def test_id_token_with_include_email(
self, mock_donor_credentials, mock_authorizedsession_idtoken
):
credentials = self.make_credentials(lifetime=None)
token = "token"
target_audience = "https://foo.bar"
expire_time = (
_helpers.utcnow().replace(microsecond=0) + datetime.timedelta(seconds=500)
).isoformat("T") + "Z"
response_body = {"accessToken": token, "expireTime": expire_time}
request = self.make_request(
data=json.dumps(response_body), status=http_client.OK
)
credentials.refresh(request)
assert credentials.valid
assert not credentials.expired
id_creds = impersonated_credentials.IDTokenCredentials(
credentials, target_audience=target_audience
)
id_creds = id_creds.with_include_email(True)
id_creds.refresh(request)
assert id_creds.token == ID_TOKEN_DATA
def test_id_token_with_target_audience(self, mock_donor_credentials,
mock_authorizedsession_idtoken):
credentials = self.make_credentials(lifetime=None)
token = 'token'
target_audience = 'https://foo.bar'
expire_time = (_helpers.utcnow().replace(microsecond=0) +
datetime.timedelta(seconds=500)).isoformat('T') + 'Z'
response_body = {"accessToken": token, "expireTime": expire_time}
request = self.make_request(data=json.dumps(response_body),
status=http_client.OK)
credentials.refresh(request)
assert credentials.valid
assert not credentials.expired
id_creds = impersonated_credentials.IDTokenCredentials(credentials)
id_creds = id_creds.with_target_audience(
target_audience=target_audience)
id_creds.refresh(request)
assert id_creds.token == ID_TOKEN_DATA
assert id_creds.expiry == datetime.datetime.fromtimestamp(
ID_TOKEN_EXPIRY)
def test_id_token_invalid_cred(
self, mock_donor_credentials, mock_authorizedsession_idtoken
):
credentials = None
with pytest.raises(exceptions.GoogleAuthError) as excinfo:
impersonated_credentials.IDTokenCredentials(credentials)
assert excinfo.match("Provided Credential must be" " impersonated_credentials")
def GetElevationIdTokenGoogleAuth(self,
google_auth_impersonation_credentials,
audience, include_email):
cred = google_auth_impersonated_creds.IDTokenCredentials(
google_auth_impersonation_credentials,
target_audience=audience,
include_email=include_email)
request_client = http_core.GoogleAuthRequest()
cred.refresh(request_client)
return cred
def GetElevationIdTokenGoogleAuth(self,
google_auth_impersonation_credentials,
audience, include_email):
"""Creates an ID token credentials for impersonated credentials."""
# Import only when necessary to decrease the startup time. Move it to
# global once google-auth is ready to replace oauth2client.
# pylint: disable=g-import-not-at-top
from google.auth import impersonated_credentials as google_auth_impersonated_creds
# pylint: enable=g-import-not-at-top
cred = google_auth_impersonated_creds.IDTokenCredentials(
google_auth_impersonation_credentials,
target_audience=audience,
include_email=include_email)
request_client = http_core.GoogleAuthRequest()
cred.refresh(request_client)
return cred
