From dc17dfc3fb65c87f2912300f0d11f79781240e78 Mon Sep 17 00:00:00 2001
From: ohmayr <omairnaveed@ymail.com>
Date: Wed, 17 Jul 2024 16:43:32 -0400
Subject: [PATCH] feat: implement async `StaticCredentials` using access tokens
 (#1559)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: implement async oauth2 credentials

* minor cleanup

* inherit base credentials class in async credentials

* fix whitespace

* implement builder class for oauth 2.0 credentials

* feat: implement async static credentials

* revert implementing oauth2 credentials

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* update values used in tests

* update the exception raised for static refresh

* add async anonymous credentials

* update docstrings

* address PR comments

* chore: Refresh system test creds.

* fix lint issues

* add test coverage

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Carl Lundin <clundin@google.com>
---
 google/auth/_credentials_base.py |   6 +-
 google/auth/aio/__init__.py      |  25 ++++++
 google/auth/aio/credentials.py   | 143 +++++++++++++++++++++++++++++++
 system_tests/secrets.tar.enc     | Bin 10324 -> 10324 bytes
 tests/test_credentials_async.py  | 136 +++++++++++++++++++++++++++++
 5 files changed, 308 insertions(+), 2 deletions(-)
 create mode 100644 google/auth/aio/__init__.py
 create mode 100644 google/auth/aio/credentials.py
 create mode 100644 tests/test_credentials_async.py

diff --git a/google/auth/_credentials_base.py b/google/auth/_credentials_base.py
index 29462dc0c..64d5ce34b 100644
--- a/google/auth/_credentials_base.py
+++ b/google/auth/_credentials_base.py
@@ -37,12 +37,14 @@ class _BaseCredentials(metaclass=abc.ABCMeta):
     keys, scopes, and other options. These options are not changeable after
     construction. Some classes will provide mechanisms to copy the credentials
     with modifications such as :meth:`ScopedCredentials.with_scopes`.
+
+    Attributes:
+        token (Optional[str]): The bearer token that can be used in HTTP headers to make
+            authenticated requests.
     """
 
     def __init__(self):
         self.token = None
-        """str: The bearer token that can be used in HTTP headers to make
-        authenticated requests."""
 
