ -74,15 +74,15 @@ module Google
       end
 
       # Reads the input json and determines which creds class to use.
-      def self.determine_creds_class(json_key_io)
+      def self.determine_creds_class json_key_io
         json_key = MultiJson.load json_key_io.read
-        key = 'type'
-        raise "the json is missing the '#{key}' field" unless json_key.key?(key)
+        key = "type"
+        raise "the json is missing the '#{key}' field" unless json_key.key? key
         type = json_key[key]
         case type
-        when 'service_account'
+        when "service_account"
           [json_key, ServiceAccountCredentials]
-        when 'authorized_user'
+        when "authorized_user"
           [json_key, UserRefreshCredentials]
         else
           raise "credentials type '#{type}' is not supported"

data/lib/googleauth/iam.rb

@@ -27,9 +27,9 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'googleauth/signet'
-require 'googleauth/credentials_loader'
-require 'multi_json'
+require "googleauth/signet"
+require "googleauth/credentials_loader"
+require "multi_json"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
@@ -37,14 +37,14 @@ module Google
   module Auth
     # Authenticates requests using IAM credentials.
     class IAMCredentials
-      SELECTOR_KEY = 'x-goog-iam-authority-selector'.freeze
-      TOKEN_KEY = 'x-goog-iam-authorization-token'.freeze
+      SELECTOR_KEY = "x-goog-iam-authority-selector".freeze
+      TOKEN_KEY = "x-goog-iam-authorization-token".freeze
 
       # Initializes an IAMCredentials.
       #
       # @param selector the IAM selector.
       # @param token the IAM token.
-      def initialize(selector, token)
+      def initialize selector, token
         raise TypeError unless selector.is_a? String
         raise TypeError unless token.is_a? String
         @selector = selector
@@ -52,16 +52,16 @@ module Google
       end
 
       # Adds the credential fields to the hash.
-      def apply!(a_hash)
+      def apply! a_hash
         a_hash[SELECTOR_KEY] = @selector
         a_hash[TOKEN_KEY] = @token
         a_hash
       end
 
       # Returns a clone of a_hash updated with the authoriation header
-      def apply(a_hash)
+      def apply a_hash
         a_copy = a_hash.clone
-        apply!(a_copy)
+        apply! a_copy
         a_copy
       end
 

data/lib/googleauth/json_key_reader.rb

@@ -34,12 +34,12 @@ module Google
     # JsonKeyReader contains the behaviour used to read private key and
     # client email fields from the service account
     module JsonKeyReader
-      def read_json_key(json_key_io)
-        json_key = MultiJson.load(json_key_io.read)
-        raise 'missing client_email' unless json_key.key?('client_email')
-        raise 'missing private_key' unless json_key.key?('private_key')
-        project_id = json_key['project_id']
-        [json_key['private_key'], json_key['client_email'], project_id]
+      def read_json_key json_key_io
+        json_key = MultiJson.load json_key_io.read
+        raise "missing client_email" unless json_key.key? "client_email"
+        raise "missing private_key" unless json_key.key? "private_key"
+        project_id = json_key["project_id"]
+        [json_key["private_key"], json_key["client_email"], project_id]
       end
     end
   end

data/lib/googleauth/scope_util.rb

@@ -27,33 +27,33 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'googleauth/signet'
-require 'googleauth/credentials_loader'
-require 'multi_json'
+require "googleauth/signet"
+require "googleauth/credentials_loader"
+require "multi_json"
 
 module Google
   module Auth
     # Small utility for normalizing scopes into canonical form
     module ScopeUtil
       ALIASES = {
-        'email' => 'https://www.googleapis.com/auth/userinfo.email',
-        'profile' => 'https://www.googleapis.com/auth/userinfo.profile',
-        'openid' => 'https://www.googleapis.com/auth/plus.me'
+        "email"   => "https://www.googleapis.com/auth/userinfo.email",
+        "profile" => "https://www.googleapis.com/auth/userinfo.profile",
+        "openid"  => "https://www.googleapis.com/auth/plus.me"
       }.freeze
 
