diff --git a/package-lock.json b/package-lock.json
index 74283ff5..647e82ef 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -34,6 +34,12 @@
           "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.92.tgz",
           "integrity": "sha512-cdvY1fyUGYgG7/i07a/sR5PnD6+Z+ljUrD0CNVf0qj645VvEdLNtZPjvCp4siPy3rQ/KRXMfUATIqi3+9x57Sw==",
           "dev": true
+        },
+        "typescript": {
+          "version": "2.6.2",
+          "resolved": "https://registry.npmjs.org/typescript/-/typescript-2.6.2.tgz",
+          "integrity": "sha1-PFtv1/beCRQmkCfwPAlGdY92c6Q=",
+          "dev": true
         }
       }
     },
@@ -4442,9 +4448,9 @@
       "dev": true
     },
     "typescript": {
-      "version": "2.6.2",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-2.6.2.tgz",
-      "integrity": "sha1-PFtv1/beCRQmkCfwPAlGdY92c6Q=",
+      "version": "2.7.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-2.7.2.tgz",
+      "integrity": "sha512-p5TCYZDAO0m4G344hD+wx/LATebLWZNkkh2asWUFqSsD2OrDNhbAHuSjobrmsUmdzjJjEeZVU9g1h3O6vpstnw==",
       "dev": true
     },
     "uglify-js": {
diff --git a/package.json b/package.json
index 6816ceac..f7d6ddb4 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "prettier": "^1.10.2",
     "source-map-support": "^0.5.3",
     "tmp": "0.0.33",
-    "typescript": "~2.6.2"
+    "typescript": "~2.7.0"
   },
   "files": [
     "LICENSE",
diff --git a/src/auth/authclient.ts b/src/auth/authclient.ts
index 4e2ad131..5dde7dc6 100644
--- a/src/auth/authclient.ts
+++ b/src/auth/authclient.ts
@@ -20,7 +20,7 @@ import {Credentials} from './credentials';
 
 export abstract class AuthClient {
   transporter = new DefaultTransporter();
-  credentials: Credentials;
+  credentials: Credentials = {};
 
   /**
    * Provides an alternative Axios request implementation with auth credentials
diff --git a/src/auth/googleauth.ts b/src/auth/googleauth.ts
index a8e187b0..f411481d 100644
--- a/src/auth/googleauth.ts
+++ b/src/auth/googleauth.ts
@@ -60,7 +60,7 @@ interface CredentialResult {
 }
 
 export class GoogleAuth {
-  transporter: Transporter;
+  transporter?: Transporter;
 
   /**
    * Caches a value indicating whether the auth layer is running on Google
@@ -75,8 +75,8 @@ export class GoogleAuth {
     return this.checkIsGCE;
   }
 
-  private _getDefaultProjectIdPromise: Promise<string|null>;
-  private _cachedProjectId: string|null;
+  private _getDefaultProjectIdPromise?: Promise<string|null>;
+  private _cachedProjectId?: string|null;
 
   // To save the contents of the JSON credential file
   jsonContent: JWTInput|null = null;
diff --git a/src/auth/jwtclient.ts b/src/auth/jwtclient.ts
index 8c5a220a..6dbc9e44 100644
--- a/src/auth/jwtclient.ts
+++ b/src/auth/jwtclient.ts
@@ -38,10 +38,10 @@ export class JWT extends OAuth2Client {
   scopes?: string|string[];
   scope?: string;
   subject?: string;
-  gtoken: GoogleToken;
+  gtoken?: GoogleToken;
   additionalClaims?: {};
 
-  private access: JWTAccess;
+  private access?: JWTAccess;
 
   /**
    * JWT service account credentials.
@@ -157,8 +157,8 @@ export class JWT extends OAuth2Client {
     }
     this.credentials = result.tokens;
     this.credentials.refresh_token = 'jwt-placeholder';
-    this.key = this.gtoken.key;
-    this.email = this.gtoken.iss;
+    this.key = this.gtoken!.key;
+    this.email = this.gtoken!.iss;
     return result.tokens;
   }
 
diff --git a/src/auth/oauth2client.ts b/src/auth/oauth2client.ts
index 2f02e74f..76ceda6c 100644
--- a/src/auth/oauth2client.ts
+++ b/src/auth/oauth2client.ts
@@ -246,7 +246,7 @@ export class OAuth2Client extends AuthClient {
   // TODO: refactor tests to make this private
   _clientSecret?: string;
 
-  apiKey: string;
+  apiKey?: string;
 
   projectId?: string;
 
@@ -284,7 +284,6 @@ export class OAuth2Client extends AuthClient {
     this.redirectUri = opts.redirectUri;
     this.authBaseUrl = opts.authBaseUrl;
     this.tokenUrl = opts.tokenUrl;
-    this.credentials = {};
     this.eagerRefreshThresholdMillis =
         opts.eagerRefreshThresholdMillis || 5 * 60 * 1000;
   }
diff --git a/test/test.jwt.ts b/test/test.jwt.ts
index 020ed671..02c50865 100644
--- a/test/test.jwt.ts
+++ b/test/test.jwt.ts
@@ -68,10 +68,10 @@ describe('JWT auth client', () => {
       jwt.authorize((err, creds) => {
         assert.equal(err, null);
         assert.notEqual(creds, null);
-        assert.equal('foo@serviceaccount.com', jwt.gtoken.iss);
-        assert.equal(PEM_PATH, jwt.gtoken.keyFile);
-        assert.equal(['http://bar', 'http://foo'].join(' '), jwt.gtoken.scope);
-        assert.equal('bar@subjectaccount.com', jwt.gtoken.sub);
+        assert.equal('foo@serviceaccount.com', jwt.gtoken!.iss);
+        assert.equal(PEM_PATH, jwt.gtoken!.keyFile);
+        assert.equal(['http://bar', 'http://foo'].join(' '), jwt.gtoken!.scope);
+        assert.equal('bar@subjectaccount.com', jwt.gtoken!.sub);
         assert.equal('initial-access-token', jwt.credentials.access_token);
         assert.equal(creds!.access_token, jwt.credentials.access_token);
         assert.equal(creds!.refresh_token, jwt.credentials.refresh_token);
@@ -93,7 +93,7 @@ describe('JWT auth client', () => {
 
       createGTokenMock({access_token: 'initial-access-token'});
       jwt.authorize((err, creds) => {
-        assert.equal('http://foo', jwt.gtoken.scope);
+        assert.equal('http://foo', jwt.gtoken!.scope);
         done();
       });
     });