     @abc.abstractmethod
     def refresh(self, request):
diff --git a/google/auth/aio/__init__.py b/google/auth/aio/__init__.py
new file mode 100644
index 000000000..331708cba
--- /dev/null
+++ b/google/auth/aio/__init__.py
@@ -0,0 +1,25 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Google Auth AIO Library for Python."""
+
+import logging
+
+from google.auth import version as google_auth_version
+
+
+__version__ = google_auth_version.__version__
+
+# Set default logging handler to avoid "No handler found" warnings.
+logging.getLogger(__name__).addHandler(logging.NullHandler())
diff --git a/google/auth/aio/credentials.py b/google/auth/aio/credentials.py
new file mode 100644
index 000000000..3bc6a5a67
--- /dev/null
+++ b/google/auth/aio/credentials.py
@@ -0,0 +1,143 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+"""Interfaces for asynchronous credentials."""
+
+
+from google.auth import _helpers
+from google.auth import exceptions
+from google.auth._credentials_base import _BaseCredentials
+
+
+class Credentials(_BaseCredentials):
+    """Base class for all asynchronous credentials.
+
+    All credentials have a :attr:`token` that is used for authentication and
+    may also optionally set an :attr:`expiry` to indicate when the token will
+    no longer be valid.
+
+    Most credentials will be :attr:`invalid` until :meth:`refresh` is called.
+    Credentials can do this automatically before the first HTTP request in
+    :meth:`before_request`.
+
+    Although the token and expiration will change as the credentials are
+    :meth:`refreshed <refresh>` and used, credentials should be considered
+    immutable. Various credentials will accept configuration such as private
+    keys, scopes, and other options. These options are not changeable after
+    construction. Some classes will provide mechanisms to copy the credentials
+    with modifications such as :meth:`ScopedCredentials.with_scopes`.
+    """
+
+    def __init__(self):
+        super(Credentials, self).__init__()
+
+    async def apply(self, headers, token=None):
+        """Apply the token to the authentication header.
+
+        Args:
+            headers (Mapping): The HTTP request headers.
+            token (Optional[str]): If specified, overrides the current access
+                token.
+        """
+        self._apply(headers, token=token)
+
+    async def refresh(self, request):
+        """Refreshes the access token.
+
+        Args:
+            request (google.auth.aio.transport.Request): The object used to make
+                HTTP requests.
+
+        Raises:
+            google.auth.exceptions.RefreshError: If the credentials could
+                not be refreshed.
+        """
+        raise NotImplementedError("Refresh must be implemented")
+
+    async def before_request(self, request, method, url, headers):
+        """Performs credential-specific before request logic.
+
+        Refreshes the credentials if necessary, then calls :meth:`apply` to
+        apply the token to the authentication header.
+
+        Args:
+            request (google.auth.aio.transport.Request): The object used to make
+                HTTP requests.
+            method (str): The request's HTTP method or the RPC method being
+                invoked.
+            url (str): The request's URI or the RPC service's URI.
+            headers (Mapping): The request's headers.
+        """
+        await self.apply(headers)
+
+
+class StaticCredentials(Credentials):
+    """Asynchronous Credentials representing an immutable access token.
+
+    The credentials are considered immutable except the tokens which can be
+    configured in the constructor ::
+
+        credentials = StaticCredentials(token="token123")
+
+    StaticCredentials does not support :meth `refresh` and assumes that the configured
+    token is valid and not expired. StaticCredentials will never attempt to
+    refresh the token.
+    """
+
+    def __init__(self, token):
+        """
+        Args:
+            token (str): The access token.
+        """
+        super(StaticCredentials, self).__init__()
+        self.token = token
+
+    @_helpers.copy_docstring(Credentials)
+    async def refresh(self, request):
+        raise exceptions.InvalidOperation("Static credentials cannot be refreshed.")
+
+    # Note: before_request should never try to refresh access tokens.
+    # StaticCredentials intentionally does not support it.
+    @_helpers.copy_docstring(Credentials)
+    async def before_request(self, request, method, url, headers):
+        await self.apply(headers)
+
+
+class AnonymousCredentials(Credentials):
+    """Asynchronous Credentials that do not provide any authentication information.
+
+    These are useful in the case of services that support anonymous access or
+    local service emulators that do not use credentials.
+    """
+
+    async def refresh(self, request):
+        """Raises :class:``InvalidOperation``, anonymous credentials cannot be
+        refreshed."""
+        raise exceptions.InvalidOperation("Anonymous credentials cannot be refreshed.")
+
+    async def apply(self, headers, token=None):
+        """Anonymous credentials do nothing to the request.
+
+        The optional ``token`` argument is not supported.
+
+        Raises:
+            google.auth.exceptions.InvalidValue: If a token was specified.
+        """
+        if token is not None:
+            raise exceptions.InvalidValue("Anonymous credentials don't support tokens.")
+
+    async def before_request(self, request, method, url, headers):
+        """Anonymous credentials do nothing to the request."""
+        pass
diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
index 77ab87e0f1bf6d7d084d21c1c2fa8691e6c59709..ccb040256c0cf0e7e68c58b58536bc49bf81293d 100644
GIT binary patch
literal 10324
zcmV-aD67{BB>?tKRTIz?XEI5-!7nZ0?6u;+M^WKg0HYZ_MP-{$x9BSNH474|Pylv+
ziVhF}z)@J?)^98=!~H*?Ka{)TBPKFam@RC|_!ZI_=FVl+$D7RQdWI^XG&rgs%+H&^
z$^{u_9kF!T24;r!d8B$JwLH=Re_Ccj<#AtVH;|Zyva0DT<SKc(C8wjA3GK63f%A2;
zR3587h%A$6ve5d_{`bJ|oU==;r~ka4Dl{A?qrb%3g=MnW)fs(}DPUNoMV@j}PQmNg
z+{!YF6P?RwoN39VO{Ny*)^8(fx5r1PQ}0uGXXXH@Rrm9gZ@Qk0sEQC!`9~$sUespI
zpEp&5f87ej=q}KsELH^oKbNApOzLaxw=mrUtx0QWKj+1YZf4|@+$>~|rK|Rq<#yLH
zzt?HueKUkJ-HM#WYELV<g^2i$BIoXKCsVBUBbGOL5vc3#f9z9RKBax^WB-yn9RxVR
zrt(DP!av*hi_NdmEC%m=`rbY3)#tc$pW9-%ge-)p+K|;z*2%jyKF4nL5gBzX5<I;h
