google.auth.app_engine module¶
Google App Engine standard environment support.
This module provides authentication and signing for applications running on App Engine in the standard environment using the App Identity API.
-
class
Signer
[source]¶ Bases:
google.auth.crypt.base.Signer
Signs messages using the App Engine App Identity service.
This can be used in place of
google.auth.crypt.Signer
when running in the App Engine standard environment.
-
get_project_id
()[source]¶ Gets the project ID for the current App Engine application.
Returns: The project ID Return type: str Raises: EnvironmentError
– If the App Engine APIs are unavailable.
-
class
Credentials
(scopes=None, default_scopes=None, service_account_id=None, quota_project_id=None)[source]¶ Bases:
google.auth.credentials.Scoped
,google.auth.credentials.Signing
,google.auth.credentials.CredentialsWithQuotaProject
App Engine standard environment credentials.
These credentials use the App Engine App Identity API to obtain access tokens.
Parameters: - scopes (
Sequence
[str
]) – Scopes to request from the App Identity API. - default_scopes (
Sequence
[str
]) – Default scopes passed by a Google client library. Use ‘scopes’ for user-defined scopes. - service_account_id (str) – The service account ID passed into
google.appengine.api.app_identity.get_access_token()
. If not specified, the default application service account ID will be used. - quota_project_id (
Optional
[str
]) – The project ID used for quota and billing.
Raises: EnvironmentError
– If the App Engine APIs are unavailable.-
refresh
(request)[source]¶ Refreshes the access token.
Parameters: request (google.auth.transport.Request) – The object used to make HTTP requests. Raises: google.auth.exceptions.RefreshError
– If the credentials could not be refreshed.
-
service_account_email
¶ The service account email.
-
requires_scopes
¶ Checks if the credentials requires scopes.
Returns: True if there are no scopes set otherwise False. Return type: bool
-
with_scopes
(scopes, default_scopes=None)[source]¶ Create a copy of these credentials with the specified scopes.
Parameters: scopes ( Sequence
[str
]) – The list of scopes to attach to the current credentials.Raises: NotImplementedError
– If the credentials’ scopes can not be changed. This can be avoided by checkingrequires_scopes
before calling this method.
-
with_quota_project
(quota_project_id)[source]¶ Returns a copy of these credentials with a modified quota project.
Parameters: quota_project_id (str) – The project to use for quota and billing purposes Returns: A new credentials instance. Return type: google.oauth2.credentials.Credentials
-
sign_bytes
(message)[source]¶ Signs the given message.
Parameters: message (bytes) – The message to sign. Returns: The message’s cryptographic signature. Return type: bytes
-
signer
¶ The signer used to sign bytes.
Type: google.auth.crypt.Signer
-
before_request
(request, method, url, headers)[source]¶ Performs credential-specific before request logic.
Refreshes the credentials if necessary, then calls
apply()
to apply the token to the authentication header.Parameters: - request (google.auth.transport.Request) – The object used to make HTTP requests.
- method (str) – The request’s HTTP method or the RPC method being invoked.
- url (str) – The request’s URI or the RPC service’s URI.
- headers (Mapping) – The request’s headers.
-
expired
¶ Checks if the credentials are expired.
Note that credentials can be invalid but not expired because Credentials with
expiry
set to None is considered to never expire.
-
has_scopes
(scopes)¶ Checks if the credentials have the given scopes.
Parameters: scopes ( Sequence
[str
]) – The list of scopes to check.Returns: True if the credentials have the given scopes. Return type: bool
-
quota_project_id
¶ Project to use for quota and billing purposes.
- scopes (