def _update(self, rapt, content, access_token, refresh_token=None, expires_in=None, id_token=None): if rapt: self.rapt_token = rapt self.token_response = content self.access_token = access_token self.refresh_token = (refresh_token if refresh_token else self.refresh_token) if expires_in: delta = datetime.timedelta(seconds=int(expires_in)) self.token_expiry = delta + client._UTCNOW() else: self.token_expiry = None self.id_token_jwt = id_token self.id_token = (client._extract_id_token(id_token) if id_token else None) self.invalid = False if self.store: self.store.locked_put(self)
def _refresh(self, http_request): self.devshell_response = _SendRecv() self.access_token = self.devshell_response.access_token expires_in = self.devshell_response.expires_in if expires_in is not None: delta = datetime.timedelta(seconds=expires_in) self.token_expiry = client._UTCNOW() + delta else: self.token_expiry = None
def _refresh(self, http): """Refreshes the access token. Args: http: unused HTTP object """ self.devshell_response = _SendRecv() self.access_token = self.devshell_response.access_token expires_in = self.devshell_response.expires_in if expires_in is not None: delta = datetime.timedelta(seconds=expires_in) self.token_expiry = client._UTCNOW() + delta else: self.token_expiry = None
def _create_token(self, additional_claims=None): now = _UTCNOW() expiry = now + datetime.timedelta(seconds=self._MAX_TOKEN_LIFETIME_SECS) payload = { "iat": _datetime_to_secs(now), "exp": _datetime_to_secs(expiry), "iss": self._service_account_email, "sub": self._service_account_email, } payload.update(self._kwargs) if additional_claims is not None: payload.update(additional_claims) jwt = crypt.make_signed_jwt(self._signer, payload, key_id=self._private_key_id) return jwt.decode("ascii"), expiry
def _create_token(self, additional_claims=None): now = client._UTCNOW() lifetime = datetime.timedelta(seconds=self._MAX_TOKEN_LIFETIME_SECS) expiry = now + lifetime payload = { 'iat': _datetime_to_secs(now), 'exp': _datetime_to_secs(expiry), 'iss': self._service_account_email, 'sub': self._service_account_email } payload.update(self._kwargs) if additional_claims is not None: payload.update(additional_claims) jwt = crypt.make_signed_jwt(self._signer, payload, key_id=self._private_key_id) return jwt.decode('ascii'), expiry
def _do_refresh_request(self, http, rapt_refreshed=False): """Refresh the access_token using the refresh_token. Args: http: An object to be used to make HTTP requests. rapt_refreshed: If we did or did not already refreshed the rapt token. Raises: HttpAccessTokenRefreshError: When the refresh fails. """ body = self._generate_refresh_request_body() headers = self._generate_refresh_request_headers() logger.info('Refreshing access_token') resp, content = transport.request(http, self.token_uri, method='POST', body=body, headers=headers) content = _helpers._from_bytes(content) if resp.status != http_client.OK: self._handle_refresh_error(http, rapt_refreshed, resp, content) return d = json.loads(content) self.token_response = d self.access_token = d['access_token'] self.refresh_token = d.get('refresh_token', self.refresh_token) if 'expires_in' in d: delta = datetime.timedelta(seconds=int(d['expires_in'])) self.token_expiry = delta + client._UTCNOW() else: self.token_expiry = None if 'id_token' in d: self.id_token = client._extract_id_token(d['id_token']) self.id_token_jwt = d['id_token'] else: self.id_token = None self.id_token_jwt = None # On temporary refresh errors, the user does not actually have to # re-authorize, so we unflag here. self.invalid = False if self.store: self.store.locked_put(self)
def get_token(http, service_account='default'): """Fetch an oauth token for the Args: http: an object to be used to make HTTP requests. service_account: An email specifying the service account this token should represent. Default will be a token for the "default" service account of the current compute engine instance. Returns: A tuple of (access token, token expiration), where access token is the access token as a string and token expiration is a datetime object that indicates when the access token will expire. """ token_json = get( http, 'instance/service-accounts/{0}/token'.format(service_account)) token_expiry = client._UTCNOW() + datetime.timedelta( seconds=token_json['expires_in']) return token_json['access_token'], token_expiry
def get_token(http_request, service_account='default'): """Fetch an oauth token for the Args: service_account: An email specifying the service account this token should represent. Default will be a token for the "default" service account of the current compute engine instance. http_request: A callable that matches the method signature of httplib2.Http.request. Used to make the request to the metadataserver. Returns: A tuple of (access token, token expiration), where access token is the access token as a string and token expiration is a datetime object that indicates when the access token will expire. """ token_json = get( http_request, 'instance/service-accounts/{0}/token'.format(service_account)) token_expiry = _UTCNOW() + datetime.timedelta( seconds=token_json['expires_in']) return token_json['access_token'], token_expiry
def get_token(http_request, service_account='default'): """Fetch an oauth token for the Args: service_account: An email specifying the service account this token should represent. Default will be a token for the "default" service account of the current compute engine instance. http_request: A callable that matches the method signature of httplib2.Http.request. Used to make the request to the metadataserver. Returns: A tuple of (access token, token expiration), where access token is the access token as a string and token expiration is a datetime object that indicates when the access token will expire. """ token_json = get( http_request, 'instance/service-accounts/{0}/token'.format(service_account)) token_expiry = client._UTCNOW() + datetime.timedelta( seconds=token_json['expires_in']) return token_json['access_token'], token_expiry