fix: Static analysis fix and updatemetadata logic correction

src/Credentials/ExternalAccountCredentials.php

@@ -25,6 +25,7 @@
 use Google\Auth\GetQuotaProjectInterface;
 use Google\Auth\HttpHandler\HttpClientCache;
 use Google\Auth\HttpHandler\HttpHandlerFactory;
+use Google\Auth\MetricsTrait;
 use Google\Auth\OAuth2;
 use Google\Auth\UpdateMetadataInterface;
 use Google\Auth\UpdateMetadataTrait;
@@ -34,6 +35,7 @@
 class ExternalAccountCredentials implements FetchAuthTokenInterface, UpdateMetadataInterface, GetQuotaProjectInterface
 {
     use UpdateMetadataTrait;
+    use MetricsTrait;
 
     private const EXTERNAL_ACCOUNT_TYPE = 'external_account';
 

src/Credentials/GCECredentials.php

@@ -149,7 +149,7 @@ class GCECredentials extends CredentialsLoader implements
      *
      * @var string
      */
-    protected string $credType = 'cred-type/mds';
+    protected $credType = 'cred-type/mds';
 
     /**
      * @var string|null
@@ -315,6 +315,9 @@ private static function getProjectIdUri()
         return $base . self::PROJECT_ID_URI_PATH;
     }
 
+    /**
+     * @return array<mixed>
+     */
     private static function getMdsPingHeader()
     {
         return [
@@ -440,7 +443,7 @@ public function fetchAuthToken(callable $httpHandler = null)
         }
 
         $isAccessTokenRequest = true;
-        if (isset($this->targetAudience)) {
+        if (!is_null($this->targetAudience)) {
             $isAccessTokenRequest = false;
         }
 
@@ -608,7 +611,7 @@ public function getUniverseDomain(callable $httpHandler = null): string
      *
      * @param callable $httpHandler An HTTP Handler to deliver PSR7 requests.
      * @param string $uri The metadata URI.
-     * @param array $metricsHeader [optional] If present, add these headers to the token
+     * @param array<mixed> $metricsHeader [optional] If present, add these headers to the token
      *        endpoint request.
      *
      * @return string

src/Credentials/ImpersonatedServiceAccountCredentials.php

@@ -41,7 +41,7 @@ class ImpersonatedServiceAccountCredentials extends CredentialsLoader implements
      *
      * @var string
      */
-    protected string $credType = 'cred-type/imp';
+    protected $credType = 'cred-type/imp';
 
     /**
      * Instantiate an instance of ImpersonatedServiceAccountCredentials from a credentials file that

src/Credentials/ServiceAccountCredentials.php

@@ -89,7 +89,7 @@ class ServiceAccountCredentials extends CredentialsLoader implements
      *
      * @var string
      */
-    protected string $credType = 'cred-type/sa';
+    protected $credType = 'cred-type/sa';
 
     /**
      * @var array<mixed>|null

src/Credentials/ServiceAccountJwtAccessCredentials.php

@@ -59,7 +59,7 @@ class ServiceAccountJwtAccessCredentials extends CredentialsLoader implements
      *
      * @var string
      */
-    protected string $credType = 'cred-type/jwt';
+    protected $credType = 'cred-type/jwt';
 
     /**
      * @var string

src/Credentials/UserRefreshCredentials.php

@@ -53,7 +53,7 @@ class UserRefreshCredentials extends CredentialsLoader implements GetQuotaProjec
      *
      * @var string
      */
-    protected string $credType = 'cred-type/u';
+    protected $credType = 'cred-type/u';
 
     /**
      * Create a new UserRefreshCredentials.
@@ -105,7 +105,7 @@ public function __construct(
 
     /**
      * @param callable $httpHandler
-     * @param array $metricsHeader [optional] Metrics headers to be inserted
+     * @param array<mixed> $metricsHeader [optional] Metrics headers to be inserted
      *     into the token endpoint request present.
      *     This could be passed from ImersonatedServiceAccountCredentials as it uses
      *     UserRefreshCredentials as source credentials.

