Thanks, Olek!
Looks like the bug is fixed in the latest release of google-oauth-client. Does this mean we just need to upgrade its version in Debian?
Please let me know if I can help with anything!
Thanks for the offer but it was fairly straightforward. Unfortunately, we typically can't upload new upstream versions when we're in a release freeze. But it was easy enough to backport the upstream fix to version 1.28.0. I think I only had to make one minor tweak to the pom.xml due to some additions for a later version. After that it built perfectly.
I also rebuilt the google-api-client-java and bazel-bootstrap packages locally against the new google-oauth-client-java and everything looks good. I've filed an unblock bug with the Release Team to allow the fix to migrate to bullseye. Now we just wait. :)
-Olek