z+TKdu92R3{6f5Y?Ln?cEh5wJ18=A1f(Ej7HodFzwYx+hAaRfqWyFjF;b^rji6I!Sy
z7ptH0^5B+~ML2}+;=XWeRbHKOk6sg#X#*JuH-DFJs(z0lmzB{-5J|F;pyUUYr4Wz2
zY7&q16xjr8_edrp%qQ;k`Vt-@L$@f;X$y6H1#@9&Oh!0A>bcRve$Src70y*~fHY%R
zVC;gxNUwYe`1qp=b+HNN3jCX71fUYZnAn;Zt5O}vTMRxMZB+S$rq4X3uHW@1?_!M|
zzDMcPlr5O5VUCyHfraz1f4?rxB1&vzVvbc1h@S8cpIa`#Go(nIfIOJIYS(BRXX=-W
zue$V^WS03?Js{^RTHh>i>Tk^o{Pzo?5!r~8hyJTRI#fLeZj$q4iE%lK3{9l@qvBi{
z?7L5+k_F9FjdoP;V1lHar#R%h=;8q&9c=f7f<tgN>V=M%tE6;A!_-y}8wAJt<I>pP
z*Bg=<^xT_b$+lBLm%;9iG%$*vH4phhI0BezR{Dp9*SzsU(>3^SG4oX3Cfvx;v86>t
zkmen6oy)aY1+9{@Jv5H1Zb#Xl@px98Qp#y`+DNZCLm~-TFkZZ?B)C5DZ%=sJdfLeE
z!GN-sxn?3KUmtLJa7PhUv0<~|S?<kn3lA%&!hp*gi6@B*BqSo)KNNu9UE8W~>J8#e
zQEl}p?*{1S!ygsUG*REBE<MN%vzOYcxK-}ObNWd9>kMGt0XZ-NLnTJ7859{pEmA6b
zC^f<Bn+y19OV&ylRs@o+T^MCt@%YU<t(BDC-^Hd?1Q9l{_nV4)<+b!--34weiUSVe
z8iPQR&Vk^aAQldg-eu8m<agor@wbiuKnWh|&lf%Xi6-eugr_Zb(DE9tG^xF82Inyp
zvPvX2sRw98+rV-f4%vTSSIqoW7juXDc@L@nS!E0-t#BS6i<g0g+f4%!)z*n8a^EJ0
zmNd5+ZsNVr`5U<2<@7Krx3Yb}<aAkdu~5`IYUMKecnO?zX5_;H*)pz>EC)gaP<)bt
zdz$Dh|Iq<Pd(2LMH3MgGL0CCZbKL~&L3oZb)K~5G626_%I!gsFjS>;d9`>oR3MR4i
z203>8CKu7|9kjoG-~f<9eKWYLyRWXTu;q7xZ3K0UT-^|aq3+FKpS9nWnFs5~_aRR?
z>sWfz5v>Xv5h!y(i(h=wq?dhi1=Bh3;5CmYWctPC1jW>-$G}?>{psJ(RA`Hqjf#SA
z0DJ<L^AuG~UfFkm3BegodDDz<Rv*8hVE~z_0f5E)ivA_@-_9($J|^V<br~s;9zROw
zEGB#wI+Eb(e3Cu4@3+00T=OZ3pS%^iAUY7E%az<f2H@NXP!6KCE+gn%@nsa$?Lp#>
z-|9IR!-mS+6h0RbORg#kk)^)xVCGdh7dkhIRlb;&f!#R|f?q{akK#Hh2=)CCN@*n1
z>b4aif7Lm~ek_LU3<d(?`lMbPJmtlZ2`B;c=*=CmmgX`~arcX=#hu=m?E?5BpiiG#
zNNL7ho_Z}pgT^EDK<v6^-5O$e5iD=`4=k5Te~Cw)zsl@w2rsxU#DF*uAoLNz$z+%y
z%M`vFM~I=nVQ)Pc--gZpDY8tJx==vp2hP2^U}>cPE(cz=s3{IN0`*qk=c*-Go%<U`
zk-dDtt$4KEl=W*4_eYPgg>67SP}cqMVnSh@g-rp%J7ZD&^dGjj^^;^5DpT5_ZxATI
znCcx>G}l8|l{cP?&B*km!9kqGk{QY*Pw#}BcZO*PCf9I(nG<GkBE5axU`l-EGC}Ll
z@19lXmq6?XG@}y0b~_jr1`aT}m>mVH`;LZ|5WzGztKlKF=+6E?f|Q33OuP0T6~r3L
zU@_o~v7p2J0*Hcg+?7a!Da`JB66G4dFUb@O?eQbV&Mo;ayR_G8NtV7*>{x_&Nt1wx
zo_$JrJ*7?vE$<RewNrj@05Uzy|2uCXI(;4Wu8P-u%Zt*24P;I=a>tD(D%jbWmZhM%
zs00x4I>i0VBg_uDaO)L3LLgI7gJ-nZDMqr7*PHX0#&$i~Zvbk8+Ff)5Es7|gZb=;E
zwBN2fz#Zfx9C@??n1Ir!nDBPZ7VU30y}?;FaW|ObTkilP`PESyIHb}60Zo!Y9&WSR
zqm^$z$M#{ZlwU#adnRPUo{W}x;@}e#?1tS_QA-0ISsEAKxM9U-9=(d}SpRSgoxPPZ
z%sTkmp3;1_-@z$$amAAWQQvPNHX|z<F5t3;eFhaw6vgdH_2q(ytq<~ueSGi?xPhVh
zot=YwunLoA9YUL@R)<yZ!EP9w+^XGdNw|7im9odlKn#L;!luH)Cs<)sQ#Xti$8xqO
z{sJ<HcAjazCa!R%>>>E04JN5_QWzk@JVo_Vuwv3p&l!gtXWrY83~ePvFf+JXmnQVl
zVl8r$+`nxRw$f@EG-Vc*VD#^N_#S8HWJ6%4Zfw(f>u<r_2{GH5&X;4%(OoNcxI(RN
z@Hq4)?}Ga{a*^W;AJ09xEm2P%ajQ@HxCjQU(A2VZrM7K$M}ZAeC4}Vs$IshBOxvm#
zViVH956|50$TE<K){m(+EX~u0Kw|~WiTBZ$z3aMksF{qU{ju%Sc`a((4sVYE%_oM9
z8Q@L2%Yj^=GiO-;+4YJ~XP%eT8T@sZ2f0oUKxE?)?_R2H^NS60duXQ~JW!m}Gn;^w
z!Ifx)SUhfoYgjeFbM|v=b{YNUz;&FL(Pee)NOZxkNf^D0JSG=}!0Ah2EqW=>hGmP9
zVq&PQN1xh(Kq<gsL+iL_@`QGV=}uD8pEs$QnUOQ!l(p$9bZmlS+xtiO_azZKujAdf
z3C^Y%7Lf3WZ+a{jyQaq|D<@IZvDJNpdiu#5oki6Z2#_9B%-@2g6m0L{AjaQqs9eM=
z;ZsE__{o|?O_Aj~8jykE+7<;LP}ZU`5j$zxOAT1NhIb8E^1rJUOqfTIRpt)?i^7=+
zA)B|q;Zt*;pFWqx{)=+Z(Bg_#PO+~n)cT^l4bs57sW9UYHzPAYwu@%Sc#$qDXV*Ob
zRThbFW5A!>Y$gszuFW(RqCa72KzSh2GLjl!dhC5@4~v%&W91(9(NP7;cp|m@ojeRH
zPTUQ>JPgbFdUSO|7jYUTP8sPjHJ{G9ZTBM)6ZBX{qnC+M@R7pLZ{un?vt+~Of6<X(
z<4NaNJrf6h)95l#r>UQp!3l3ZY9EGyV@Y>&{-!nRQXK~Sia!%&NjEcWaS;##wJy3f
z#f2kf@d0j_z9ps2(lBE37uMMzsx?HtNgJuiSdSx+RMo*a29kw~K}9IGMaT*8&${`f
z$qD#sVnIkFcf~ucM=lV7y-+$I2K3!Z3T69Oq?Ysi`~ONBzme#i0i-cI^m`Y?Zbh^0
zA|sl*p67*(jA0S46pK%0<>u_7HoN4#RX~!#ghO!#qsJ0T@}K)Mg#kF@FUeZs&uz1-
zOE)0_C%R^Y>jwR-s1~!mrGyXv;fPuoDP2*7w=gw(iy5X=H>WC~lmoo?Hj@a+bVp~o
zOdHQE$8#Q%)F(Ic1*KYC^Cc#@3IEDCvNN8J{a~^nA2}ab@W7ne?-aA-3eXiwft*f$
zuw6DJ=xK+1e#CR4S%Thm@L$Stfjs<#_T0OB7ZRr1C{#ZD#MjqQuF@-lDg<F^nM0vj
z>FK82KeN2m2ySetBYm=A?Je&zMk^qQNHp;*uI*e7*v8!_A&2tGlNt*9k!hGdNM5bp
zxi;Go56ac;9?^cMkTrX{GF3q!?o|OIY1mX*n9AmXX*pkAekq$8^o7%!$zUvfzsD+>
zvR+D+4|P>9JA($aMKMC=175K1%KLdRk5(0N4xW)bV=|Zi1qic4dRl5AMKkDc2DbtX
zl&|8OC3eDZ$Lpmnv#apgNmuR{M@o4wE|-QWG3Pw|wk%^7vMXNL(zktdiQLb#y^&E<
zBeHOLK8yse&@~`|c%4K@WWH;k5FhTQc{hqC-%pwlM$5dn%5(YPSLvNKS$ZJly@S7^
zcR(;TitI{G*FP;uwN7)Kv~WkD0E9Olm>SQfCX05xUM3!IrpX=$xP*;(OQ{ndgStbz
z4JQ1=wDUv?_*{tACLI0&Px#Iein$~x#Py#Nm99ZjO()s9iH<}t?FR8v!z&BjGN!B_
zemg1`!}ak}t%!`Au?wJd@7>iPWDQfBEyiHbc&*Tq^r&Vdv2Hl2>|}Mkg}Y_bvNGuv
zTS)l6?4?5Jg~Bo=igB8mY0?bfRA(kJew;LwxzR)K&xlQvCp(AAepq?{$fIKDJFveY
zwmx60FcBZxQV;5uxQIBll9xN#;(_H{kaoK6xh5i*<P=O+v3?2^wkNEOuOPNwb3D{;
zq>Tcg_x{oDg>@65zM(3ji_z<R)2*>a!wm{pV0}OWA>KJ-CMeZ1-=NM=L_l0m#=|4-
ze?5150qh5-y4nci))ejncjIIJ-8(KkdV3BYt!w!<^VoC{Kst&v>2dgF(3rFnsr;sj
zJoqRYpJb^eaP`)vQSL_`Tvi_j#k%nN5IFvYLhypVL1w>`+s)kBt~|hIZAzf@8oyK$
z#S-C7=6p5EdK}!o+_kUqnlOwcZx}^H2C<-la4@@TLRkw+`N^j}k7S8*sEukzjGL}B
zOQqz@V}9zOlEH4kLk79LCwCJ*7u8x`&IDpjcic1C?%n!&P`-Cp(mZO)c&STX)#$xZ
z{y4W^XAbcAV+{Cg`npI9cqxr3wX9SDpt=Ho2sdUp@FZ6rgmV3~CXD>Kq^T~-f6&@9
zM_?<(yO8daa1*Clp5jVb`(J)w2^CW|dD6w5r$CDng);{S^^lRzpBbKg`tgr;0vxci
zSKR-ogghX-G2uK0bi=UabGpEfZ=y82GImWsi6k|)9-BcAtLnFx7dx_a+)apm^Pm@P
zi^B1a*i+yjPa@iRI-Z>68M5@;VFPockDyuFH<xswd6{5|S40u!dDb-HZkB)94Eu?Y
zuBzIT_hD?q3TC92n+!d5rmU`;6F=>fHOU>smu!Q`;<MRG0XIa9yzu&y&^O!{@|PSN
zfn-aRkZ^}A;VQhy<BAzgmKV+&=f9-bT$%p3SgD5<5li#Lw}zNPleG1`yd(fvcJOnd
zS$zftXig~X#<1gu1=pzPAmrFeliY4w?-^%MRW2HNCmutHxStY9w_@|>^uyW$geI-@
zdkh<hcQGBrZSGvW>%J8FDtl?~2d~eqPMAw~pjGJ?^88OeRzYWJ!C!Bdx}ri@PMqHZ
zE<cDjKkc9oqyET{ShW(MkAVBU5*xh5XuQ&Oq+WtHDxqtF)kKOs<0*_UJiOAFgHPhl
zNl;U)QOd(psFx%o8NQSMSJ12!H2*VY6lscOq1~#OCt<$w+1DrV=a{Wl8;=6D9xGxJ
zl>E9{0J`f46Ud2w^D}050LGFUTMgf;KP)NFtn4@DR!KKR$$1e}A$A*vrq{{X=D0AV
z0!dbT`!6mSNWC+?5m3b&nZK{MTm&TVH>ACzxba&9E_rI)<~K<!##{nt%nIv^pjuqE
zG~@&cDVl3M!#9tuqJ0c9hl~!+2x8wF+XE{NSg}2cz!3(F${HR$H#fuZ*?K%yiLA9J
z0+7Inw}HV^_w&||?)ji5WSY$u!J~~LYh_Co2ya$-5)Zz009lX4aOvfuRmc$!LhLho
zbfra?{v9!l-yWZt7SIY!``mOiyLeD=vCN^w%W!x0U;6<7_}1TY-7^!<yJsuH;ghkP
z2AmR8&uKy4uKm<4WRY5e6*@@Ga3Ili*zr)skFQ+GotgLnMgJ7M1YoRBp3{r!E)HP%
z4v+T+wo3B`axfcilge_JPV4D%v{3(4%H3JqZOWm)lnqNfpYb%lZWVX)Bj@yJ6VF!g
zOYwbt0^r~QFhU=bPoT-JUK-+9t{vW;<UA;o>Lsy~<AdD20eNH}uoL3#^D6oi+9*Sq
z`56W~qauY#ok#9%GRJ#ftjH@K+G>}UAb?l;N$J!U|C7aF*GMU$1$nf8?H~LPfwun%
zTJ1FmA}vKePWXf<!S<&6CtH{@)tJJUJqVrsg}g8xmYJ>a&!VZ)YgQ$vXci9YNb&0#
zB6cApea7RGogTphrS;ghQK#yT=ddgQS#kjy@;0a3O2P}GO3}7@!O{wH^CU27+Twn;
z+cKrHo}Y2St1)d-h+GViKo_N`=@hl!KQ>641%nME?+i(P4IC!bv8QO<QA8x{`n=Cw
zaVu90U}w#e$Tq}o?N>Ll>ZAC@Aa{87{FSlNuXoM~``^eB7%5-L<UnGbiO%A6yUiZ@
z4~iE8c!hwxPgMJw)05Yd+_wp;O#ZV$(eNOL#sjoCQd7)#!%mk}4PNtSpD;x9Hib8N
z{JsL!fyn`aRv-k9P8*C?6=lQVhUl69Cq#dRrt9isIM?I46=@d-n6dMVE|&NCqY*_=
z0dg^liMbzgqIA#8N2(M{C#G>lSA<8@ZyE65rqbTHW?M5^VHrOD!6BXp2OWwAt=P+h
zG}czasMtTw0U4tMz@nDm7xi0Jj|_I&ccpp`FyO`HkNxc^lH!4k8Jeq!&#PvtQ8yXC