src/MetricsTrait.php

@@ -25,24 +25,43 @@
  */
 trait MetricsTrait
 {
-    private static $version = null;
+    /**
+     * @var string The version of the auth library php.
+     */
+    private static $version;
 
+    /**
+     * @var string The header key for the observability metrics.
+     */
     protected static $metricsHeaderKey = 'x-goog-api-client';
 
-    private static array $requestType = [
+    /**
+     * @var array<string, string> The request type header values
+     *      for the observability metrics.
+     */
+    private static $requestType = [
         'accessToken' => 'auth-request-type/at',
         'idToken' => 'auth-request-type/it',
     ];
 
-    private static array $credTypes = [
+    /**
+     * @var array<string, string> The credential type headervalues
+     *      for the observability metrics.
+     */
+    private static $credTypes = [
         'user' => 'cred-type/u',
         'sa' => 'cred-type/sa',
         'jwt' => 'cred-type/jwt',
         'gce' => 'cred-type/mds',
         'impersonate' => 'cred-type/imp'
     ];
 
-    protected string $credType = '';
+    /**
+     * @var string The credential type for the observability metrics.
+     *      This would be overridden by the credential class if applicable.
+     */
+    protected $credType = '';
+
     protected function getServiceApiMetricsHeaderValue(): string
     {
         if (!empty($this->credType)) {
@@ -67,7 +86,13 @@ protected function getTokenEndpointMetricsHeaderValue(bool $isAccessTokenRequest
         return '';
     }
 
-    protected function applyMetricsHeader($metadata, $headerValue): array
+    /**
+     * @param array<mixed> $metadata The metadata to update and return.
+     * @param string $headerValue The header value to add to the metadata for
+     *        observability metrics.
+     * @return array<mixed> The updated metadata.
+     */
+    protected function applyMetricsHeader($metadata, $headerValue)
     {
         if (empty($headerValue)) {
             return $metadata;

src/OAuth2.php

@@ -572,6 +572,8 @@ public function toJwt(array $config = [])
      * Generates a request for token credentials.
      *
      * @param callable $httpHandler callback which delivers psr7 request
+     * @param array<mixed> $metricsHeader [optional] Metrics headers to be inserted
+     *     into the token endpoint request present.
      * @return RequestInterface the authorization Url.
      */
     public function generateCredentialsRequest(callable $httpHandler = null, $metricsHeader = [])
@@ -647,7 +649,7 @@ public function generateCredentialsRequest(callable $httpHandler = null, $metric
      * Fetches the auth tokens based on the current state.
      *
      * @param callable $httpHandler callback which delivers psr7 request
-     * @param array $metricsHeader [optional] If present, add these headers to the token
+     * @param array<mixed> $metricsHeader [optional] If present, add these headers to the token
      *        endpoint request.
      * @return array<mixed> the response
      */

src/UpdateMetadataTrait.php

@@ -50,22 +50,22 @@ public function updateMetadata(
         $authUri = null,
         callable $httpHandler = null
     ) {
-        if (isset($metadata[self::AUTH_METADATA_KEY])) {
+        $metadata_copy = $metadata;
+        $metadata_copy = $this->applyMetricsHeader(
+            $metadata_copy,
+            $this->getServiceApiMetricsHeaderValue()
+        );
+
+        if (isset($metadata_copy[self::AUTH_METADATA_KEY])) {
             // Auth metadata has already been set
-            return $metadata;
+            return $metadata_copy;
         }
         $result = $this->fetchAuthToken($httpHandler);
-        $metadata_copy = $metadata;
         if (isset($result['access_token'])) {
             $metadata_copy[self::AUTH_METADATA_KEY] = ['Bearer ' . $result['access_token']];
         } elseif (isset($result['id_token'])) {
             $metadata_copy[self::AUTH_METADATA_KEY] = ['Bearer ' . $result['id_token']];
         }
-
-        $metadata_copy = $this->applyMetricsHeader(
-            $metadata_copy,
-            $this->getServiceApiMetricsHeaderValue()
-        );
         return $metadata_copy;
     }
 }