11 files changed, 43 insertions, 33 deletions

diff --git a/include/grpc++/credentials.h b/include/grpc++/credentials.h
index 0eaaefcbca..a4f1e73118 100644
--- a/include/grpc++/credentials.h
+++ b/include/grpc++/credentials.h
@@ -106,13 +106,13 @@ std::shared_ptr<Credentials> ServiceAccountCredentials(
     const grpc::string& json_key, const grpc::string& scope,
     long token_lifetime_seconds);
 
-// Builds JWT credentials.
+// Builds Service Account JWT Access credentials.
 // json_key is the JSON key string containing the client's private key.
 // token_lifetime_seconds is the lifetime in seconds of each Json Web Token
 // (JWT) created with this credentials. It should not exceed
 // grpc_max_auth_token_lifetime or will be cropped to this value.
-std::shared_ptr<Credentials> JWTCredentials(const grpc::string& json_key,
-                                            long token_lifetime_seconds);
+std::shared_ptr<Credentials> ServiceAccountJWTAccessCredentials(
+    const grpc::string& json_key, long token_lifetime_seconds);
 
 // Builds refresh token credentials.
 // json_refresh_token is the JSON string containing the refresh token along
diff --git a/include/grpc/grpc_security.h b/include/grpc/grpc_security.h
index 37d66c04ae..4dd058063d 100644
--- a/include/grpc/grpc_security.h
+++ b/include/grpc/grpc_security.h
@@ -119,8 +119,8 @@ grpc_credentials *grpc_service_account_credentials_create(
    - token_lifetime is the lifetime of each Json Web Token (JWT) created with
      this credentials.  It should not exceed grpc_max_auth_token_lifetime or
      will be cropped to this value.  */
-grpc_credentials *grpc_jwt_credentials_create(const char *json_key,
-                                              gpr_timespec token_lifetime);
+grpc_credentials *grpc_service_account_jwt_access_credentials_create(
+    const char *json_key, gpr_timespec token_lifetime);
 
 /* Creates an Oauth2 Refresh Token credentials object. May return NULL if the
    input is invalid.
diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index fb59fa4b0e..38612cf308 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -315,7 +315,7 @@ grpc_server_credentials *grpc_ssl_server_credentials_create(
 
 /* -- Jwt credentials -- */
 
-static void jwt_reset_cache(grpc_jwt_credentials *c) {
+static void jwt_reset_cache(grpc_service_account_jwt_access_credentials *c) {
   if (c->cached.jwt_md != NULL) {
     grpc_credentials_md_store_unref(c->cached.jwt_md);
     c->cached.jwt_md = NULL;
@@ -328,7 +328,8 @@ static void jwt_reset_cache(grpc_jwt_credentials *c) {
 }
 
 static void jwt_destroy(grpc_credentials *creds) {
-  grpc_jwt_credentials *c = (grpc_jwt_credentials *)creds;
+  grpc_service_account_jwt_access_credentials *c =
+      (grpc_service_account_jwt_access_credentials *)creds;
   grpc_auth_json_key_destruct(&c->key);
   jwt_reset_cache(c);
   gpr_mu_destroy(&c->cache_mu);
@@ -346,7 +347,8 @@ static void jwt_get_request_metadata(grpc_credentials *creds,
                                      const char *service_url,
                                      grpc_credentials_metadata_cb cb,
                                      void *user_data) {
-  grpc_jwt_credentials *c = (grpc_jwt_credentials *)creds;
+  grpc_service_account_jwt_access_credentials *c =
+      (grpc_service_account_jwt_access_credentials *)creds;
   gpr_timespec refresh_threshold = gpr_time_from_seconds(
       GRPC_SECURE_TOKEN_REFRESH_THRESHOLD_SECS, GPR_TIMESPAN);
 