zaESY_w2nogl#P-Rte)2_?<LBeoDJ{3?Db(ulkydQR;Jd$!=A6F96K5RX&h6FZTyo!
ztft^INXKUZg_{(PSPWpXgR}a@O(k9rQi!sj2%{z4Ve60(0+59bR6<7hGZ~~Tg5dpt
z_oYoQ8}8PRdXOV^**@N8MW=BOXl|^80a(aab@Odew14xb33G*2q!917IDIN>h26!x
zr0flbac@*m4NWCQVPa^?j_9$-%9_4;`QqP@WT8A%=elBK!R<`$V8zE;NL`hNr7^-|
zYG4@=<xFeo-vyG_QScsw7WM1*t1bc>ksty;-f$y7mLITp9@|*W%Ybfc+dUPYoOEZY
z7&7r=iF?(Op~)Sc>P==)K}1SEH&+m(>BUHMPKgFp7V{<y2X5Eii`Dz&iXS_%z}@{+
zxhaK(u^*eDJU@F1raW~1W^~&T=LWxLR9(5RAE2`s5m*kh|A%25<}u#M7kbnZED{b)
z)sxr@@Fw<`2}#M5$O1v=w?;U@w~K(+_w4ETg1r+R|KeCkH)jn)ovF0&lxUqx;njZ`
z6_e1reE)#F8GK`TW(&~&zXKL5C;`8{c0En$8ZNiXSa&ohPd3YS^B{D<#VCV&0@`F(
zdP;1JVsYj7s<u~#x0lkPsc9n9{Abr{QQe8XV(sk7ehe2b7AuX}qc!e*Lbk56v7q?$
z(Gk9C3Uq;S->T7267#D6W`;9GtM4L24PLkU8>721+{{2>?V4B<Jj@k?1Q`qof&4Zn
zvwE+;)fiW&2Gd;^E_Y>kRI*~_?IT!CWi~y6qb<InFW6VBO{AAu8fOrI%1b0tvQSR0
zGsWCj>SS_ASTn+^mx&CzwKXAkWfKK}JvkdNP{S%w9HHfw&c{je4TPKK*ZFM~-S&@;
zK1#=lIF0eEB{gs0PLFPjh;|_9&@okAdfnH_D6;f^;^<#Bgm2pB=`L+59DT1JGqFJ6
z^Qq*k;n!SSh%D6JE_&R8W1Q7;_3>80ck(<WxnLl!{_2q^YUtL8z!-GrBD{rG%FiFd
zWs=T*k?IekU*jXf<8V(P<skQ3|BMf{N57H|cjW|_2YpR)@9fK<c=|jM4lno~dcLo9
z+TdrSo&~qS2Yp6L^bbw|@=kUpEv?(<Zw`QA8}_$*37q&TJ^ek)D<Km2^wl??N3Nc$
zCOMy0tAOA`dyvV4wBo!>1NN#9l$K`MdM|3H;|0a)2+c&J-ZwAp`ATr**)SBm!Vvwg
zDU&3@fuw5*jDuGvu#)Qt<HMQ5P7aN$ClTby)sDp(EpV=uO30L|(Jk;){S{>&xR_kH
zE9jpHRNHK}SC^@Q+eL`GkJE~yD`=fzViU~;#$zs${)%7Aj_-#U_rJWP{(<d9o&HLH
zTq;u5{t{GUmz?@J2upx&i5zCck*zD%1G>c}*W_Ae%z=pZ!%;IX_Z+@A_jEnVXk0Gf
z;CL@8LF%qD;?V4A#etov!hI<&lXdVLgg6H-NKa3s&Glv1aXH22CPU|x?G0Xyw6dGa
z{v~?)rb3gBy74MFSC1lavYZK{qNviVG<}?-;}PO5QUgNOJXwzstzcS~4>bxgYqQpr
zJLnTh&FK(9GRhH%a7QD<x1_8jxVczl{)+!hvfjd+Zl1?KS?CnujOtSx@^^oq>y>!&
zztEad4B>=M&W(43%miD*7J%#;GdxXLD0Ul)lx(qCQ*=^bV|~uv^Bf544sO;Q!+psY
zZ%C(J8_LzEUJAo)YD0#iV4{Kc@6jmH95-i7jcIBJNQ2M=h4=g@qhR85J%!)qrv01l
zShsCUtGhj&x_#IsW*RP1mGRe(scsc0u#4$9x=!Pa83(-|e571zvNHPix_M{)#0z`A
z%BLmsLCm4WNvKKRov*u9!Z2VsWPxp6CYQ5QeH_|>9g#y_^HNB6$DDIT&pdv0Fu+5<
z+W>o)?_X{Lul!A`<=u-%+OF%-X3R6o2OiV0*Pp^S;){ey`iHAD7v&jLg&Y6ibY(lN
zsshY!ASL{L*^}=#6>Zaj05nA-*y-&?RQt3yR62+hc|Pn{!cCC>e7JumEfWVllrjss
z`$faS9A#4_f$ddA7BMgudFXXlCF0nIqTIB4OHEDi*TZpEfJ&MH94!u#9H9w`P{dCS
zuVL*}%ubVe%XAP$_K|m3sKraq9HPwpLNPF_h=~M)g$^+R<YlFb$S>>GCss3K32En3
z6S%}Kj`Yc%8YF8P6G!x3?#Rn!8Dv~8k9tn2Vyx1V9(0;O?zz4{5}m;C!*J6&2|MTf
z6yUwQr)Brt1>08uj#y|Jp({F_Wi^Bt?jW!e{t8?>SpRQdmjorJ@KkV?!!vZLJ(3sq
zRU>3$<ghuwYrJp_-N`bpKo-nW(U)H##9sN)DA2zeGyO$DW`>imP%08u%HVM@ki!IC
zJ`xlwXV2zJ0))()AL@e4=(r5ji+}RLObAf7So7L*PDFNJv9m))!J_haG;9L<Q-2_J
z+|f&N`OQ3yWE`Lh5fAi>WC60riTNK=YKoI=`T*jcOXx6BrG7l1dn!2#h~2--19}IC
zJTkrU;OaIu&h>+L{q(pZ`y|FQ6vz4W|9G&UU^tjzn)EOxSj5qkoWz6O>J4M|B!dCb
z=@~wcY31SDnu7I8zec+R1(u~$i{}j+$d(1IgWh|n(+Yw(6@$O#le`(ubTtqeAvxwv
zgIq{by$h7-OFk}u(aFO-l&@4Ay3IB&y#~^>14jmN#5jGnIGD!lG1MN@R4+_}u`UZt
zy$de`i`+(CoZr`r9xN(~xns;fi*-18p2AlvkcMe(#q|n?%`%|)J_$p0hv+{)pB!B}
z>?k?)Y?h3-_mGes4^B+)ua*lG*w<-&DCUGB5o4fR`>HD|UTKhX8er#rJ?*y#Dx^zw
zv>7&8zVwM4uLQB6PL4$Rp?*TGd~)t=h9~bvuI)L7bXd6v#s?OffgvlTiy6KcJh%%G
zw18MmT!!#L<-sr_<Tx{><}bUPYI0d`pwNhFkt-WW^GIr=lCZgi{uNn8B?YWJF0~vn
z`Fm*G-=L5j%y@pHpzJ-JIHc~Vl!+{l?>Gv>FP$&eVB=Fem3j$z3^vKrTcNPiZL^p@
zb=moh*GGwv8fjy;WybC^0ItZ!4(GqU?M}Uos;!2@7@347$550>EcQR*#oN*U6pV>j
z=T`!&L-Q0jmVpzEaCLEP<$ae}>v#$`FEUBqcD$yFw^XsnBl+64j10LqhG<F3Pkr%y
zpi-m}*IDgV(|+2&NVTQ`1NCr35mEk=M(V$MmCeCF`s@!xG;ypc+q&l+hAIv6P8WJB
z$M%tN2XIyvw_9k7VPc?K8g%tv?<Cbwd`MS%iM$PbXT!u~$x<OAz}>!x2B6J&)jV(9
zeSS0Z+F6)}4W=-pHPF+|*_mW1iU+mVX+?ed#t}bT0S0!v$Pd$>9k0hXhV33)ppq}4
z!0s$hQCE@{qt7@;7fW`veq>Jj`(oCE+I1n=v5o`TZEbP~>rZq-Yh!~_W)q&2f0A9F
z>}ljBkZ(g14y7Q1W0*Ml4#kbuudLXGQ5O2v>jI5W`0JC5K_l3jP5BF$4$p;r9hEp3
zO0ltCsWl$e@viSfPXuo6yWxQ8i=W_vwh*^y$VP|%v5B-FKiYbocAhCmDVSd$ZG2kX
zl0NcN+SEI>O#f`P`+DhR5Px{ruX?s03uzFuBQath)M|FpO*oF5Fkd=745<#J{mNmy
zV8?)nE`;~msx$W#fHR~A!I1-?_RQ)Qbm=y61jwQvx>h|3J%rDk?GTQx=?V9%I=fFI
zmFAElPw>j3SQ5-rbl5e)(QHVXh}hq&nb=Sce}<=CxKy=>)Zm>HnDU&$8(J5R%}JUv
z1qzOGPDMsoT~M6%rhXPgiTmvP6cYXj0+MB~N3en3qBcz@X!|x}8LIF6|0JKaj7O3d
zSp-z{z7HS(Ps=#OkjGt$u>}(`pJ47YzG+*==O`RFh(V}Z-$(ky{PQ~6QIig-YfLYj
z<REn@99UDwWBi61+{loJ{T+i;M?Vc-;|`(~<$|pVcNLcwC6Q1Dva5w?AeJz;x`Cn!
z!56%{IJ8;1^OcXQ$)?&@ThnC?q!`U@MDM%@ok+=LN{^7M76cqjqNrZH;x7D!>%7wK
zlABT^_BQ={%7BjI04qUGn&!SumWogj`<z;xGY^-qM0|YYQ|^A^kzrH3ycHD}Bz=Ld
z`q6+Jw6PWI>?~3@VVednAi;}FvKqJ0GkAH2o6gwapjU_vml7y{u8}l;br?)U+C`Xj
zHPIc^i(uI3dN{(FRnVVd8Tfe78xNrtBE||$oY5n0-@CLiP`yz~4ug!vPCH9u$j*Mg
zi*hEOU41Wwbl$AIj&7M=q|D`(?o(t!v{!#bhH{qaCyw6M_>s3yWR!J=hC$Uf!8W2e
zG9AC+(7^3juUoFpn(tS^^e@uI5`{x9-&ZT})`4t4;8-2@MfPV8<!8n&mHy?g2tQu5
z@qob(jF#$h2rt2+Mb_vdnHUgZurXAlk0Y3Hq67B*-W>C=!;JD1BPydWt%><c*bR?%
zEU0j)BHCbl|5)7Y@cqi(&eRU>6~nL=SF9*%%Q8E-vWdBSVI<xb-QN7&LRe}rRnHhs
zG4MiV!h?R=9%64oqb#jRmDoF1Xw_?xPAS1qr8IX}lSjg#AZt1Jm7%>)X$^$8Pli;J
zqy6#&s0#(S@Z=CXShv)xYOgg?<84Kbl}vAsdztxE0R6_8my6@N8omHgs}5AmRN#I9
zK~RSan5Ni;hz@mH$B24I1Xsn?oJC@nGAqsT6`&uO2C@eDYP+*GX&wA($}T>ImyR3@
z!1}hl8h`et7kM$iss(JQ`_QF{IldY_p93yX=NryXt>ZVcXn2(jLNC+4P8bl}SydWK
z?3Ux5?ThJv3E^#a^2o8{VyZCw{2EGSBub$m%#tzAZI3AJE1162E@r@{bx!G$mD#g$
zn``Pe(C+IlCLE$Ul$ux!qkBeTCcRqrO?T4mzxg&}CaArcB0DjyM?Ewuxl%Xy%h3ui
z0nc|%rFLU<lsBIR4lb4J<b_JbW}jJ<S!{I0F_yj7y>q$;vR2F=kQYUdfct??%b2mv
z8^<>oEDIT568PYb94eqc0dnrOjcU!`kN1W$oeSs}&Tcpi&*nlZHj-vs0OuIgL6Q<g
zP@Pe^S*)nmmz}`xz|ffbks<jEeXSKP=~Si%LZp>edD2JTFpV+NbH>C=i8R!(uT%g$
z!5}{|jsc4|Z>fX(P50fw4@UX3`I5vZPyt=N2Z+c3Nsu2H8UJG@>>Ml?PT};8SBlq2
z(~~VSbr5_HiR=qY<Nl&w_(}Eh!sMPu;Kqa${+nE@ql!xs+fLsdKSRMGw<gM3Galp_
zI!OgqIi7=FJgEsTyAua@{)T0<G~V)=os9bJa4$KRD`sd1jP$W9k3K1#m*P;573iDe
zKPnvYAknl2-`pVOy^wld^sTd|iI-u~#pb9$?G+KMl<l;WVurXur0#pdBg~0eqy?N{
z(_NktrTAF7Dl+PV0wHW9QWYxCPb(u)Lz9MFw~tch6^ci`*Oi|-{O&a+rl2Tv#fGPU
zi%|pya)2faEpl<r-q|yuAIFu~JpYcaUnD%Qfv0wTX+osCuIG~~9d$h0-16YvRHQd>
z9ZT++p&n^%fuVK=L4(bRQsaa<Sz^1V9ykM#`SxqM%95kDyuzB4oO_^*-a+j%yMl=l
zUx%Ez;yyitq+21%C{_DPQ*y7gNMoj`2q2TB^c(l)aeLzzyhz`rT=MR#SX?)xiMc+$
zKLjt*{j;Y<5864?+$UJa-i`;AzmGZ8JgIG5#9SW5U<{tXv&slKlk}zo3rng_*J%zM
z<K2pkAhYP|?c@$i2*aK-AHT`}3E+@2*(WdKMB_+RUUq(Z8BpT0D(p!3wB&Wk?t$<C
zpN1cPZ|hRtW;c|t)F=TGW&m&Sz*U!7*p7r4Q<E3?NdZWlY)(lh+v>oQ-Z~F)@JTU(
zY$0gJM}R;<F-88eAB2BVmeDVcFJvlZjVC4$3MMM!1ajvX#!n7R8g;}4707rT?TolT
z7ku6>#50DUq>K*)736npvya|fT6-4+Bzv`5xP{e|!;ifPsS}CGASXh4aV?MF`yW#P
zF^#mpcMc`11QZrni$|{8fnePN=N0Ia0|1!Kqls16<BNh!SZl_#V38DnzON$C%~hz?
zY32>e+bWBWJ=Z5f`HQrtxMOYHBpa$}rH-S^#^^@WYu7<hs(eMo4kUANtjL}XK+&c-
z+lqna!(~inYd!m)WuTj_$zQ-pEaCPSr3+vvv-n$Q@~lUAp-ib-%jS-0D$ojevKj&7
z<3dL*zBqPUGNeCv|5;Ls9wa%KTId5HTKmd{`_`wAef@<l^V|@7wmeKBtq}NnC>ax?
zx)02x@+j0uM;CN+X<_N-Q}k^)uRCmgbs9$4{(qoUd?iyoT`Ze&Ph9H4s0xi%mhO#6
zTm{ggll%!d8YWQrTX22mHZ2!fP6?)~ltN%J#^aLO%9K4)t;PNg_%5a}avKWdfDHu_
mKGal`NiOJ(dJyVdvx1Z1NIqTODvoU87-x;59NuORu>vk~-Uqh;

