def root(): jwt = flask.request.headers.get('x-goog-iap-jwt-assertion') if jwt is None: return 'Unauthorized request.' user_id, user_email, error_str = (validate_jwt.validate_iap_jwt( jwt, CLOUD_PROJECT_ID, BACKEND_SERVICE_ID)) if error_str: return 'Error: {}'.format(error_str) else: return 'Hi, {}. I am {}.'.format(user_email, platform.node())
def root(): jwt = flask.request.headers.get('x-goog-iap-jwt-assertion') if jwt is None: return 'Unauthorized request.' expected_audience = '/projects/{}/global/backendServices/{}'.format(CLOUD_PROJECT_ID, BACKEND_SERVICE_ID) user_id, user_email, error_str = ( validate_jwt.validate_iap_jwt( jwt, expected_audience)) if error_str: return 'Error: {}'.format(error_str) else: return 'Hi, {}. I am {}.'.format(user_email, platform.node())
def test_main(cloud_config, capsys): # JWTs are obtained by IAP-protected applications whenever an # end-user makes a request. We've set up an app that echoes back # the JWT in order to expose it to this test. Thus, this test # exercises both make_iap_request and validate_jwt. iap_jwt = make_iap_request.make_iap_request( 'https://{}/'.format(JWT_REFLECT_HOSTNAME)) jwt_validation_result = validate_jwt.validate_iap_jwt( 'https://{}'.format(JWT_REFLECT_HOSTNAME), iap_jwt) assert jwt_validation_result[0] assert jwt_validation_result[1] assert not jwt_validation_result[2]
def test_main(cloud_config, capsys): # JWTs are obtained by IAP-protected applications whenever an # end-user makes a request. We've set up an app that echoes back # the JWT in order to expose it to this test. Thus, this test # exercises both make_iap_request and validate_jwt. iap_jwt = make_iap_request.make_iap_request( 'https://{}/'.format(REFLECT_SERVICE_HOSTNAME)) iap_jwt = iap_jwt.split(': ').pop() jwt_validation_result = validate_jwt.validate_iap_jwt( 'https://{}'.format(REFLECT_SERVICE_HOSTNAME), iap_jwt) assert jwt_validation_result[0] assert jwt_validation_result[1] assert not jwt_validation_result[2]
def test_main(capsys): # It only passes on Kokoro now. Skipping in other places. # The envvar `TRAMPOLINE_CI` will be set once #3860 is merged. if os.environ.get('TRAMPOLINE_CI', 'kokoro') != 'kokoro': pytest.skip('Only passing on Kokoro.') # JWTs are obtained by IAP-protected applications whenever an # end-user makes a request. We've set up an app that echoes back # the IAP JWT in order to expose it to this test. Thus, this test # exercises both make_iap_request and validate_jwt. resp = make_iap_request.make_iap_request( 'https://{}/'.format(REFLECT_SERVICE_HOSTNAME), IAP_CLIENT_ID) iap_jwt = resp.split(': ').pop() # App Engine JWT audience format below expected_audience = '/projects/{}/apps/{}'.format(IAP_PROJECT_NUMBER, IAP_APP_ID) jwt_validation_result = validate_jwt.validate_iap_jwt( iap_jwt, expected_audience) assert not jwt_validation_result[2] assert jwt_validation_result[0] assert jwt_validation_result[1]