Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add JWT credentials #21

Merged
merged 7 commits into from
Oct 17, 2016
Merged

Add JWT credentials #21

merged 7 commits into from
Oct 17, 2016

Conversation

theacodes
Copy link
Contributor

@theacodes theacodes commented Oct 14, 2016
edited by dhermes
Loading

(Has #8 as a diffbase)

@theacodes theacodes added this to the 1.0.0 milestone Oct 14, 2016
@theacodes theacodes changed the title Jwt credentials Add JWT credentials Oct 14, 2016
dhermes
dhermes reviewed Oct 16, 2016
View reviewed changes
Copy link
Contributor

@dhermes dhermes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love how test-able this code is

google/auth/jwt.py

The constructor arguments determine the claims for the JWT that is
sent with requests. Usually, you'll construct these credentials with
one of the helper constructors.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py
Note that JWT credentials will also set the audience claim on demand. If no
audience is specified when creating the credentials, then whenever a
request is made the credentials will automatically generate a one-time
JWT with the request URI as the audience.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py
signer = crypt.Signer.from_string(private_key, key_id)

kwargs.setdefault('subject', email)
return cls(signer, issuer=email, **kwargs)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py
issuer=issuer if issuer is not None else self._issuer,
subject=subject if subject is not None else self._subject,
audience=audience if audience is not None else self._audience,
additional_claims=dict(self._additional_claims).update(

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py
'sub': self._subject or self._issuer,
'iat': _helpers.datetime_to_secs(now),
'exp': _helpers.datetime_to_secs(expiry),
'aud': audience or self._audience

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py
def test_sign_bytes(self):
to_sign = b'123'
signature = self.credentials.sign_bytes(to_sign)
crypt.verify_signature(to_sign, signature, PUBLIC_CERT_BYTES)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py
assert not self.credentials.expired

with mock.patch('google.auth._helpers.utcnow') as now:
one_day_from_now = datetime.timedelta(days=1)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py
mock.Mock(), 'GET', 'http://example.com?a=1#3', headers)

header_value = headers['authorization']
token = header_value.split().pop()

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py
None, 'GET', 'http://example.com?a=1#3', headers)

header_value = headers['authorization']
token = header_value.split().pop()

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py
credentials = self.credentials.with_claims(audience='test')
credentials.refresh(None)
credentials.before_request(
None, 'GET', 'http://example.com?a=1#3', headers)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

dhermes
dhermes reviewed Oct 17, 2016
View reviewed changes
tests/test_jwt.py
SUBJECT = 'subject'
AUDIENCE = 'audience'
ADDITIONAL_CLAIMS = {'meta': 'data'}
credentials = None

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

dhermes
dhermes reviewed Oct 17, 2016
View reviewed changes
tests/test_jwt.py
@@ -302,7 +306,7 @@ def test_before_request_one_time_token(self):
mock.Mock(), 'GET', 'http://example.com?a=1#3', headers)

header_value = headers['authorization']
token = header_value.split().pop()
token = header_value.split('Bearer ').pop()

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@dhermes
Copy link
Contributor

dhermes commented Oct 17, 2016

LGTM

@theacodes theacodes merged commit abcd3ed into master Oct 17, 2016
@theacodes theacodes deleted the jwt-credentials branch October 17, 2016 18:23
@theacodes theacodes mentioned this pull request Oct 21, 2016
Closed
12 tasks
@theacodes theacodes restored the jwt-credentials branch February 22, 2017 23:16
@theacodes theacodes deleted the jwt-credentials branch February 22, 2017 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhermes dhermes dhermes left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@theacodes @dhermes @bjwatson