literal 10324
zcmV-aD67{BB>?tKRTDVLy#gfH-(y_Mjy4?vF&&O%0G>H#U)y_iplwfS-qaGRPylv+
ziVmQZ8#O2*BUAwbe_beW@vGyo@6qr0@X;P3vM1}BQqs!=-95vaROO@Y>_PSvkS0el
zH^->IncNcii@|3w)Jl;X;%JX!Y(E-Ld%qG%2Y1O0;3vFPZsCO=W0<O2{0m1Ix}*;i
zK4f;l)(6hWBMfGtx~-HGkxVxa+RPP%k^wJGhK@8~!f?J4q2)`XgSm5Z+-u>j%HE=n
z5yHp+V-IyV8=6(hZU@ANp*L*|pfiG1J9PbXyI7wi+z79yi|7{S9T%4Q2k-#cpV-Rp
z)(c&hUt#SS|EqN>-ZU-{8=27D9J6h3Ze~?Q%~lxY!v}s$yAqUBS2VWnXhs^&9o4XU
z1IILcRjYBB$C{0k?iXr%mWC@>duCN!(1JSeVD|kxe){rUI{(#Dzz_}8X=xJ)DPp|5
zj7dSbcF2N&Xk&KLdM8j0%=@O8Pt~Gwgs}g`g1dD}FYl44d;{urqXoYXvgxm5NveZ&
z^E&OnvEN7WzNfn50IS&5uW!Pe8B$+nX(neDre8hnv-2=Fcp;u9835-JO_cJb1_61j
zfct$;$UDdbI@HQ&Q@H5nKio_>^d5^q-kyeFGuy@`j6UC5amjgSR_fM2a~qbzsdvPO
zJ=RM2l_C~zLzG<lTeis3p0;fOuGYB_n8#Vmd6#y^uy+mAqs`#w;0K(~b8sUPoS$L5
z5lVaHSZT0^v{de=D>X>2qRy9Y#yh>y8p(GQL}@rzTZa&!(c56se*YK%<=K+dZGg@U
zigK9EHQ`b_GXn0HbvqmaAtqC)qs-VW^0S?g<A$U;Pi5ZfPZ06?608tQtS*`P-E_dD
zY8v<Fp%_?17NXg`R+qlzV%Z+~|3k!4s#|z^qZqxrmGl7bL2?h>?NgmHpqx$7Rj*HE
zNPPrJtB96l8wa>#*D73tZ&iU1;=D=;(H~=p7>E!uV-`n&A&u@+i(w(?P>L^Hjnv)l
zNF(3D`Rket2cI{u*sFnEpG`EhrGU!zC_U9wsnq(~Q>6=uNPzF=WwwF6;qGg=btd=y
z2Tz)I3Gf4tRH?5K{U6%_fK3vxHZnkij+2`Vw(;+xe|6-?iMyN-kHK+hp)(fA7PKKl
zeBeSGWgl<G^-UN04eo$su{nj{>?vq1vB9&PcCS!KUx#HirZUd)8s{$LCcR4A2*rj{
z@MQ_V#M&8IBRY+)D4(C+XbNyDhg&glD|bjZZ__jzR{U(m#|}n_l}zKHG|kDnMyw#S
zbm>oBqsd>NGNPv~@p$Y|JKdW2@fbT6e``l)^21-2*H=#Tb!UngFfCrsn<|{AqGm?p
z=LIL>>M&fk72zlk5Vu;PjhE`M!FH3}_)*6>6;S`+L$>avXqJ9G+2(-5z^Nl9>CVgo
zwe}7xRkEAm;S#GhmduE885?i>J{P{aBdd9w0a669|B+YB8EoZ-@mH4qDz8|^^R#a<
zGqvEkQ~wB@B^ByafhZQuE|HBNBb?PUD$Z7GuAA%cO3*iw8lPvdodPybFCkw0+PLHN
zYKwMy?9!=x@OhmOKXM9Il(fn@3Hg%_`t}y0dR4PLy7qw9PY1E@?j|Q{B$;4Kli1F7
ztDh9jq@-A>@~-1mRwGess&nZ!(GCTH)MvD|IXUQGA8rWgC^Im`nooX$wPsQ4B5e}n
zFcw%b&QTDM7|3_bZ45cYUlDhv@daA9OEjOKAa>Z-?n^&^WH!-(&A}2V3A6$Uet!8m
zCYiz)bv+e&hAulboFhU)9MDa^lX=p+p_0&oTK&k3nr<0(3z2BV`y8d<El|D2bH?6P
zH4?LK*TWy~=W^u^r}1=Rm=Tmrjgi(I1W6~qaL}xEHOxF&+3NDel?`WdI-lyt0bD3d
zOxNC`FQ3LZ@-~W|hJ7$|r63)w7g!uA(eEV*ui8Liqva$tPNS-+_MOvSc})Q0HkI~3
z;Fl#T&Dnppe+nx2fS`NHO~YMVPgfZ@c9P)=$p9l$@UB~1YsAe}b)-ouuLD2*gIQs?
z(vIW9umL)rj~V_&V6V<(Ut~@!Tt1VUP7dtM;v=JP$7?Ba)v$^!smyX-aGV`qi&eFR
zq1&{;XS0LtYdU4oJ+mme#Ys;@KW2;T>mR_pm2GJ=w4i|ir=lzoK{;N^^zIt2(<97p
zjt@vYuXlWkn~fZ^F|CD0GfH9u3w1OdQlS=e6WAIlJR;Q!VoN{Zc}E$_{`_cUH&H<t
zMCsV)%-O6Rso4HQQfP@ntmMT{bE~i_UIiF8whmDB(_wvZ6<fR0i!t03I##X=lI!%a
zoFR1_xN|)@nP<V6{rm;gG~~LVElFxpPJ9t<?XGG(;}^e>EUR^M9z{)qo_3J+{Dwl>
zA*2gQ)K%)s5pJ~$sy^XPWVBGY64z-(nBEn6o=FRkGKnY)wDSbC16I@xzQ&&nfja{2
z1`B@zy*cCX%XRkbI2|b{HT&}&iHM<@D7p~d_bS@Zy8(nnIci(ixz47L=z3(Wy|{46
zoOK^79G<1kk{VjrGo%C&hMp^9%$%$al{Dwk($uS>EmsHyLr1z=!OM|q4j8PDt)Jf7
zKP3?X$2JdetJu{gOma481%d*_Tr`7QlgB_9o*c%i+6S$tNR)a9dz4g`cR7L-*eC1U
zPXSSKReG0%=lp+&2?iKx$xaL=4ll85lg}SiucsYjIN;L)Zm4-x{2*oPhuwpES1uQX
zI~@J_!qKl&{)E1`y&EaT1rF>{1-(JAYTYSZ(FVOWN};(_wdx<6McN{j_QA>y2)*<0
z4@!*qqJNBxqe1DMNOTLF&w<AH=PcJ<rzA+t^5H-u{^Z9^Sc}B22qV=g@PX8&q*H+b
zBPOwO?(nUl{oG7BafkJU2?l<b=Fe0lr@AS*Z>KU#e(tFS{^L6<h^M_MR{1)r6U1Tl
z<C*vd&2&+?gU%x6e77Uaj}Fxf=3{V1RNCJhTMU+S>p+;@H`3~}m4M3ys`?*@&P<AZ
z{_WXBWh1BMX(ESP-8~8taO^|#u2S(a)|7WYu`mpZ%wPQ3R0?Bw0C=N*KIzvcm6*cX
zl3e*3JaP(7qrbube31`Dj237?suNdl?70qO5gHqse_oA7E%23I^)k&=soI1UU74{B
zwQ}DcS}mJ+`Z6)_{7%9j9_NYqValk0{97NEOLRs&wpFW$A|_&r)Ii=k=$-KAJH4I`
zm!$9~z4ei2JZ}w37lx!xD~{C3<|6D~AB+_xAuVVDRP`-mz?`M6@DX}=f#uJEpf1-M
zjipW0T>XZ6yt+{;1M7$gB%p9xx7WVGBB&m!9H^NkG^?Ug#&2pvkKt<++!$Zk@#pom
z_V5Gab*9Tf&EN=05#jOLJVu(W>oN`>KM6pV>jP-sTvmk<%KUfQt3xyF79a-_$NZph
zEN)B~5Nq8D3w3I4MDwxNDQJC;ck2Ori|g2L#6H;!Y1p}PKOF9NBgrrjck0Lx+4Ok^
z)DrF`LAI$4)ZMPNv<-qGOar&MN3BCS1LIVZ7Ber~d_@&pcP}IHP{5h9eo7841ui0<
zQBuY&c@79RCV4l1E)15ngPjO*U2;86Mb|E5{ekA8{lqEw{~GJT1>^}}G>H0%_W?6G
z+M7epaUMz4JfH}0H0%S~gI%i9=B@#i2_(hvp-C~fs8PhkY9T#2?gNy6u-?EykDb5|
z^P&@E(ZnI~A)2y?)4P&diI}YnWHXHR*NUp$uMB<66dd4B*UM-37}nHq^rJdel0+F4
z`*nd)JE}kHpDr%EW5yQKISBK{Tn;L}jT0j@EVS}6l$5I$P#PCFqy&GseNajR?`9YR
z=~DfG)TBub!Ai!HIf>ucmMb~yFr@gYTI@3GvXR4fTt%aecPgg~rF4qu!9X}%0qV+m
z)3eQoz;8(fvJe%|xWVA!gBs0lgA9$~7(3wQFR+dO)mJ~tj@gIL-h8~X-`71P__$^p
zDzubb2VjCQE?N8w)T>aw*KM~;Kf9>jX;R*S6GA`kAs>k)6!aA|O(Yt6pm<^`gGl$|
zJRRSm=9}xYV)c$69R4=r<s8fDcCzuqAOPyg0cXmv&=PC<TqVch@r11BCXsJ+memkn
zuH1F9{bpdwBl1I^kP2IlC=Mnoo;eF@z!T{=NQN0~0MZFgF$-7!=g*ln5Z5KpJoL~_
zup5A?m8B5S99Bpf#23fpA!u!)gYEO^f$I+|^nsIGq{dmS=41T&*1>EraUb)0M^Km4
zcsoE@(K4G)s(KD%?D?7bR0_}IUpRcta?@qVtzlRI$swew4`NZA^_ok?EY(D;%)t!V
z9?rg4{br*9L2!9713;LH360?ed7HxJbKk#cKEBH7CFV?eMVpOtEYu0BH~R3fybV8?
zNjKN63IMW`xBr51CrW8ap`BAL39wbLhTNF1j|dIfIJg6~m9C>=x6w&_P%GF9s>5|U
z)S;J{{pGB{8s_yW35s>V<osxO#9T@#D<<@;>5t072pD7Y9GY)#mT-TDVIAWx!e8o$
