1# Copyright 2016 gRPC authors. 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14"""GRPCAuthMetadataPlugins for standard authentication.""" 15 16import inspect 17 18import grpc 19 20 21def _sign_request(callback, token, error): 22 metadata = (('authorization', 'Bearer {}'.format(token)),) 23 callback(metadata, error) 24 25 26class GoogleCallCredentials(grpc.AuthMetadataPlugin): 27 """Metadata wrapper for GoogleCredentials from the oauth2client library.""" 28 29 def __init__(self, credentials): 30 self._credentials = credentials 31 # Hack to determine if these are JWT creds and we need to pass 32 # additional_claims when getting a token 33 self._is_jwt = 'additional_claims' in inspect.getargspec( # pylint: disable=deprecated-method 34 credentials.get_access_token).args 35 36 def __call__(self, context, callback): 37 try: 38 if self._is_jwt: 39 access_token = self._credentials.get_access_token( 40 additional_claims={ 41 'aud': context.service_url 42 }).access_token 43 else: 44 access_token = self._credentials.get_access_token().access_token 45 except Exception as exception: # pylint: disable=broad-except 46 _sign_request(callback, None, exception) 47 else: 48 _sign_request(callback, access_token, None) 49 50 51class AccessTokenAuthMetadataPlugin(grpc.AuthMetadataPlugin): 52 """Metadata wrapper for raw access token credentials.""" 53 54 def __init__(self, access_token): 55 self._access_token = access_token 56 57 def __call__(self, context, callback): 58 _sign_request(callback, self._access_token, None) 59