1 files changed, 20 insertions, 2 deletions

diff --git a/src/cpp/client/secure_credentials.cc b/src/cpp/client/secure_credentials.cc
index 6ca702eead..a2f6a69858 100644
--- a/src/cpp/client/secure_credentials.cc
+++ b/src/cpp/client/secure_credentials.cc
@@ -98,12 +98,30 @@ std::unique_ptr<Credentials> ComputeEngineCredentials() {
 std::unique_ptr<Credentials> ServiceAccountCredentials(
     const grpc::string& json_key, const grpc::string& scope,
     std::chrono::seconds token_lifetime) {
-  gpr_timespec lifetime = gpr_time_from_seconds(
-      token_lifetime.count() > 0 ? token_lifetime.count() : 0);
+  if (token_lifetime.count() <= 0) {
+    gpr_log(GPR_ERROR,
+            "Trying to create ServiceAccountCredentials "
+            "with non-positive lifetime");
+    return WrapCredentials(nullptr);
+  }
+  gpr_timespec lifetime = gpr_time_from_seconds(token_lifetime.count());
   return WrapCredentials(grpc_service_account_credentials_create(
       json_key.c_str(), scope.c_str(), lifetime));
 }
 
+// Builds JWT credentials.
+std::unique_ptr<Credentials> JWTCredentials(
+    const grpc::string &json_key, std::chrono::seconds token_lifetime) {
+  if (token_lifetime.count() <= 0) {
+    gpr_log(GPR_ERROR,
+            "Trying to create JWTCredentials with non-positive lifetime");
+    return WrapCredentials(nullptr);
+  }
+  gpr_timespec lifetime = gpr_time_from_seconds(token_lifetime.count());
+  return WrapCredentials(
+      grpc_jwt_credentials_create(json_key.c_str(), lifetime));
+}
+
 // Builds IAM credentials.
 std::unique_ptr<Credentials> IAMCredentials(
     const grpc::string& authorization_token,