zjBlE=5)uHTDV>*>@xyKqiPqCQ%Vt^etPg)$l4a=wbjHcs>!iQn5>D{0l%<2tUd#Xo
zCCmPA3<LTExvgbFCvqZCVGn~%e<@yGV#*E(#fWLW4aa<=IDuQ5Tqie86LH@W^z;?M
zv7*9lt6VuAbu#s3J0Mi~s;D9X=Wg==@e$;>(=&}w`9A=;B4L|YN2%Qj@E}v(F>F8<
z>VbWgQ$xjUxdu0$)Adniu>De`KyjOHDRR`UIuahGf`8}~X?!a`0gBBm7rp)}=r+b`
zc2@hRp*|o%BbAiN8%?><3MjcG27%qB#+xrkyE5?okz48TpCgR=AXSYr&?y`z6F)o5
zas^63>#frlI-+biw4;&xo0Qg%wlE9#Iin~t^8MmmPy4Tl^h?4$2U{_Mo?3uQOA52#
z{dL~B&?S_kz(OvZFT(;42$)d!`sFDmx8D+u;Zgxomrknd?Ej34dypb<`Ou{Hy@i$C
znvBv@-KaXwx(_#)usMV*cm7R-w+7tPkJ?akynF*({h$S;02%wjNbRMnRV@y14z@60
zQ9Uk>5z=v~zgI@?*08b;B=Nf&9S=Jom00q1=1S#Gp|mAg2?2rwoE>w@VZ+yWBFJX(
z@T}tFSv$P^felUYOLdcy*W5;z)*dS*#&a5<J=wV;HIhzDwPT=@sV`etL+3E*ZvV3@
z0xo#EY}iezkk%rF?6uP8>9K<o#B{z)zWVog!ne2SgL;uCihTFXErRyB=0$71phwc(
zBDndfcz_;^Vy2h^Yr&H6spZyEJS@D|npf{`kA`P*GCN-QfjIvC;)v&?;oxmbx?Wq+
zDj2w2bVf^7k_o@%cg3?-C0-^13K#!E2CLj=zo^v?uWR@|!_%UFa|arcuuNvTffsk$
z1rHs~?x?$jk|yZ&`UZ_?b6Xj7?-segvoglAFU^bmHL#x}^4uU0wo~92mb^N8uDQeh
zfCeKaM3slu>_b{|M;P<J_yL^}+`0NmPkHeU<K|q*P+hB``u5r;Eswa*)T+;$$!??k
zdCbXDehy_+Pr;%hyMPN2al14Yz;OJ_-BRK%m97vkp&z4bK2wh<cEyvqrrSchmR<9k
zF46H}ZTJ_%Ye~b^J$=|`x1GhxR2$<1^W60D3+q?n*+`+WIBONY@>?lItP>32xu1lr
z_HJ8&&8la|7zcC>&gE`#0V(>OiLH%_SM`;`$F1>F<(W$Y84t?&>cgypL-tOGlK36a
zpho+@`gx2O^gn~;$N&o=qFhF$98Fk*$N%h6Zf%z8$gZA_A738D%`t?|NE`a;;NdJq
z99)NXVN7nm`ta`TBEun=Uk9~|EKt1+<&dyy^8kR}nor>#iMsk^250XHQtwb@gyU6s
zgGyZci7);Nxe3pJ9kZ}7C*Cz%S*_I*izwDL$<^ozBN4^kN)nJMZc=KuVlt7%KVh63
z>2Xm&Q-D_tXrHH;l_H7q`3tp40qniEh3x~LO8G$?D>WH|;*l$x=RS~sQBrom2tf^G
zU@sH`RtN8`{*<;};eBP;7YWxvO=L2}8H0l**InXS<@s4zaE<~JM1)aI+nB^O_vt^I
z(&ja8b`L@A^mG1?u8wNO+=LEqZ#wAnjA}Yd@L|U6i5ws5TkOM?I(F~ic<YAySs0;i
zEAm?U)PWrt;@D&N61uD<3j$UuMn@ZzjhB!5{R)sCm*q7|7BWn-jg%-yTp=i395^?-
zqCmUxVzFxDGbhZQgIb(#L^gW2)bO2jV*d0>#63~ge9w~CJe$enMopV_D;tp+P#MTQ
zpYCdeSC5Q@VBupJzM&mrf;xgm^kLZEr;)$q%dGz@lfQyK0tibvifvJoS@LDxn{*x*
zSmL!@@m~M)LQL|veBMRC66>%*7^MO%j?`oW{kavx^a)|4Z0JZX=(l@%QK_)2fw_HQ
zqj4ZHtzh+xs)H*ImsL}sV}tya+_=f)rcM7ghZGWw1C@JJ0}vd_t$n+ma?s+nKFl+s
z#y%iM^Vo0PJA39fUaZl@PpK6Iv$zT?QEaG7k9D-2Z2-Gas8-(FrNL=P%57FCY6qWn
z+*4VYA#nJn4RM2)BDl+UbQfC~wN5cOdcYP1O?-0YPkC(ALVezI48u*AG#lrj)-Qj|
z1EuL5d=E$Y@h;*FcAG+RSUVv&0qOBA5D%gfNikOvN_6vL6~x(<iA`LRwXZ=UyjX8O
zV92qJ#`UaWxee~g*(V0PXf|yVDhpn>KP-xw{TkoF5c}D^9Y<8()99Zq{ahum-f&w#
z;d9Iu1?OllhzkT<pYe47@^2JIsG|P~6kUY(ua*;>e+j_qJTDvB2XFmJi9(Tyou>(`
zc9(7k5zn%D^u?!<4G~@&GLdx*rTz}EhwQJ)`~f`K|Fx6-%fhi-;Aly+4eH@1fPCDE
z3FQYn(o!;@7nC_+?QLTfAdLWAuGRx6*jp}fc{$z1BT7IL6!UcDB?t}MF*2{;>ij*o
z3e@A8tq=r+PBKoZC6UR``xjObAgJ`&UWxu56@Itw9Q6-lyX2F77{Qv7yrp|Z$~InV
zDoBOxaJn2gQR>;@-1aUJ=`0r>r&CpFLMB!zM|j((3mJLhzYzz68G>Owu=&@`-$I~e
z5q}aSi*Oe_XK~Ua<0f*c+uRGZ$XFP^nTYIy4#OT+;z9yEY&wuiU0ve(s1fjUW8UAC
z)XBW*Lw93@)XstiWiH#Dy&v5Z4$$T~{~sc_kAIgO#Jn1o$vHX%SE&1N!_96DyCVG=
zR6{7!?T9GAVN>R=Ic9gV|3J;C)ReMDbN@XcnzEqXVbv8QT^<vh6;?bVYZC)|H*nJt
z?$e5j7@p0xO582qz~R33HZ~e`M$GT`v_N6#>8e^pqrn$hzCP!Ae2kr|LF65^keQKB
z2mOYpjv|)Ce@u`KX~ks%Z34Cqpc8<CmbYB64dwnPU(=H3v=(|Pe0ZWUbC|_IA|Arc
zKFxAfgr$`XxuU}$Vsp^k(?1bzGy#eYE_9XEWVnfEt)`yy2hx*e<>2l*-<0hM-;z>M
z)rD7stUS7ayG3ancGPdJ!&69~Xt{SQvSd_v=`ND*EsJl@9C78VlNf^h+|n=Lr&)<U
zY{i|(+U+}CPA^E9sqVM&0uS}=RmKa0EtPprrxAk7b-qN#IV^M+#uvv$sta9}7}IMi
zR^X~@l{7+`i9U~yH+j<Jph%3cuH_wO>AmI5V2ulpM~HNnO?>FVlAxMwHD{<?0V~)+
z?!RWmIB+8%uNVIOh%rq4OgW*_czo*-oi_U(RDje@93H-+1m5Iu^ID20$GA7ZKr^P<
zS23?INjV>}=35@vtIZ2*kdAAw!nhefqZil33pth;<Lu**e8v-U#}5NKD*DB!o;$oC
zy}2rVdp}-49^Bqdnx_Rq&xU_9qU-w-#(o^#rHFPt^))N?99b5_6jMs!?no1g)X=k{
z9!AM~kzfUQ<~%$}oEbiq5!vX{U}-1Gsx4_;knKeoU>kLMRgNoGn+4;}_+T6X0h;^A
z0S+tR&lhe?aRSx}5IXj=o)yZ?5p=<wAFCB}iF5E5+-46v&(eI*@?8Y1W_#EQHEU3w
z#x7QyV}~QLxgftl!kUm~Au;+zwJ9@W{Hoj<<|&JY?J=+n7sMKm*U*)=;G$tP(|Yo!
zI}6kwML(IB<XX5w3XrO*7TFg&+UTEXY(_zJOm9M$+>zlK@2D;HQ`|db3`7Hs%xjCQ
z8SawLOL-$VZI4jKJjWDFtW4ae$E9M?Mlp+I2Y~<-t}gR?9#N&p5HB<$nEvt*Q%z>y
z$AWC`8T|0$>;9@fY928(z3*~8SBA<@9E+oVx!C=l*$)&2AFbFEw{vNw2r+v<XeB0u
zwFE>1<qCTkgI{QyZrgTXBVVGl_+S#{=*X2mhr#Z_*=lRd4JsmYdfG%}1^Y5OX)@8C
zq=D!AO%8C4+Rf49q$TaCA1SYWd#Ksj!p@D>Z`SDcU%h@=L<E;kDh-ZSq<qbcZZeSw
zJME@J@wi%B@x#0gN<?&>RQ~B1o~8nw&JZp0_Ono0vWIjmS<|8~gxK{TR;F365PYd$
z0)L&BjM3}FW%}eWPbI9h<Q$f_u!3ogv9s>?c>6RJFbZV<9$v}N*-03v>(VSX3;d2m
zi1Hv{VZ};1W}~SMLIs7Z!0V<s+>?hXVPdsjCgjUOxz9h#M%Z?op3ImrY_RG1-*NRI
zM{b!*9|x`{n#A?N(4J=n^t>H254Q0q`qjTG73}hv>x+lWE<~5=4D>NkoBaF4awum`
z3LmC9;0nCBVw;uYlx-Rx<odU_iq7W&70(jP2Pv@t4qApv)fL((O`uF}+!Sehn2o%~
zRVjBHr5cvS*Zafmu5d@ZcP|?ZB_)MQUwa-5;JJ<H3a#y~uo&ia0wCni$?`-34kwV4
zeZv4nxqT=`w65WHrGMCrPr-(U-8kND$J>*={3)LiuwqmC6Zw1}B5s$PVpPrMDwYLc
z{-bztbw~S=V2S#Uv~4#1dWT>+3cN+&&uIH3<RH|JGdzNl1F{ikSi9<ZSP0S7W@kNK
