Add Credentials implementation supplying an ID token.#234
Add Credentials implementation supplying an ID token.#234theacodes merged 3 commits intogoogleapis:masterfrom
Conversation
|
I changed a significant portion of this so some else needs to review. @dhermes? |
google/oauth2/_client.py
Outdated
|
|
||
| def id_token_jwt_grant(request, token_uri, assertion): | ||
| """Implements the JWT Profile for OAuth 2.0 Authorization Grants, but | ||
| requests an OpenID Connect ID Token instead of a access token. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
google/oauth2/_client.py
Outdated
| Args: | ||
| request (google.auth.transport.Request): A callable used to make | ||
| HTTP requests. | ||
| token_uri (str): The OAuth 2.0 authorizations server's token endpoint |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| URI. | ||
| assertion (str): JWT token signed by a service account. The assertion | ||
| must include a ``target_audience`` claim. | ||
| Returns: |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
google/oauth2/_client.py
Outdated
| token_uri (str): The OAuth 2.0 authorizations server's token endpoint | ||
| URI. | ||
| assertion (str): JWT token signed by a service account. The assertion | ||
| must include a ``target_audience`` claim. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| Tuple[str, Optional[datetime], Mapping[str, str]]: | ||
| The (encoded) Open ID Connect ID Token, expiration, and additional | ||
| data returned by the endpoint. | ||
| Raises: |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| self._token_uri = token_uri | ||
| self._target_audience = target_audience | ||
|
|
||
| if additional_claims is not None: |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
| delegated_credentials = credentials.with_subject(subject) | ||
|
|
||
| """ | ||
| def __init__(self, signer, service_account_email, token_uri, |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
google/oauth2/service_account.py
Outdated
| google.auth.service_account.IDTokenCredentials: A new credentials | ||
| instance. | ||
| """ | ||
| return IDTokenCredentials( |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
3 participants
@jonparrott Here's a primitive implementation for #130.
This adds everything in
google.auth.id_tokenas I don't know any better.Could you advise on how to structure this better?
Thanks!