@@ -399,15 +401,16 @@ static grpc_credentials_vtable jwt_vtable = {
     jwt_destroy, jwt_has_request_metadata, jwt_has_request_metadata_only,
     jwt_get_request_metadata, NULL};
 
-grpc_credentials *grpc_jwt_credentials_create_from_auth_json_key(
+grpc_credentials *
+grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
     grpc_auth_json_key key, gpr_timespec token_lifetime) {
-  grpc_jwt_credentials *c;
+  grpc_service_account_jwt_access_credentials *c;
   if (!grpc_auth_json_key_is_valid(&key)) {
     gpr_log(GPR_ERROR, "Invalid input for jwt credentials creation");
     return NULL;
   }
-  c = gpr_malloc(sizeof(grpc_jwt_credentials));
-  memset(c, 0, sizeof(grpc_jwt_credentials));
+  c = gpr_malloc(sizeof(grpc_service_account_jwt_access_credentials));
+  memset(c, 0, sizeof(grpc_service_account_jwt_access_credentials));
   c->base.type = GRPC_CREDENTIALS_TYPE_JWT;
   gpr_ref_init(&c->base.refcount, 1);
   c->base.vtable = &jwt_vtable;
@@ -418,9 +421,9 @@ grpc_credentials *grpc_jwt_credentials_create_from_auth_json_key(
   return &c->base;
 }
 
-grpc_credentials *grpc_jwt_credentials_create(const char *json_key,
-                                              gpr_timespec token_lifetime) {
-  return grpc_jwt_credentials_create_from_auth_json_key(
+grpc_credentials *grpc_service_account_jwt_access_credentials_create(
+    const char *json_key, gpr_timespec token_lifetime) {
+  return grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
       grpc_auth_json_key_create_from_string(json_key), token_lifetime);
 }
 
diff --git a/src/core/security/credentials.h b/src/core/security/credentials.h
index d988901cf7..7f4141967d 100644
--- a/src/core/security/credentials.h
+++ b/src/core/security/credentials.h
@@ -188,7 +188,8 @@ grpc_credentials *grpc_fake_oauth2_credentials_create(
 
 /* Private constructor for jwt credentials from an already parsed json key.
    Takes ownership of the key. */
-grpc_credentials *grpc_jwt_credentials_create_from_auth_json_key(
+grpc_credentials *
+grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
     grpc_auth_json_key key, gpr_timespec token_lifetime);
 
 /* Private constructor for refresh token credentials from an already parsed
@@ -240,7 +241,7 @@ typedef struct {
 
   grpc_auth_json_key key;
   gpr_timespec jwt_lifetime;
-} grpc_jwt_credentials;
+} grpc_service_account_jwt_access_credentials;
 
 /* -- Oauth2TokenFetcher credentials --
 
diff --git a/src/core/security/google_default_credentials.c b/src/core/security/google_default_credentials.c
index 833484310f..de1929fe76 100644
--- a/src/core/security/google_default_credentials.c
+++ b/src/core/security/google_default_credentials.c
@@ -140,8 +140,9 @@ static grpc_credentials *create_default_creds_from_path(char *creds_path) {
   /* First, try an auth json key. */
   key = grpc_auth_json_key_create_from_json(json);
   if (grpc_auth_json_key_is_valid(&key)) {
-    result = grpc_jwt_credentials_create_from_auth_json_key(
-        key, grpc_max_auth_token_lifetime);
+    result =
+        grpc_service_account_jwt_access_credentials_create_from_auth_json_key(
+            key, grpc_max_auth_token_lifetime);
     goto end;
   }
 
diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc
index 01c7f14f1a..abf0cb387e 100644
--- a/src/cpp/client/secure_credentials.cc
+++ b/src/cpp/client/secure_credentials.cc
@@ -99,8 +99,8 @@ std::shared_ptr<Credentials> ServiceAccountCredentials(
 }
 