z(KP4z{P5ILS~PY)GZlo=WnK6zZ36(9xZ|EJcpkTt?1Tu{i_hrFsUXP7mm-O@P=jjH
zW7?GvC;Xt6#uow@_qDauzCP_b9B++1%_^lkzWt<snKQ`wK*LShDA=-2xAv$X9LcSV
zJ6+tVVXQF1!&WOTgSdRE-y<X}CsKD0sHO0H13ED|>L`-dk~>~f5dtJh5{c4?IYMkf
ze{SAd2dWegpOCvXlq2`=Q>O}SEbq%Pu_D^rP;i4!zv&3J&f?>SP#G9WL3=G6lgH9>
zMo?YUZLZBX?;I4wh6J+44cL)0UJ7;D^8wdvjm{yJa?uo8ew6c33HHxUQ%UAb4q`T&
zklHj<y@ielrOkl*N1K4+N48te(0Kb5UwN-nF`NBitfQ<-Q9gt}nOU{<%K>3)GnAX`
zY3E`tZdCMzEgUK+mr}X7Z$0DNX01$J(BNlE5DcWAOn8P<^8c_m+Wv}ePJPDyQN*{{
z226FGT=`DUT=#)v3<3u6o!QqoWf{@Rp4_Z>hC8dBE%3;nUeFVU8m1|b)u6(818tJc
zsQ!C^M6Hq%{5r)q7QyQ~QncTMglpr>dgvFFK&8;$NDEJdii-pL_%m;wY$cc-$_G-o
z7eLkiny9?YL=oELv(uYD%G(|dgVD1DL6ug)hI|vo3_X|Y{10D8i(H=vt|`JduF@=?
z#}PT%QmqXPHd9zjM-j1yS>Iz|#!m3_(IA9H0lt0OW~%SeqEFv!x#pI{$Xeiozef7L
zIJGqqM+k|`Xs57#fKW!+78Hp<dpc`Wjzz_QJ-~qF^KPVLJ2U4-=LoVyQui$u)5%Qm
zp>K%RDNlh_e0m*;2e^ymdj~J^K2XaPzmd{3spj`$tU74raE;6&SBT>jmD&@WU?()g
zHb4v_E?|f}R|mYA8<^B;m~an`8Rt(Y_B4VOoE-`*!|+lk8?(q8xFCr+nC-47%F?}{
zN<K?>9})?zmVjWTv$m`YOS;4D?fBSpjo(bHMR_<<LGJ3toT$lThaWZO$i{GoX{_|D
zPqMQ<r?hdB!aWBe{OdHfefK#|#{Qtuj!nD2R<2J)apU<(Sd}mIo)VwtQ;y`)Jw`!4
zMisrhA0h%f9mA#m+1q$RMmMtG+h}qtSEQ`)KJ{>VY-p;Yw`*MoPzJBBgQmO33+I+K
zb7?$1nD;%)SP^axadH)7CF=7Y6uq8-8f-43JsTLtRkpplSSS%B<ko_2ZjVVW><D6a
z_^It(y>bCpFe{1f-)qudHbu&j4W|Qe*P+Mq)t5m>J=tz?pOdIm8c0!^$M%W-Ve==1
z@ee|Rfp_T;L4$3+?N5*81;OIV<EWZ(T*kFp7>ErBXRE&=$!Twt&_S^}ayi%>%jZ}u
zfq^Yru3VL8W8^1;g43WOrl#FWWtuPSW`gSF`flC>c{E~Km!`6q5jad`s`BAsN8H2j
zh&DkEyu<n=MJ1fJ0H$?`ZETdU5?=ThfW}`2<ejFQU`sFv2d2acVbKExeW0}fRvA_3
zJE?`RGTU72(~Wv;*hDF5-3(vTdu7FZZyPWEu;?k36eTGM?qIWgqniBS-ubYir&~1u
z%yT|DB7N-aAC~Vk5{?k_FL|eyy;`Q=r$f*lr_^5X#Dx{%BStQJ+^<DL0=;S5Q;`>e
zNaEnKb!z|-kth}3!2bAHKP*I8c-SD)ZXB#(=#bUB=yXRfCF5s)LQt8Oo8J77lvdCa
zIP?Q>cgfD+{*g8A03ssk`fX}J8Lz4m_*ES|u8^V<aC&B~dCS~?ayjN9(dk;*Gu(!T
zVzq@G=igVW0n7CV+9~Ohch38habXs0h_aQpmhSGdq^o1<yQPGR(Y5+qXm{GVuX$D+
zu}uUnKxA-0b!PFP1_IE=U|yv^M{|ly;FILs*!8C!c!T$Ix(M+h3n&WggHpm*@FRvi
zzV{YVQ<XU?k#PF7;@e?a%-;cEhIK6U0xQIxa2d15;m5P6DKBgcj%5)M?%_g|;6?p(
z0z1OtmYgVdpt$piiHpznVYt}rSHcJix-$yHM(yWplWcaYp(FhcUHZ%*C%J?5Mcb(i
z*|pKRmiJ}zn}j&8Ny)ubw{{T(-OjOb()z9FwFLb9jUm>*F8ttTxi>shF6GPbxK)Ha
zHC)3<OSR1;UF#AFh<3jgmN>+W^{%>nie^kFWD5t4y*#@GWilAKk%0c{+ZSQPM5o{8
zOqwoe8zGHjNfV}J4sV0?+Yw)t#S97%i`)5{OjqsJ>9<S7nzUZQ*AKN>LJk<Hn+(MD
zPW+n*m-JKF*W`-~NVDH!zg>!iKl!>(ka7F%?d`5cjInO*G!|WXmq}r`(+mlazDa`R
zLFX(Ui9Z*156)%zK$-|-Y+rTcFac`Mq;uaq_gd_eE9STRW9wtV)}Qq-!Ed@Y$yJty
zrh39r45jl2+H`RKs3~{PA2N$$YI!3*6V_No6MEH!XB3kw|M#ZDV{H(ghpVP^as#K!
zqHn=Y3T-P9&8Ezxj<GqohZ4gCX5oL`90pMxa)BOKyo(yC7@=aGlx<yY8Rg={sW9ux
z8*XZ&0%<g`M}T$kCz}#1ps_>D>HFem{$<$jwv=-5k14|`FIL;}SN9kPFQtroKhzT~
zILjq*v6<GVrw;NiCEdB3ZG~N3Unag3e0lLJkvrx3dh2=t)()h~<ZCUe3u$v#<Jmd=
z8?v=k3%6DA0&hXd6)9JRt~OD49L?c_dKA0Br5FfwmEp!xqH;x@LW}Yz`rY9j<xDO1
z1cq`s)8#dV1=cvEX|HS9)QgCF#CLKroz&KN2l8mP15=b9>Q8)jk<e6l>0^%vY@CEE
z3_%rLYp)bCV9nL`4IfwU`&5UX=$NSK5_M??5}+-eZnjCS*-l~by|6@z1(J$G5lx3=
zXR99FP8%MXQv7>l8&v;mVvB9A2)2Biuu7p<GF`}PNqDv~`OEih%+7RDF=8j)rJXSY
z$NoObG%T{Oyxk_e13{X@UI|e`u3t=6J2B}>_U6=h(6;B}@f3T<dTRGYpneYti~7Q;
zIr{2EK%%7T*<*~L4Dh9(2MJXesTwA%125J=;MF_P!phX|4~6a3KU6@h0V(}CI~Kw|
zS>eU~>}K;7><_`R{J>N*=k#=*dGb%hYhw>8WupgE)(DQV=N=t()7pA2&uusye&GNY
zdFq?=Id8rPLrgMr_1}J+^f+b+aKm3Ar}9M5dm&b-#7VIm_4KEfZjD1QkDsEbZ~HtO
z^6Aad(SpdwX@uiKykWuKKQ__7wObjY<G$%bp!bBx4UrpOmguxj^K6oxD`W*113sbj
zxda{K%@$Is*2!y~=$Au$XDW|%A;Hf<Gm-FrUfnqAh2<>3w?JBBq<PzELBW_h0<7~X
zkJ@Ejd&xe_T(mM*2N>@i^?1E9+`An&F0D{38N$}py9|Da{onTst4{xBitWAI_VB?N
z=_Bo2KE=9!vX*}MpXvl;jWYM7$~)tEn~&p;XJ8^a?lx;@q#lFZDB*!)&Au>*V(z{I
zR~?@)SZ7QL&Z-@(5qR{YYv7uogW`T*<*CPqMuf(Ld=Ke*uBcB5r6gF8P&i@Sn(Ti&
z;IH?<r6{1*V<kTA1+FJY{eqa2fSy~GYr~fZPyomv{L&dyYoBP%pQy20OxUXhVfc9Q
ze~k?Y@)pdXXsi$AI^*J$7NokxUtm!gydZX+x!E}D_yL4@h9?*(A#YusFM=_Aq#<5~
zm$~VmBIo?tNm^BVhS17+&Mt518#NINylog-wMN0^;r1LILxf7H;J6){c#xbWF7(7K
z^T3BhHquZqGVmSghtQq}6g_FK7cb+Tg+rS?BE#vy<Kk=lu-XW<qwQW{T2rGI@p11%
z8(a{CI@RWWzEl>>Kx@8t^VGeeb|{Kls4`hc^x|k4A6@zjqn@tBEJExu(|?<pe!(Ks
zsF0OXMonyb0&3QG%Zv>!pbOiW<@mI^bXBBl*J3^CT1=t1bRFGJ_M3Ldzy8;3>A0ZB
z*iY~33P<Y>*w&9q&u<*M9>moKXSfg+c@kLbse+Wc66P`7iVp{bM5w%=^`W`ZlkNXd
zEMg(+v5|_av+sqTE@)KXZllS>@STBw?DSYV88#KYyY>g`GIkHVZ=A00APP!Ot^wE4
zp^(cAb9`%w{TV_dh2WCXp$Ued$uBJs&mq5`ZF-qA-Oo{I#1zTce2*Zn{-yz%`6%-O
zu@ccfTjORs1g|tse`tr3wMNh5DxMprO>$`GUC%_bS~xb%5$u6}=x$3g0yD`DX1?HR
zZgf87xD`_&SS=vxplv(Pl*&gx(m7**Weizp%G<=nRhxwtVx?h0Aw63foOyx`6Fw8J
z{ftmv<V`RRry~yO!k?eKeKraq@z6u&1pu39i)pvk)*c%vEy^3Rm-0f+kvz*b|0hKj
zGJth^VR-Z4o8!Gbb)5dEr-r#6xU}Q~bMKT7w^42#&ImYQ>$Kg;cpE&W52f?VSo{L^
zh*nO|Yl-Me-2{`w$S$O)at@<ZuBUy&S+X(Gf38u7C0AMfaGM)re4!n~x5>xhiA@+(
mk{}gQ<$PWIvGl*&JlJ&TT4TOTw|N(T42Uimww>3_rV-bFw;@CT

