google.auth.credentials_async module¶

Interfaces for credentials.

class Credentials[source]¶

Bases: google.auth.credentials.Credentials

Async inherited credentials class from google.auth.credentials. The added functionality is the before_request call which requires async/await syntax. All credentials have a token that is used for authentication and may also optionally set an expiry to indicate when the token will no longer be valid.

Most credentials will be invalid until refresh() is called. Credentials can do this automatically before the first HTTP request in before_request().

Although the token and expiration will change as the credentials are refreshed and used, credentials should be considered immutable. Various credentials will accept configuration such as private keys, scopes, and other options. These options are not changeable after construction. Some classes will provide mechanisms to copy the credentials with modifications such as ScopedCredentials.with_scopes().

apply(headers, token=None)[source]¶

Apply the token to the authentication header.

Parameters:	headers (Mapping) – The HTTP request headers. token (`Optional` [ `str` ]) – If specified, overrides the current access token.

before_request(request, method, url, headers)[source]¶

Performs credential-specific before request logic.

Refreshes the credentials if necessary, then calls apply() to apply the token to the authentication header.

Parameters:	request (google.auth.transport.Request) – The object used to make HTTP requests. method (str) – The request’s HTTP method or the RPC method being invoked. url (str) – The request’s URI or the RPC service’s URI. headers (Mapping) – The request’s headers.

expired¶

Checks if the credentials are expired.

Note that credentials can be invalid but not expired because Credentials with expiry set to None is considered to never expire.

quota_project_id¶: Project to use for quota and billing purposes.

refresh(request)[source]¶

Refreshes the access token.

Parameters:	request (google.auth.transport.Request) – The object used to make HTTP requests.
Raises:	`google.auth.exceptions.RefreshError` – If the credentials could not be refreshed.

valid¶

Checks the validity of the credentials.

This is True if the credentials have a token and the token is not expired.

class CredentialsWithQuotaProject[source]¶

Bases: google.auth.credentials.CredentialsWithQuotaProject

Abstract base for credentials supporting with_quota_project factory

apply(headers, token=None)¶

Apply the token to the authentication header.

Parameters:	headers (Mapping) – The HTTP request headers. token (`Optional` [ `str` ]) – If specified, overrides the current access token.

before_request(request, method, url, headers)¶

Performs credential-specific before request logic.

Refreshes the credentials if necessary, then calls apply() to apply the token to the authentication header.

Parameters:	request (google.auth.transport.Request) – The object used to make HTTP requests. method (str) – The request’s HTTP method or the RPC method being invoked. url (str) – The request’s URI or the RPC service’s URI. headers (Mapping) – The request’s headers.

expired¶

Checks if the credentials are expired.

Note that credentials can be invalid but not expired because Credentials with expiry set to None is considered to never expire.

quota_project_id¶: Project to use for quota and billing purposes.

refresh(request)¶

Refreshes the access token.

Parameters:	request (google.auth.transport.Request) – The object used to make HTTP requests.
Raises:	`google.auth.exceptions.RefreshError` – If the credentials could not be refreshed.

valid¶

Checks the validity of the credentials.

This is True if the credentials have a token and the token is not expired.

with_quota_project(quota_project_id)[source]¶

Returns a copy of these credentials with a modified quota project.

Parameters:	quota_project_id (str) – The project to use for quota and billing purposes
Returns:	A new credentials instance.
Return type:	google.oauth2.credentials.Credentials

class AnonymousCredentials[source]¶

Bases: google.auth.credentials.AnonymousCredentials, google.auth._credentials_async.Credentials

Credentials that do not provide any authentication information.

These are useful in the case of services that support anonymous access or local service emulators that do not use credentials. This class inherits from the sync anonymous credentials file, but is kept if async credentials is initialized and we would like anonymous credentials.

apply(headers, token=None)[source]¶

Anonymous credentials do nothing to the request.

The optional token argument is not supported.

Raises:	`ValueError` – If a token was specified.

before_request(request, method, url, headers)[source]¶: Anonymous credentials do nothing to the request.

expired¶: Returns False, anonymous credentials never expire.

quota_project_id¶: Project to use for quota and billing purposes.

refresh(request)[source]¶: Raises ValueError`, anonymous credentials cannot be refreshed.

valid¶: Returns True, anonymous credentials are always valid.

class ReadOnlyScoped[source]¶

Bases: google.auth.credentials.ReadOnlyScoped

Interface for credentials whose scopes can be queried.