 // Builds JWT credentials.
-std::shared_ptr<Credentials> JWTCredentials(const grpc::string& json_key,
-                                            long token_lifetime_seconds) {
+std::shared_ptr<Credentials> ServiceAccountJWTAccessCredentials(
+    const grpc::string& json_key, long token_lifetime_seconds) {
   if (token_lifetime_seconds <= 0) {
     gpr_log(GPR_ERROR,
             "Trying to create JWTCredentials with non-positive lifetime");
@@ -108,8 +108,8 @@ std::shared_ptr<Credentials> JWTCredentials(const grpc::string& json_key,
   }
   gpr_timespec lifetime =
       gpr_time_from_seconds(token_lifetime_seconds, GPR_TIMESPAN);
-  return WrapCredentials(
-      grpc_jwt_credentials_create(json_key.c_str(), lifetime));
+  return WrapCredentials(grpc_service_account_jwt_access_credentials_create(
+      json_key.c_str(), lifetime));
 }
 
 // Builds refresh token credentials.
diff --git a/src/python/src/grpc/_adapter/_c/types/client_credentials.c b/src/python/src/grpc/_adapter/_c/types/client_credentials.c
index 6a4561c060..9ea2b39cad 100644
--- a/src/python/src/grpc/_adapter/_c/types/client_credentials.c
+++ b/src/python/src/grpc/_adapter/_c/types/client_credentials.c
@@ -208,6 +208,7 @@ ClientCredentials *pygrpc_ClientCredentials_service_account(
   return self;
 }
 
+/* TODO: Rename this credentials to something like service_account_jwt_access */
 ClientCredentials *pygrpc_ClientCredentials_jwt(
     PyTypeObject *type, PyObject *args, PyObject *kwargs) {
   ClientCredentials *self;
@@ -219,7 +220,7 @@ ClientCredentials *pygrpc_ClientCredentials_jwt(
     return NULL;
   }
   self = (ClientCredentials *)type->tp_alloc(type, 0);
-  self->c_creds = grpc_jwt_credentials_create(
+  self->c_creds = grpc_service_account_jwt_access_credentials_create(
       json_key, pygrpc_cast_double_to_gpr_timespec(lifetime));
   if (!self->c_creds) {
     Py_DECREF(self);
diff --git a/src/python/src/grpc/_cython/_cygrpc/credentials.pyx b/src/python/src/grpc/_cython/_cygrpc/credentials.pyx
index c14d8844dd..7bb3f798b2 100644
--- a/src/python/src/grpc/_cython/_cygrpc/credentials.pyx
+++ b/src/python/src/grpc/_cython/_cygrpc/credentials.pyx
@@ -126,6 +126,7 @@ def client_credentials_service_account(
   credentials.references.extend([json_key, scope])
   return credentials
 
+#TODO rename to something like client_credentials_service_account_jwt_access.
 def client_credentials_jwt(json_key, records.Timespec token_lifetime not None):
   if isinstance(json_key, bytes):
     pass
@@ -134,7 +135,7 @@ def client_credentials_jwt(json_key, records.Timespec token_lifetime not None):
   else:
     raise TypeError("expected json_key to be str or bytes")
   cdef ClientCredentials credentials = ClientCredentials()
-  credentials.c_credentials = grpc.grpc_jwt_credentials_create(
+  credentials.c_credentials = grpc.grpc_service_account_jwt_access_credentials_create(
       json_key, token_lifetime.c_time)
   credentials.references.append(json_key)
   return credentials
diff --git a/src/python/src/grpc/_cython/_cygrpc/grpc.pxd b/src/python/src/grpc/_cython/_cygrpc/grpc.pxd
index 7db8fbe31c..a76ddfc9e1 100644
--- a/src/python/src/grpc/_cython/_cygrpc/grpc.pxd
+++ b/src/python/src/grpc/_cython/_cygrpc/grpc.pxd
@@ -313,7 +313,7 @@ cdef extern from "grpc/grpc_security.h":
   grpc_credentials *grpc_compute_engine_credentials_create()
   grpc_credentials *grpc_service_account_credentials_create(
       const char *json_key, const char *scope, gpr_timespec token_lifetime)
-  grpc_credentials *grpc_jwt_credentials_create(const char *json_key,
+  grpc_credentials *grpc_service_account_jwt_access_credentials_create(const char *json_key,
                                                 gpr_timespec token_lifetime)
   grpc_credentials *grpc_refresh_token_credentials_create(
       const char *json_refresh_token)
diff --git a/test/core/security/credentials_test.c b/test/core/security/credentials_test.c
index d3fea9680a..dd6e0d7bb3 100644
--- a/test/core/security/credentials_test.c
+++ b/test/core/security/credentials_test.c
@@ -826,8 +826,9 @@ static void on_jwt_creds_get_metadata_failure(void *user_data,
 
