Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Credentials implementation supplying an ID token. #234

Merged
merged 3 commits into from
Feb 8, 2018
Merged

Add Credentials implementation supplying an ID token. #234

merged 3 commits into from
Feb 8, 2018

Conversation

kryzthov
Copy link
Contributor

@jonparrott Here's a primitive implementation for #130.
This adds everything in google.auth.id_token as I don't know any better.
Could you advise on how to structure this better?
Thanks!

@theacodes
Copy link
Contributor

I changed a significant portion of this so some else needs to review. @dhermes?

dhermes
dhermes reviewed Jan 19, 2018
View reviewed changes
google/oauth2/_client.py Outdated
@@ -155,6 +156,49 @@ def jwt_grant(request, token_uri, assertion):
return access_token, expiry, response_data


def id_token_jwt_grant(request, token_uri, assertion):
"""Implements the JWT Profile for OAuth 2.0 Authorization Grants, but
requests an OpenID Connect ID Token instead of a access token.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/oauth2/_client.py Outdated
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
token_uri (str): The OAuth 2.0 authorizations server's token endpoint

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/oauth2/_client.py Outdated
URI.
assertion (str): JWT token signed by a service account. The assertion
must include a ``target_audience`` claim.
Returns:

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/oauth2/_client.py Outdated
token_uri (str): The OAuth 2.0 authorizations server's token endpoint
URI.
assertion (str): JWT token signed by a service account. The assertion
must include a ``target_audience`` claim.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/oauth2/_client.py Outdated
Tuple[str, Optional[datetime], Mapping[str, str]]:
The (encoded) Open ID Connect ID Token, expiration, and additional
data returned by the endpoint.
Raises:

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/oauth2/service_account.py
self._token_uri = token_uri
self._target_audience = target_audience

if additional_claims is not None:

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/oauth2/service_account.py
delegated_credentials = credentials.with_subject(subject)

"""
def __init__(self, signer, service_account_email, token_uri,

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/oauth2/service_account.py Outdated
google.auth.service_account.IDTokenCredentials: A new credentials
instance.
"""
return IDTokenCredentials(

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@kryzthov kryzthov mentioned this pull request Jan 19, 2018
Merged
@theacodes theacodes merged commit b649b43 into googleapis:master Feb 8, 2018
@theacodes theacodes mentioned this pull request Feb 8, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhermes dhermes dhermes left review comments

@theacodes theacodes theacodes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kryzthov @theacodes @dhermes