Skip to content

fix: add fetch_id_token_credentials #866

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
arithmetic1728 merged 1 commit into from
Oct 29, 2021
Merged

fix: add fetch_id_token_credentials #866

arithmetic1728 merged 1 commit into from
Oct 29, 2021

Conversation

@arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Sep 14, 2021
edited
Loading

fix: #865

fetch_id_token creates a credentials, refresh it, then return the token. In this PR, we refactor the credentials creation part in fetch_id_token method to a new fetch_id_token_credentials method.

Note that we only support service account credentials and compute engine credentials, not user credentials.

The usage is:

request = google.auth.transport.requests.Request()
target_audience = "https://pubsub.googleapis.com"

credentials = google.oauth2.id_token.fetch_id_token_credentials(request, target_audience)

# Refresh the credential to obtain an ID token.
credentials.refresh(request)
id_token = credentials.token
id_token_expiry = credentials.expiry

@arithmetic1728 arithmetic1728 requested review from a team and silvolu as code owners September 14, 2021 01:27
@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Sep 14, 2021
busunkim96
busunkim96 reviewed Sep 14, 2021
View reviewed changes
Copy link
Contributor

@busunkim96 busunkim96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Could a test be added for the new function?

@silvolu
Copy link

silvolu commented Sep 14, 2021

+1 for test

@mik-laj
Copy link
Contributor

mik-laj commented Sep 14, 2021

googleapis/google-cloud-python#15222 is it related?

mik-laj
mik-laj reviewed Sep 14, 2021
View reviewed changes
mik-laj
mik-laj reviewed Sep 14, 2021
View reviewed changes
mik-laj
mik-laj reviewed Sep 14, 2021
View reviewed changes
@arithmetic1728
Copy link
Contributor Author

arithmetic1728 commented Oct 29, 2021

googleapis/google-cloud-python#15222 is it related?

It resolves 590 partially (it doesn't support user credential)

@arithmetic1728 arithmetic1728 merged commit 8f1e9cf into main Oct 29, 2021
@arithmetic1728 arithmetic1728 deleted the idtoken branch October 29, 2021 18:59
gcf-merge-on-green bot pushed a commit that referenced this pull request Nov 1, 2021
@release-please
chore: release 2.3.3 (#903)
e6278a8 
🤖 I have created a release \*beep\* \*boop\*
---
### [2.3.3](https://www.github.com/googleapis/google-auth-library-python/compare/v2.3.2...v2.3.3) (2021-11-01)


### Bug Fixes

* add fetch_id_token_credentials ([#866](https://www.github.com/googleapis/google-auth-library-python/issues/866)) ([8f1e9cf](https://www.github.com/googleapis/google-auth-library-python/commit/8f1e9cfd56dbaae0dff64499e1d0cf55abc5b97e))
* fix error in sign_bytes ([#905](https://www.github.com/googleapis/google-auth-library-python/issues/905)) ([ef31284](https://www.github.com/googleapis/google-auth-library-python/commit/ef3128474431b07d1d519209ea61622bc245ce91))
* use 'int.to_bytes' and 'int.from_bytes' for py3 ([#904](https://www.github.com/googleapis/google-auth-library-python/issues/904)) ([bd0ccc5](https://www.github.com/googleapis/google-auth-library-python/commit/bd0ccc5fe77d55f7a19f5278d6b60587c393ee3c))
---


This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@silvolu silvolu Awaiting requested review from silvolu

2 more reviewers

@mik-laj mik-laj mik-laj left review comments

@busunkim96 busunkim96 busunkim96 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes This human has signed the Contributor License Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

In fetch_id_token(), return token's expiry along with the token

4 participants

@arithmetic1728 @silvolu @mik-laj @busunkim96