-      def self.normalize(scope)
-        list = as_array(scope)
+      def self.normalize scope
+        list = as_array scope
         list.map { |item| ALIASES[item] || item }
       end
 
-      def self.as_array(scope)
+      def self.as_array scope
         case scope
         when Array
           scope
         when String
-          scope.split(' ')
+          scope.split " "
         else
-          raise 'Invalid scope value. Must be string or array'
+          raise "Invalid scope value. Must be string or array"
         end
       end
     end

data/lib/googleauth/service_account.rb

@@ -27,12 +27,12 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'googleauth/signet'
-require 'googleauth/credentials_loader'
-require 'googleauth/json_key_reader'
-require 'jwt'
-require 'multi_json'
-require 'stringio'
+require "googleauth/signet"
+require "googleauth/credentials_loader"
+require "googleauth/json_key_reader"
+require "jwt"
+require "multi_json"
+require "stringio"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
@@ -47,7 +47,7 @@ module Google
     #
     # cf [Application Default Credentials](http://goo.gl/mkAHpZ)
     class ServiceAccountCredentials < Signet::OAuth2::Client
-      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
+      TOKEN_CRED_URI = "https://www.googleapis.com/oauth2/v4/token".freeze
       extend CredentialsLoader
       extend JsonKeyReader
       attr_reader :project_id
@@ -56,10 +56,10 @@ module Google
       #
       # @param json_key_io [IO] an IO from which the JSON key can be read
       # @param scope [string|array|nil] the scope(s) to access
-      def self.make_creds(options = {})
-        json_key_io, scope = options.values_at(:json_key_io, :scope)
+      def self.make_creds options = {}
+        json_key_io, scope = options.values_at :json_key_io, :scope
         if json_key_io
-          private_key, client_email, project_id = read_json_key(json_key_io)
+          private_key, client_email, project_id = read_json_key json_key_io
         else
           private_key = unescape ENV[CredentialsLoader::PRIVATE_KEY_VAR]
           client_email = ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
@@ -68,26 +68,26 @@ module Google
         project_id ||= CredentialsLoader.load_gcloud_project_id
 
         new(token_credential_uri: TOKEN_CRED_URI,
-            audience: TOKEN_CRED_URI,
-            scope: scope,
-            issuer: client_email,
-            signing_key: OpenSSL::PKey::RSA.new(private_key),
-            project_id: project_id)
+            audience:             TOKEN_CRED_URI,
+            scope:                scope,
+            issuer:               client_email,
+            signing_key:          OpenSSL::PKey::RSA.new(private_key),
+            project_id:           project_id)
           .configure_connection(options)
       end
 
       # Handles certain escape sequences that sometimes appear in input.
       # Specifically, interprets the "\n" sequence for newline, and removes
       # enclosing quotes.
-      def self.unescape(str)
+      def self.unescape str
         str = str.gsub '\n', "\n"
         str = str[1..-2] if str.start_with?('"') && str.end_with?('"')
         str
       end
 
-      def initialize(options = {})
+      def initialize options = {}
         @project_id = options[:project_id]
-        super(options)
+        super options
       end
 
       # Extends the base class.
@@ -95,7 +95,7 @@ module Google
       # If scope(s) is not set, it creates a transient
       # ServiceAccountJwtHeaderCredentials instance and uses that to
       # authenticate instead.
-      def apply!(a_hash, opts = {})
+      def apply! a_hash, opts = {}
         # Use the base implementation if scopes are set
         unless scope.nil?
           super
@@ -105,13 +105,13 @@ module Google
         # Use the ServiceAccountJwtHeaderCredentials using the same cred values
         # if no scopes are set.
         cred_json = {
-          private_key: @signing_key.to_s,
+          private_key:  @signing_key.to_s,
           client_email: @issuer
         }
         alt_clz = ServiceAccountJwtHeaderCredentials
-        key_io = StringIO.new(MultiJson.dump(cred_json))
-        alt = alt_clz.make_creds(json_key_io: key_io)
-        alt.apply!(a_hash)
+        key_io = StringIO.new MultiJson.dump(cred_json)
+        alt = alt_clz.make_creds json_key_io: key_io
+        alt.apply! a_hash
       end
     end
 