diff --git a/tests/test_credentials_async.py b/tests/test_credentials_async.py
new file mode 100644
index 000000000..51e4f0611
--- /dev/null
+++ b/tests/test_credentials_async.py
@@ -0,0 +1,136 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import pytest  # type: ignore
+
+from google.auth import exceptions
+from google.auth.aio import credentials
+
+
+class CredentialsImpl(credentials.Credentials):
+    pass
+
+
+def test_credentials_constructor():
+    credentials = CredentialsImpl()
+    assert not credentials.token
+
+
+@pytest.mark.asyncio
+async def test_before_request():
+    credentials = CredentialsImpl()
+    request = "water"
+    headers = {}
+    credentials.token = "orchid"
+
+    # before_request should not affect the value of the token.
+    await credentials.before_request(request, "http://example.com", "GET", headers)
+    assert credentials.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+    request = "earth"
+    headers = {}
+
+    # Second call shouldn't affect token or headers.
+    await credentials.before_request(request, "http://example.com", "GET", headers)
+    assert credentials.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_ctor():
+    static_creds = credentials.StaticCredentials(token="orchid")
+    assert static_creds.token == "orchid"
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_apply_default():
+    static_creds = credentials.StaticCredentials(token="earth")
+    headers = {}
+
+    await static_creds.apply(headers)
+    assert headers["authorization"] == "Bearer earth"
+
+    await static_creds.apply(headers, token="orchid")
+    assert headers["authorization"] == "Bearer orchid"
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_before_request():
+    static_creds = credentials.StaticCredentials(token="orchid")
+    request = "water"
+    headers = {}
+
+    # before_request should not affect the value of the token.
+    await static_creds.before_request(request, "http://example.com", "GET", headers)
+    assert static_creds.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+    request = "earth"
+    headers = {}
+
+    # Second call shouldn't affect token or headers.
+    await static_creds.before_request(request, "http://example.com", "GET", headers)
+    assert static_creds.token == "orchid"
+    assert headers["authorization"] == "Bearer orchid"
+    assert "x-allowed-locations" not in headers
+
+
+@pytest.mark.asyncio
+async def test_static_credentials_refresh():
+    static_creds = credentials.StaticCredentials(token="orchid")
+    request = "earth"
+
+    with pytest.raises(exceptions.InvalidOperation) as exc:
+        await static_creds.refresh(request)
+    assert exc.match("Static credentials cannot be refreshed.")
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_ctor():
+    anon = credentials.AnonymousCredentials()
+    assert anon.token is None
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_refresh():
+    anon = credentials.AnonymousCredentials()
+    request = object()
+    with pytest.raises(exceptions.InvalidOperation) as exc:
+        await anon.refresh(request)
+    assert exc.match("Anonymous credentials cannot be refreshed.")
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_apply_default():
+    anon = credentials.AnonymousCredentials()
+    headers = {}
+    await anon.apply(headers)
+    assert headers == {}
+    with pytest.raises(ValueError):
+        await anon.apply(headers, token="orchid")
+
+
+@pytest.mark.asyncio
+async def test_anonymous_credentials_before_request():
+    anon = credentials.AnonymousCredentials()
+    request = object()
+    method = "GET"
+    url = "https://example.com/api/endpoint"
+    headers = {}
+    await anon.before_request(request, method, url, headers)
+    assert headers == {}