Skip to content

Add JWT credentials #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
theacodes merged 7 commits into from
Oct 17, 2016
Merged

Add JWT credentials #21

theacodes merged 7 commits into from
Oct 17, 2016

Conversation

@theacodes
Copy link
Contributor

@theacodes theacodes commented Oct 14, 2016
edited by dhermes
Loading

(Has #8 as a diffbase)

@theacodes theacodes added this to the 1.0.0 milestone Oct 14, 2016
@theacodes theacodes changed the title Jwt credentials Add JWT credentials Oct 14, 2016
dhermes
dhermes reviewed Oct 16, 2016
View reviewed changes
Copy link
Contributor

@dhermes dhermes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love how test-able this code is

google/auth/jwt.py Outdated
The constructor arguments determine the claims for the JWT that is
sent with requests. Usually, you'll construct these credentials with
one of the helper constructors.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py Outdated
Note that JWT credentials will also set the audience claim on demand. If no
audience is specified when creating the credentials, then whenever a
request is made the credentials will automatically generate a one-time
JWT with the request URI as the audience.

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py
signer = crypt.Signer.from_string(private_key, key_id)

kwargs.setdefault('subject', email)
return cls(signer, issuer=email, **kwargs)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py Outdated
issuer=issuer if issuer is not None else self._issuer,
subject=subject if subject is not None else self._subject,
audience=audience if audience is not None else self._audience,
additional_claims=dict(self._additional_claims).update(

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

google/auth/jwt.py Outdated
'sub': self._subject or self._issuer,
'iat': _helpers.datetime_to_secs(now),
'exp': _helpers.datetime_to_secs(expiry),
'aud': audience or self._audience

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py Outdated
def test_sign_bytes(self):
to_sign = b'123'
signature = self.credentials.sign_bytes(to_sign)
crypt.verify_signature(to_sign, signature, PUBLIC_CERT_BYTES)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py Outdated
assert not self.credentials.expired

with mock.patch('google.auth._helpers.utcnow') as now:
one_day_from_now = datetime.timedelta(days=1)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py Outdated
mock.Mock(), 'GET', 'http://example.com?a=1#3', headers)

header_value = headers['authorization']
token = header_value.split().pop()

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py Outdated
None, 'GET', 'http://example.com?a=1#3', headers)

header_value = headers['authorization']
token = header_value.split().pop()

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

tests/test_jwt.py
credentials = self.credentials.with_claims(audience='test')
credentials.refresh(None)
credentials.before_request(
None, 'GET', 'http://example.com?a=1#3', headers)

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

dhermes
dhermes reviewed Oct 17, 2016
View reviewed changes
tests/test_jwt.py
SUBJECT = 'subject'
AUDIENCE = 'audience'
ADDITIONAL_CLAIMS = {'meta': 'data'}
credentials = None

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

dhermes
dhermes reviewed Oct 17, 2016
View reviewed changes
tests/test_jwt.py Outdated

header_value = headers['authorization']
token = header_value.split().pop()
token = header_value.split('Bearer ').pop()

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@dhermes
Copy link
Contributor

dhermes commented Oct 17, 2016

LGTM

@theacodes theacodes merged commit abcd3ed into master Oct 17, 2016
@theacodes theacodes deleted the jwt-credentials branch October 17, 2016 18:23
@theacodes theacodes mentioned this pull request Oct 21, 2016
Closed
12 tasks
@theacodes theacodes restored the jwt-credentials branch February 22, 2017 23:16
@theacodes theacodes deleted the jwt-credentials branch February 22, 2017 23:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@dhermes dhermes dhermes left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@theacodes @dhermes @bjwatson