@@ -127,8 +127,8 @@ module Google
     class ServiceAccountJwtHeaderCredentials
       JWT_AUD_URI_KEY = :jwt_aud_uri
       AUTH_METADATA_KEY = Signet::OAuth2::AUTH_METADATA_KEY
-      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
-      SIGNING_ALGORITHM = 'RS256'.freeze
+      TOKEN_CRED_URI = "https://www.googleapis.com/oauth2/v4/token".freeze
+      SIGNING_ALGORITHM = "RS256".freeze
       EXPIRY = 60
       extend CredentialsLoader
       extend JsonKeyReader
@@ -141,43 +141,43 @@ module Google
       # By default, it calls #new with 2 args, the second one being an
       # optional scope. Here's the constructor only has one param, so
       # we modify make_creds to reflect this.
-      def self.make_creds(*args)
-        new(json_key_io: args[0][:json_key_io])
+      def self.make_creds *args
+        new json_key_io: args[0][:json_key_io]
       end
 
       # Initializes a ServiceAccountJwtHeaderCredentials.
       #
       # @param json_key_io [IO] an IO from which the JSON key can be read
-      def initialize(options = {})
+      def initialize options = {}
         json_key_io = options[:json_key_io]
         if json_key_io
           @private_key, @issuer, @project_id =
-            self.class.read_json_key(json_key_io)
+            self.class.read_json_key json_key_io
         else
           @private_key = ENV[CredentialsLoader::PRIVATE_KEY_VAR]
           @issuer = ENV[CredentialsLoader::CLIENT_EMAIL_VAR]
           @project_id = ENV[CredentialsLoader::PROJECT_ID_VAR]
         end
         @project_id ||= CredentialsLoader.load_gcloud_project_id
-        @signing_key = OpenSSL::PKey::RSA.new(@private_key)
+        @signing_key = OpenSSL::PKey::RSA.new @private_key
       end
 
       # Construct a jwt token if the JWT_AUD_URI key is present in the input
       # hash.
       #
       # The jwt token is used as the value of a 'Bearer '.
-      def apply!(a_hash, opts = {})
-        jwt_aud_uri = a_hash.delete(JWT_AUD_URI_KEY)
+      def apply! a_hash, opts = {}
+        jwt_aud_uri = a_hash.delete JWT_AUD_URI_KEY
         return a_hash if jwt_aud_uri.nil?
-        jwt_token = new_jwt_token(jwt_aud_uri, opts)
+        jwt_token = new_jwt_token jwt_aud_uri, opts
         a_hash[AUTH_METADATA_KEY] = "Bearer #{jwt_token}"
         a_hash
       end
 
       # Returns a clone of a_hash updated with the authoriation header
-      def apply(a_hash, opts = {})
+      def apply a_hash, opts = {}
         a_copy = a_hash.clone
-        apply!(a_copy, opts)
+        apply! a_copy, opts
         a_copy
       end
 
@@ -190,17 +190,17 @@ module Google
       protected
 
       # Creates a jwt uri token.
-      def new_jwt_token(jwt_aud_uri, options = {})
+      def new_jwt_token jwt_aud_uri, options = {}
         now = Time.new
         skew = options[:skew] || 60
         assertion = {
-          'iss' => @issuer,
-          'sub' => @issuer,
-          'aud' => jwt_aud_uri,
-          'exp' => (now + EXPIRY).to_i,
-          'iat' => (now - skew).to_i
+          "iss" => @issuer,
+          "sub" => @issuer,
+          "aud" => jwt_aud_uri,
+          "exp" => (now + EXPIRY).to_i,
+          "iat" => (now - skew).to_i
         }
-        JWT.encode(assertion, @signing_key, SIGNING_ALGORITHM)
+        JWT.encode assertion, @signing_key, SIGNING_ALGORITHM
       end
     end
   end