 static void test_jwt_creds_success(void) {
   char *json_key_string = test_json_key_str();
-  grpc_credentials *jwt_creds = grpc_jwt_credentials_create(
-      json_key_string, grpc_max_auth_token_lifetime);
+  grpc_credentials *jwt_creds =
+      grpc_service_account_jwt_access_credentials_create(
+          json_key_string, grpc_max_auth_token_lifetime);
   GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
   GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));
 
@@ -858,8 +859,9 @@ static void test_jwt_creds_success(void) {
 
 static void test_jwt_creds_signing_failure(void) {
   char *json_key_string = test_json_key_str();
-  grpc_credentials *jwt_creds = grpc_jwt_credentials_create(
-      json_key_string, grpc_max_auth_token_lifetime);
+  grpc_credentials *jwt_creds =
+      grpc_service_account_jwt_access_credentials_create(
+          json_key_string, grpc_max_auth_token_lifetime);
   GPR_ASSERT(grpc_credentials_has_request_metadata(jwt_creds));
   GPR_ASSERT(grpc_credentials_has_request_metadata_only(jwt_creds));
 
@@ -900,7 +902,7 @@ static grpc_credentials *composite_inner_creds(grpc_credentials *creds,
 }
 
 static void test_google_default_creds_auth_key(void) {
-  grpc_jwt_credentials *jwt;
+  grpc_service_account_jwt_access_credentials *jwt;
   grpc_credentials *creds;
   char *json_key = test_json_key_str();
   grpc_flush_cached_google_default_credentials();
@@ -909,7 +911,7 @@ static void test_google_default_creds_auth_key(void) {
   gpr_free(json_key);
   creds = grpc_google_default_credentials_create();
   GPR_ASSERT(creds != NULL);
-  jwt = (grpc_jwt_credentials *)composite_inner_creds(
+  jwt = (grpc_service_account_jwt_access_credentials *)composite_inner_creds(
       creds, GRPC_CREDENTIALS_TYPE_JWT);
   GPR_ASSERT(
       strcmp(jwt->key.client_id,
diff --git a/test/cpp/interop/client_helper.cc b/test/cpp/interop/client_helper.cc
index 48b1b2e864..73d82f7b88 100644
--- a/test/cpp/interop/client_helper.cc
+++ b/test/cpp/interop/client_helper.cc
@@ -123,7 +123,8 @@ std::shared_ptr<ChannelInterface> CreateChannelForTestCase(
     GPR_ASSERT(FLAGS_enable_ssl);
     grpc::string json_key = GetServiceAccountJsonKey();
     std::chrono::seconds token_lifetime = std::chrono::hours(1);
-    creds = JWTCredentials(json_key, token_lifetime.count());
+    creds =
+        ServiceAccountJWTAccessCredentials(json_key, token_lifetime.count());
     return CreateTestChannel(host_port, FLAGS_server_host_override,
                              FLAGS_enable_ssl, FLAGS_use_prod_roots, creds);
   } else if (test_case == "oauth2_auth_token") {