fix(bqjdbc): add default OAuth client id/secret#12946
Merged
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces default OAuth client credentials in BigQueryJdbcUrlUtility and updates the DataSource getters to return these defaults when values are missing. It also includes a new test case to verify the default behavior. Feedback highlights that applying these defaults unconditionally may conflict with other authentication types and recommends using trim().isEmpty() for more robust string validation. Additionally, hardcoding credentials in the source code was identified as a security risk.
keshavdandeva
approved these changes
Apr 29, 2026
…gle/cloud/bigquery/jdbc/DataSource.java Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
…gle/cloud/bigquery/jdbc/DataSource.java Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
This was referenced May 5, 2026
jinseopkim0
added a commit
that referenced
this pull request
May 5, 2026
🤖 I have created a release *beep* *boop* --- <details><summary>1.86.0</summary> ## [1.86.0](v1.85.0...v1.86.0) (2026-05-05) ### Features * [aiplatform] Add asyncQueryReasoningEngine to aiplatform v1 API ([a1ab487](a1ab487)) * [aiplatform] Add asyncQueryReasoningEngine to aiplatform v1beta1 ([a1ab487](a1ab487)) * [aiplatform] add OnlineEvaluator API and update Evaluation API ([a1ab487](a1ab487)) * [aiplatform] Model Registry CopyModel BYOSA ([531942b](531942b)) * [aiplatform] new field CopyModelRequest.custome_service_account ([531942b](531942b)) * [aiplatform] Support VeoLoraTuningSpec in the tuning jobs ([a1ab487](a1ab487)) * [analytics-admin] add UserProvidedDataSettings resource and ([a1ab487](a1ab487)) * [bigqueryreservation] add principal field to BigQuery Reservation ([531942b](531942b)) * [ces] Add ability to specify mocked tool responses in ExecuteTool ([a1ab487](a1ab487)) * [chat] Addition of ChatService.FindGroupChats ([a1ab487](a1ab487)) * [compute] Update Compute Engine v1 API to revision 20260331 ([d3b76d9](d3b76d9)) * [health] new module for health ([#12993](#12993)) ([d568a8c](d568a8c)) * [iam] new iam v3beta client for AccessPolicies, this is step 4&5 ([a1ab487](a1ab487)) * [mapmanagement] new module for mapmanagement ([#12874](#12874)) ([0720279](0720279)) * [modelarmor] add streaming methods StreamSanitizeUserPrompt and ([a1ab487](a1ab487)) * [netapp] add ScaleType for Storage Pools and LargeCapacityConfig ([a1ab487](a1ab487)) * [redis-cluster] [Memorystore for Redis Cluster] Updating new node ([d3b76d9](d3b76d9)) * [redis-cluster][Memorystore for Redis Cluster] Updating new node ([d3b76d9](d3b76d9)) * [shopping-merchant-products] a new optional field `video_links` is ([a1ab487](a1ab487)) * [shopping-merchant-reports] add `store_type` to ([d3b76d9](d3b76d9)) * [valkey] [Memorystore for Valkey] Updating new node types added ([d3b76d9](d3b76d9)) * [valkey] [Memorystore for Valkey] Updating new node types added ([d3b76d9](d3b76d9)) * [vectorsearch] Added CMEK support ([531942b](531942b)) * **bqjdbc:** Bypass dry-run job for read-only tokens. ([#12961](#12961)) ([cd57169](cd57169)) * **bqjdbc:** Integrate the PerConnectionFileHandler with BigQueryJdbcRootLogger ([#12933](#12933)) ([2e56184](2e56184)) * **bqjdbc:** Per connection logs - Add BigQueryJdbcMdc ([#12833](#12833)) ([f562667](f562667)) * **bqjdbc:** Per connection logs - Add PerConnectionFileHandler ([#12899](#12899)) ([5846197](5846197)) * **datastore:** Bump to v3 major version ([#12989](#12989)) ([df20994](df20994)) * **datastore:** Enable Otel metrics for custom Otel ([#12969](#12969)) ([1721e7c](1721e7c)) * **Datastore:** Introduce Client Side Metrics ([#12718](#12718)) ([552a34d](552a34d)) * **datastore:** Remove deprecated classes and methods and bump ObsoleteApi to Deprecated ([#12971](#12971)) ([0bca75c](0bca75c)) * **Datastore:** Swap the default transport from HttpJson to gRPC ([#12977](#12977)) ([24fb234](24fb234)) * **datastore:** Update default channel pool configs to handle initial bursts and scalability ([#12883](#12883)) ([26fe0f9](26fe0f9)) * **gax-grpc:** add configurable resize delta and warning for repeated resizing ([#12838](#12838)) ([2caf026](2caf026)) * **spanner:** add connection properties for min/max RPCs for DCP ([#12951](#12951)) ([dc1216e](dc1216e)) * **spanner:** add connection property for enabling/disabling grpc-gcp ([#12898](#12898)) ([1e633d7](1e633d7)) * **spanner:** add shared endpoint cooldowns for location-aware rerouting ([#12845](#12845)) ([f5f273b](f5f273b)) * **spanner:** Cleanup GcpFallbackChannel creation and enable by default ([#12707](#12707)) ([5251219](5251219)) * **storage:** Implement deleteSourceObjects for Compose Operation ([#12873](#12873)) ([2cecd0c](2cecd0c)) ### Bug Fixes * **bq:** do not call 'getQueryResults' for stateful queries via 'query' api ([#12999](#12999)) ([44e9789](44e9789)) * **bqjdbc:** add default OAuth client id/secret ([#12946](#12946)) ([9b5c4fa](9b5c4fa)) * **bqjdbc:** add Google Driver scope to all credential types ([#12847](#12847)) ([5c890f8](5c890f8)) * **bqjdbc:** enhance logging with caller inference and explicit exception tracking ([#12903](#12903)) ([ce4969b](ce4969b)) * **bqjdbc:** Log exception messages - part 2 ([#12907](#12907)) ([5215b11](5215b11)) * **bqjdbc:** Log exception messages - part 3 ([#12920](#12920)) ([45b572f](45b572f)) * **bqjdbc:** metadata methods & getSqlTypeName for struct ([#12947](#12947)) ([37555fb](37555fb)) * **bqjdbc:** optimize formatter in BigQueryJdbcRootLogger ([#12877](#12877)) ([4233faf](4233faf)) * **bqjdbc:** Revert DatabaseMetaData field to be non-static in BigQueryConnection ([#12778](#12778)) ([ac69c8d](ac69c8d)) * **bqjdbc:** support Service Account Impersonation in ADC ([#12967](#12967)) ([8ce183c](8ce183c)) * bump vectorsearch to 0.13.0 for partial release ([#12805](#12805)) ([5208fc9](5208fc9)) * **ci:** update java-showcase path in excluded_modules ([#12984](#12984)) ([3456ee9](3456ee9)) * correct build directory paths in graalvm cloudbuild.yaml ([#12794](#12794)) ([8e6ba36](8e6ba36)) * **datastore:** Create a plaintext gRPC transport channel when using the Emulator ([#12721](#12721)) ([4bed8fd](4bed8fd)) * **datastore:** Update initial ChannelPool configs according to Datastore best practice guide ([#12919](#12919)) ([851fb89](851fb89)) * **deps:** update the Java code generator (gapic-generator-java) to ([531942b](531942b)) * do not generate Version.java files by default ([#12955](#12955)) ([43a888a](43a888a)) * **gax:** record fractional latency metrics ([#12979](#12979)) ([d690333](d690333)) * **gax:** Remove strict validation that resize delta must be less than max channel count ([#12863](#12863)) ([26b06f9](26b06f9)) * **generator:** use json_name when available ([#12940](#12940)) ([622955b](622955b)) * manual preservation of Version.java files ([#12862](#12862)) ([3d65c78](3d65c78)) * remove google/rpc exclusion to generate HttpResponse ([#12992](#12992)) ([24b1719](24b1719)) * **spanner:** fix flakiness and race conditions in multiplexed session tests ([#12949](#12949)) ([3e02f18](3e02f18)) * **spanner:** fix flakiness in testCreateSessionDeadlineExceeded ([#12944](#12944)) ([93f21ed](93f21ed)) * Update renovate config check template to use npx ([#12865](#12865)) ([b974740](b974740)) * use org.junit.jupiter.api.Assertions.assertThrow ([#12882](#12882)) ([bf243a6](bf243a6)) ### Performance Improvements * **spanner:** use StringBuilder for generating RequestId ([#12809](#12809)) ([5c821a3](5c821a3)) ### Dependencies * upgrade opentelemetry ([#12953](#12953)) ([522e05b](522e05b)) ### Documentation * [cloudsecuritycompliance] Updated docs for the APIs ([a1ab487](a1ab487)) * [kms] Update the comment for duration value ([a1ab487](a1ab487)) * [saasservicemgmt] rebrand from "SaaS Runtime" to "App Lifecycle ([a1ab487](a1ab487)) * Add a guide on configuring ChannelPools for gRPC ([#12905](#12905)) ([ea081fe](ea081fe)) * update bazel targets in DEVELOPMENT.md to point to sdk-platform-java ([#12844](#12844)) ([4568284](4568284)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Jin Seop Kim <jinseop@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
b/500714643
This OAuth ClientId/Secret is used also by BQ CLI and other drivers, so this is not a real "secret" (e.g. can be found in BQ CLI
pyfiles).