def get(self):
token = self.request.get('token')
email = self.request.get('email')
result = ""
# based on the example here: https://developers.google.com/identity/sign-in/android/backend-auth
try:
# Specify the CLIENT_ID of the app that accesses the backend:
id_info = id_token.verify_oauth2_token(token, requests.Request(),
CLIENT_ID)
if id_info['iss'] not in [
'accounts.google.com', 'https://accounts.google.com'
]:
result = " bad issuer"
raise ValueError('Wrong issuer.')
# ID token is valid. Get the user's Google Account ID from the decoded token.
user_id = id_info['sub']
except ValueError, e:
result = " " + str(e)
# Invalid token
pass
def post(self):
username = self.request.get('username')
token = self.request.get('token')
userid = "..nouserid.."
try:
# Specify the CLIENT_ID of the app that accesses the backend:
idinfo = id_token.verify_oauth2_token(token, requests.Request(),
CLIENT_ID)
# Or, if multiple clients access the backend server:
# idinfo = id_token.verify_oauth2_token(token, requests.Request())
# if idinfo['aud'] not in [CLIENT_ID_1, CLIENT_ID_2, CLIENT_ID_3]:
# raise ValueError('Could not verify audience.')
if idinfo['iss'] not in [
'accounts.google.com', 'https://accounts.google.com'
]:
raise ValueError('Wrong issuer.')
# If auth request is from a G Suite domain:
# if idinfo['hd'] != GSUITE_DOMAIN_NAME:
# raise ValueError('Wrong hosted domain.')
# ID token is valid. Get the user's Google Account ID from the decoded token.
userid = idinfo['sub']
except ValueError as e:
# Invalid token
pass
response = {"username": username, "userid": userid}
self.response.headers.add("Content-Type", "application/json")
self.response.write(json.dumps(response))
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Firebase credentials module."""
import collections
import json
import lib.six
from lib.google.oauth2 import credentials
from lib.google.oauth2 import service_account
import lib.google.auth
from lib.google.auth.transport import requests
_request = requests.Request()
_scopes = [
'https://www.googleapis.com/auth/devstorage.read_write',
'https://www.googleapis.com/auth/firebase',
'https://www.googleapis.com/auth/identitytoolkit',
'https://www.googleapis.com/auth/userinfo.email'
]
AccessTokenInfo = collections.namedtuple('AccessTokenInfo',
['access_token', 'expiry'])
class Base(object):
"""Provides OAuth2 access tokens for accessing Firebase services."""
def get_access_token(self):
"""Fetches a Google OAuth2 access token using this credential instance.