-
Notifications
You must be signed in to change notification settings - Fork 6.4k
/
auth.py
59 lines (46 loc) · 2.12 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Copyright 2020 Google, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Demonstrates how to send authenticated service-to-service requests, eg
for Cloud Run or Cloud Functions"""
# [START functions_bearer_token]
# [START cloudrun_service_to_service_auth]
import urllib
import google.auth.transport.requests
import google.oauth2.id_token
def make_authorized_get_request(endpoint, audience):
"""
make_authorized_get_request makes a GET request to the specified HTTP endpoint
by authenticating with the ID token obtained from the google-auth client library
using the specified audience value.
"""
# [END functions_bearer_token]
# Cloud Run uses your service's hostname as the `audience` value
# audience = 'https://my-cloud-run-service.run.app/'
# For Cloud Run, `endpoint` is the URL (hostname + path) receiving the request
# endpoint = 'https://my-cloud-run-service.run.app/my/awesome/url'
# [END cloudrun_service_to_service_auth]
# [START functions_bearer_token]
# Cloud Functions uses your function's URL as the `audience` value
# audience = https://project-region-projectid.cloudfunctions.net/myFunction
# For Cloud Functions, `endpoint` and `audience` should be equal
# [START cloudrun_service_to_service_auth]
req = urllib.request.Request(endpoint)
auth_req = google.auth.transport.requests.Request()
id_token = google.oauth2.id_token.fetch_id_token(auth_req, audience)
req.add_header("Authorization", f"Bearer {id_token}")
response = urllib.request.urlopen(req)
return response.read()
# [END cloudrun_service_to_service_auth]
# [END functions_bearer_token]