def test_id_token_with_include_email( self, mock_donor_credentials, mock_authorizedsession_idtoken ): credentials = self.make_credentials(lifetime=None) token = "token" target_audience = "https://foo.bar" expire_time = ( _helpers.utcnow().replace(microsecond=0) + datetime.timedelta(seconds=500) ).isoformat("T") + "Z" response_body = {"accessToken": token, "expireTime": expire_time} request = self.make_request( data=json.dumps(response_body), status=http_client.OK ) credentials.refresh(request) assert credentials.valid assert not credentials.expired id_creds = impersonated_credentials.IDTokenCredentials( credentials, target_audience=target_audience ) id_creds = id_creds.with_include_email(True) id_creds.refresh(request) assert id_creds.token == ID_TOKEN_DATA
def test_id_token_with_target_audience(self, mock_donor_credentials, mock_authorizedsession_idtoken): credentials = self.make_credentials(lifetime=None) token = 'token' target_audience = 'https://foo.bar' expire_time = (_helpers.utcnow().replace(microsecond=0) + datetime.timedelta(seconds=500)).isoformat('T') + 'Z' response_body = {"accessToken": token, "expireTime": expire_time} request = self.make_request(data=json.dumps(response_body), status=http_client.OK) credentials.refresh(request) assert credentials.valid assert not credentials.expired id_creds = impersonated_credentials.IDTokenCredentials(credentials) id_creds = id_creds.with_target_audience( target_audience=target_audience) id_creds.refresh(request) assert id_creds.token == ID_TOKEN_DATA assert id_creds.expiry == datetime.datetime.fromtimestamp( ID_TOKEN_EXPIRY)
def test_id_token_invalid_cred( self, mock_donor_credentials, mock_authorizedsession_idtoken ): credentials = None with pytest.raises(exceptions.GoogleAuthError) as excinfo: impersonated_credentials.IDTokenCredentials(credentials) assert excinfo.match("Provided Credential must be" " impersonated_credentials")
def GetElevationIdTokenGoogleAuth(self, google_auth_impersonation_credentials, audience, include_email): cred = google_auth_impersonated_creds.IDTokenCredentials( google_auth_impersonation_credentials, target_audience=audience, include_email=include_email) request_client = http_core.GoogleAuthRequest() cred.refresh(request_client) return cred
def GetElevationIdTokenGoogleAuth(self, google_auth_impersonation_credentials, audience, include_email): """Creates an ID token credentials for impersonated credentials.""" # Import only when necessary to decrease the startup time. Move it to # global once google-auth is ready to replace oauth2client. # pylint: disable=g-import-not-at-top from google.auth import impersonated_credentials as google_auth_impersonated_creds # pylint: enable=g-import-not-at-top cred = google_auth_impersonated_creds.IDTokenCredentials( google_auth_impersonation_credentials, target_audience=audience, include_email=include_email) request_client = http_core.GoogleAuthRequest() cred.refresh(request_client) return cred