Permalink
""" | |
loginpass.google | |
~~~~~~~~~~~~~~~~ | |
This module contains a loginpass backend of Google, | |
and a ServiceAccount requests Session. | |
:copyright: (c) 2018 by Hsiaoming Yang | |
:license: BSD, see LICENSE for more details. | |
""" | |
import json | |
from authlib.integrations.requests_client import AssertionSession | |
GOOGLE_API_URL = 'https://www.googleapis.com/' | |
METADATA_URL = 'https://accounts.google.com/.well-known/openid-configuration' | |
class Google(object): | |
NAME = 'google' | |
OAUTH_CONFIG = { | |
'api_base_url': GOOGLE_API_URL, | |
'server_metadata_url': METADATA_URL, | |
'client_kwargs': {'scope': 'openid email profile'}, | |
} | |
class GoogleServiceAccount(AssertionSession): | |
@classmethod | |
def from_service_account_file(cls, conf_file, scope, subject=None): | |
with open(conf_file, 'r') as f: | |
conf = json.load(f) | |
token_url = conf['token_uri'] | |
issuer = conf['client_email'] | |
key = conf['private_key'] | |
key_id = conf.get('private_key_id') | |
header = {'alg': 'RS256'} | |
if key_id: | |
header['kid'] = key_id | |
# Google puts scope in payload | |
claims = {'scope': scope} | |
return cls( | |
grant_type=cls.JWT_BEARER_GRANT_TYPE, | |
token_url=token_url, | |
issuer=issuer, | |
audience=token_url, | |
claims=claims, | |
subject=subject, | |
key=key, | |
header=header, | |
) |