Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add fetch_id_token_credentials #866

Merged
merged 1 commit into from
Oct 29, 2021
Merged

fix: add fetch_id_token_credentials #866

merged 1 commit into from
Oct 29, 2021

Conversation

arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Sep 14, 2021
edited
Loading

fix: #865

fetch_id_token creates a credentials, refresh it, then return the token. In this PR, we refactor the credentials creation part in fetch_id_token method to a new fetch_id_token_credentials method.

Note that we only support service account credentials and compute engine credentials, not user credentials.

The usage is:

request = google.auth.transport.requests.Request()
target_audience = "https://pubsub.googleapis.com"

credentials = google.oauth2.id_token.fetch_id_token_credentials(request, target_audience)

# Refresh the credential to obtain an ID token.
credentials.refresh(request)
id_token = credentials.token
id_token_expiry = credentials.expiry

@arithmetic1728 arithmetic1728 requested review from silvolu and a team as code owners September 14, 2021 01:27
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Sep 14, 2021
busunkim96
busunkim96 reviewed Sep 14, 2021
View reviewed changes
Copy link
Contributor

@busunkim96 busunkim96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Could a test be added for the new function?

@silvolu
Copy link

silvolu commented Sep 14, 2021

+1 for test

@mik-laj
Copy link
Contributor

mik-laj commented Sep 14, 2021

#590 is it related?

mik-laj
mik-laj reviewed Sep 14, 2021
View reviewed changes
google/oauth2/id_token.py Outdated Show resolved Hide resolved
@arithmetic1728
Copy link
Contributor Author

#590 is it related?

It resolves 590 partially (it doesn't support user credential)

@arithmetic1728 arithmetic1728 merged commit 8f1e9cf into main Oct 29, 2021
@arithmetic1728 arithmetic1728 deleted the idtoken branch October 29, 2021 18:59
gcf-merge-on-green bot pushed a commit that referenced this pull request Nov 1, 2021
@release-please
chore: release 2.3.3 (#903)
e6278a8 
🤖 I have created a release \*beep\* \*boop\*
---
### [2.3.3](https://www.github.com/googleapis/google-auth-library-python/compare/v2.3.2...v2.3.3) (2021-11-01)


### Bug Fixes

* add fetch_id_token_credentials ([#866](https://www.github.com/googleapis/google-auth-library-python/issues/866)) ([8f1e9cf](https://www.github.com/googleapis/google-auth-library-python/commit/8f1e9cfd56dbaae0dff64499e1d0cf55abc5b97e))
* fix error in sign_bytes ([#905](https://www.github.com/googleapis/google-auth-library-python/issues/905)) ([ef31284](https://www.github.com/googleapis/google-auth-library-python/commit/ef3128474431b07d1d519209ea61622bc245ce91))
* use 'int.to_bytes' and 'int.from_bytes' for py3 ([#904](https://www.github.com/googleapis/google-auth-library-python/issues/904)) ([bd0ccc5](https://www.github.com/googleapis/google-auth-library-python/commit/bd0ccc5fe77d55f7a19f5278d6b60587c393ee3c))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mik-laj mik-laj mik-laj left review comments

@busunkim96 busunkim96 busunkim96 approved these changes

@silvolu silvolu Awaiting requested review from silvolu

Assignees
No one assigned
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

In fetch_id_token(), return token's expiry along with the token
4 participants
@arithmetic1728 @silvolu @mik-laj @busunkim96