diff --git a/google/oauth2/_client.py b/google/oauth2/_client.py
index ee5689120..98d9599cf 100644
--- a/google/oauth2/_client.py
+++ b/google/oauth2/_client.py
@@ -30,6 +30,7 @@
 
 from google.auth import _exponential_backoff
 from google.auth import _helpers
+from google.auth import credentials
 from google.auth import exceptions
 from google.auth import jwt
 from google.auth import metrics
@@ -344,7 +345,9 @@ def call_iam_generate_id_token_endpoint(
 
     response_data = _token_endpoint_request(
         request,
-        iam_id_token_endpoint.format(universe_domain, signer_email),
+        iam_id_token_endpoint.replace(
+            credentials.DEFAULT_UNIVERSE_DOMAIN, universe_domain
+        ).format(signer_email),
         body,
         access_token=access_token,
         use_json=True,
diff --git a/tests/oauth2/test_service_account.py b/tests/oauth2/test_service_account.py
index 45e0d6c91..91a7d93e0 100644
--- a/tests/oauth2/test_service_account.py
+++ b/tests/oauth2/test_service_account.py
@@ -798,7 +798,6 @@ def test_refresh_iam_flow(self, call_iam_generate_id_token_endpoint):
         assert target_audience == "https://example.com"
         decoded_access_token = jwt.decode(access_token, verify=False)
         assert decoded_access_token["scope"] == "https://www.googleapis.com/auth/iam"
-        assert universe_domain == "googleapis.com"
 
     @mock.patch(
         "google.oauth2._client.call_iam_generate_id_token_endpoint", autospec=True
@@ -818,13 +817,12 @@ def test_refresh_iam_flow_non_gdu(self, call_iam_generate_id_token_endpoint):
         assert req == request
         assert (
             iam_endpoint
-            == "https://iamcredentials.{}/v1/projects/-/serviceAccounts/{}:generateIdToken"
+            == "https://iamcredentials.fake-universe/v1/projects/-/serviceAccounts/{}:generateIdToken"
         )
         assert signer_email == "service-account@example.com"
         assert target_audience == "https://example.com"
         decoded_access_token = jwt.decode(access_token, verify=False)
         assert decoded_access_token["scope"] == "https://www.googleapis.com/auth/iam"
-        assert universe_domain == "fake-universe"
 
     @mock.patch("google.oauth2._client.id_token_jwt_grant", autospec=True)
     def test_before_request_refreshes(self, id_token_jwt_grant):