google.auth.app_engine module¶
Google App Engine standard environment support.
This module provides authentication and signing for applications running on App Engine in the standard environment using the App Identity API.
- class Signer[source]¶
Bases:
google.auth.crypt.base.Signer
Signs messages using the App Engine App Identity service.
This can be used in place of
google.auth.crypt.Signer
when running in the App Engine standard environment.- property key_id¶
The key ID used to identify this private key.
Warning
This is always
None
. The key ID used by App Engine can not be reliably determined ahead of time.
- get_project_id()[source]¶
Gets the project ID for the current App Engine application.
- Returns
The project ID
- Return type
- Raises
google.auth.exceptions.OSError – If the App Engine APIs are unavailable.
- class Credentials(scopes=None, default_scopes=None, service_account_id=None, quota_project_id=None)[source]¶
Bases:
google.auth.credentials.Scoped
,google.auth.credentials.Signing
,google.auth.credentials.CredentialsWithQuotaProject
App Engine standard environment credentials.
These credentials use the App Engine App Identity API to obtain access tokens.
- Parameters
scopes (
Sequence
str
) – Scopes to request from the App Identity API.default_scopes (
Sequence
str
) – Default scopes passed by a Google client library. Use ‘scopes’ for user-defined scopes.service_account_id (str) – The service account ID passed into
google.appengine.api.app_identity.get_access_token()
. If not specified, the default application service account ID will be used.quota_project_id (
Optional
str
) – The project ID used for quota and billing.
- Raises
google.auth.exceptions.OSError – If the App Engine APIs are unavailable.
- refresh(request)[source]¶
Refreshes the access token.
- Parameters
request (google.auth.transport.Request) – The object used to make HTTP requests.
- Raises
google.auth.exceptions.RefreshError – If the credentials could not be refreshed.
- property service_account_email¶
The service account email.
- property requires_scopes¶
Checks if the credentials requires scopes.
- Returns
True if there are no scopes set otherwise False.
- Return type
- with_scopes(scopes, default_scopes=None)[source]¶
Create a copy of these credentials with the specified scopes.
- Parameters
scopes (
Sequence
str
) – The list of scopes to attach to the current credentials.- Raises
NotImplementedError – If the credentials’ scopes can not be changed. This can be avoided by checking
requires_scopes
before calling this method.
- with_quota_project(quota_project_id)[source]¶
Returns a copy of these credentials with a modified quota project.
- Parameters
quota_project_id (str) – The project to use for quota and billing purposes
- Returns
A new credentials instance.
- Return type
- property signer¶
The signer used to sign bytes.
- before_request(request, method, url, headers)[source]¶
Performs credential-specific before request logic.
Refreshes the credentials if necessary, then calls
apply()
to apply the token to the authentication header.- Parameters
request (google.auth.transport.Request) – The object used to make HTTP requests.
method (str) – The request’s HTTP method or the RPC method being invoked.
url (str) – The request’s URI or the RPC service’s URI.
headers (Mapping) – The request’s headers.
- property expired¶
Checks if the credentials are expired.
Note that credentials can be invalid but not expired because Credentials with
expiry
set to None is considered to never expire.Deprecated since version v2.24.0: Prefer checking
token_state
instead.
- get_cred_info()[source]¶
The credential information JSON.
The credential information will be added to auth related error messages by client library.
- has_scopes(scopes)¶
Checks if the credentials have the given scopes.
- property quota_project_id¶
Project to use for quota and billing purposes.
- property token_state¶
See :obj:`TokenState
- property universe_domain¶
The universe domain value.
- property valid¶
Checks the validity of the credentials.
This is True if the credentials have a
token
and the token is notexpired
.Deprecated since version v2.24.0: Prefer checking
token_state
instead.