OAuth 2.0-based credentials allow limiting access using scopes as described in RFC6749 Section 3.3. If a credential class implements this interface then the credentials either use scopes in their implementation.

Some credentials require scopes in order to obtain a token. You can check if scoping is necessary with requires_scopes:

if credentials.requires_scopes:
    # Scoping is required.
    credentials = _credentials_async.with_scopes(scopes=['one', 'two'])

Credentials that require scopes must either be constructed with scopes:

credentials = SomeScopedCredentials(scopes=['one', 'two'])

Or must copy an existing instance using with_scopes():

scoped_credentials = _credentials_async.with_scopes(scopes=['one', 'two'])

Some credentials have scopes but do not allow or require scopes to be set, these credentials can be used as-is.

default_scopes¶

the credentials’ current set of default scopes.

Type:	`Sequence` [ `str` ]

has_scopes(scopes)[source]¶

Checks if the credentials have the given scopes.

Parameters:	scopes (`Sequence` [ `str` ]) – The list of scopes to check.
Returns:	True if the credentials have the given scopes.
Return type:	bool

requires_scopes¶: True if these credentials require scopes to obtain an access token.

scopes¶

the credentials’ current set of scopes.

Type:	`Sequence` [ `str` ]

class Scoped[source]¶

Bases: google.auth.credentials.Scoped

Interface for credentials whose scopes can be replaced while copying.

OAuth 2.0-based credentials allow limiting access using scopes as described in RFC6749 Section 3.3. If a credential class implements this interface then the credentials either use scopes in their implementation.

Some credentials require scopes in order to obtain a token. You can check if scoping is necessary with requires_scopes:

if credentials.requires_scopes:
    # Scoping is required.
    credentials = _credentials_async.create_scoped(['one', 'two'])

Credentials that require scopes must either be constructed with scopes:

credentials = SomeScopedCredentials(scopes=['one', 'two'])

Or must copy an existing instance using with_scopes():

scoped_credentials = credentials.with_scopes(scopes=['one', 'two'])

Some credentials have scopes but do not allow or require scopes to be set, these credentials can be used as-is.

default_scopes¶

the credentials’ current set of default scopes.

Type:	`Sequence` [ `str` ]

has_scopes(scopes)¶

Checks if the credentials have the given scopes.

Parameters:	scopes (`Sequence` [ `str` ]) – The list of scopes to check.
Returns:	True if the credentials have the given scopes.
Return type:	bool

requires_scopes¶: True if these credentials require scopes to obtain an access token.

scopes¶

the credentials’ current set of scopes.

Type:	`Sequence` [ `str` ]

with_scopes(scopes, default_scopes=None)[source]¶

Create a copy of these credentials with the specified scopes.

Parameters:	scopes (`Sequence` [ `str` ]) – The list of scopes to attach to the current credentials.
Raises:	`NotImplementedError` – If the credentials’ scopes can not be changed. This can be avoided by checking `requires_scopes` before calling this method.

with_scopes_if_required(credentials, scopes)[source]¶

Creates a copy of the credentials with scopes if scoping is required.

This helper function is useful when you do not know (or care to know) the specific type of credentials you are using (such as when you use google.auth.default()). This function will call Scoped.with_scopes() if the credentials are scoped credentials and if the credentials require scoping. Otherwise, it will return the credentials as-is.

Parameters:

credentials (google.auth.credentials.Credentials) – The credentials to scope if necessary.
scopes (Sequence [ str ]) – The list of scopes to use.

Returns:

Either a new set of scoped: credentials, or the passed in credentials instance if no scoping was required.

Return type:

google.auth._credentials_async.Credentials

class Signing[source]¶

Bases: google.auth.credentials.Signing

Interface for credentials that can cryptographically sign messages.

sign_bytes(message)[source]¶

Signs the given message.

Parameters:	message (bytes) – The message to sign.
Returns:	The message’s cryptographic signature.
Return type:	bytes

signer¶

The signer used to sign bytes.

Type:	google.auth.crypt.Signer

signer_email¶

An email address that identifies the signer.

Type:	`Optional` [ `str` ]

google.auth.credentials_async module¶

google-auth

Navigation

Related Topics