Lines Matching full:credentials
53 return service_account.Credentials(
58 credentials = service_account.Credentials.from_service_account_info(
62 assert credentials._signer.key_id == SERVICE_ACCOUNT_INFO["private_key_id"]
63 assert credentials.service_account_email == SERVICE_ACCOUNT_INFO["client_email"]
64 assert credentials._token_uri == SERVICE_ACCOUNT_INFO["token_uri"]
72 credentials = service_account.Credentials.from_service_account_info(
76 assert credentials.service_account_email == info["client_email"]
77 assert credentials.project_id == info["project_id"]
78 assert credentials._signer.key_id == info["private_key_id"]
79 assert credentials._token_uri == info["token_uri"]
80 assert credentials._scopes == scopes
81 assert credentials._subject == subject
82 assert credentials._additional_claims == additional_claims
87 credentials = service_account.Credentials.from_service_account_file(
91 assert credentials.service_account_email == info["client_email"]
92 assert credentials.project_id == info["project_id"]
93 assert credentials._signer.key_id == info["private_key_id"]
94 assert credentials._token_uri == info["token_uri"]
102 credentials = service_account.Credentials.from_service_account_file(
109 assert credentials.service_account_email == info["client_email"]
110 assert credentials.project_id == info["project_id"]
111 assert credentials._signer.key_id == info["private_key_id"]
112 assert credentials._token_uri == info["token_uri"]
113 assert credentials._scopes == scopes
114 assert credentials._subject == subject
115 assert credentials._additional_claims == additional_claims
118 credentials = self.make_credentials()
119 assert not credentials.valid
121 assert not credentials.expired
123 assert credentials.requires_scopes
126 credentials = self.make_credentials()
128 signature = credentials.sign_bytes(to_sign)
132 credentials = self.make_credentials()
133 assert isinstance(credentials.signer, crypt.Signer)
136 credentials = self.make_credentials()
137 assert credentials.signer_email == self.SERVICE_ACCOUNT_EMAIL
140 credentials = self.make_credentials()
142 credentials = credentials.with_scopes(scopes)
143 assert credentials._scopes == scopes
146 credentials = self.make_credentials()
147 new_credentials = credentials.with_claims({"meep": "moop"})
151 credentials = self.make_credentials()
152 new_credentials = credentials.with_quota_project("new-project-456")
159 credentials = self.make_credentials()
160 assert not credentials._always_use_jwt_access
162 new_credentials = credentials.with_always_use_jwt_access(True)
166 credentials = self.make_credentials()
167 token = credentials._make_authorization_grant_assertion()
173 credentials = self.make_credentials()
175 credentials = credentials.with_scopes(scopes)
176 token = credentials._make_authorization_grant_assertion()
181 credentials = self.make_credentials()
183 credentials = credentials.with_subject(subject)
184 token = credentials._make_authorization_grant_assertion()
189 credentials = service_account.Credentials(
197 credentials.apply(headers, token="token")
203 credentials = service_account.Credentials(
208 credentials.apply(headers, token="token")
213 @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True)
215 credentials = service_account.Credentials(
220 credentials._create_self_signed_jwt(audience)
221 jwt.from_signing_credentials.assert_called_once_with(credentials, audience)
223 @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True)
225 credentials = service_account.Credentials(
230 credentials._create_self_signed_jwt(audience)
235 @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True)
237 credentials = service_account.Credentials(
246 credentials._create_self_signed_jwt(audience)
247 jwt.from_signing_credentials.assert_called_once_with(credentials, audience)
249 @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True)
251 credentials = service_account.Credentials(
260 credentials._create_self_signed_jwt(audience)
262 credentials, None, additional_claims={"scope": "bar foo"}
265 @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True)
269 credentials = service_account.Credentials(
277 credentials._create_self_signed_jwt(None)
279 credentials, None, additional_claims={"scope": "bar foo"}
282 @mock.patch("google.auth.jwt.Credentials", instance=True, autospec=True)
284 credentials = service_account.Credentials(
291 credentials._create_self_signed_jwt(None)
296 credentials = self.make_credentials()
305 # Refresh credentials
306 credentials.refresh(request)
313 assert token_uri == credentials._token_uri
318 # Check that the credentials have the token.
319 assert credentials.token == token
321 # Check that the credentials are valid (have a token and are not
323 assert credentials.valid
327 credentials = self.make_credentials()
336 # Credentials should start as invalid
337 assert not credentials.valid
340 credentials.before_request(request, "GET", "http://example.com?a=1#3", {})
345 # Credentials should now be valid.
346 assert credentials.valid
348 @mock.patch("google.auth.jwt.Credentials._make_jwt")
350 credentials = self.make_credentials()
351 credentials._create_self_signed_jwt("https://pubsub.googleapis.com")
359 # Credentials should start as invalid
360 assert not credentials.valid
363 credentials.before_request(request, "GET", "http://example.com?a=1#3", {})
365 # Credentials should now be valid.
366 assert credentials.valid
371 assert credentials.token == token
372 assert credentials.expiry == expiry
375 @mock.patch("google.auth.jwt.Credentials.refresh", autospec=True)
379 # Create a domain wide delegation credentials by setting the subject.
380 credentials = service_account.Credentials(
387 credentials._create_self_signed_jwt("https://pubsub.googleapis.com")
395 # Refresh credentials
396 credentials.refresh(request)
416 credentials = service_account.IDTokenCredentials.from_service_account_info(
420 assert credentials._signer.key_id == SERVICE_ACCOUNT_INFO["private_key_id"]
421 assert credentials.service_account_email == SERVICE_ACCOUNT_INFO["client_email"]
422 assert credentials._token_uri == SERVICE_ACCOUNT_INFO["token_uri"]
423 assert credentials._target_audience == self.TARGET_AUDIENCE
428 credentials = service_account.IDTokenCredentials.from_service_account_file(
432 assert credentials.service_account_email == info["client_email"]
433 assert credentials._signer.key_id == info["private_key_id"]
434 assert credentials._token_uri == info["token_uri"]
435 assert credentials._target_audience == self.TARGET_AUDIENCE
438 credentials = self.make_credentials()
439 assert not credentials.valid
441 assert not credentials.expired
444 credentials = self.make_credentials()
446 signature = credentials.sign_bytes(to_sign)
450 credentials = self.make_credentials()
451 assert isinstance(credentials.signer, crypt.Signer)
454 credentials = self.make_credentials()
455 assert credentials.signer_email == self.SERVICE_ACCOUNT_EMAIL
458 credentials = self.make_credentials()
459 new_credentials = credentials.with_target_audience("https://new.example.com")
463 credentials = self.make_credentials()
464 new_credentials = credentials.with_quota_project("project-foo")
468 credentials = self.make_credentials()
469 token = credentials._make_authorization_grant_assertion()
477 credentials = self.make_credentials()
486 # Refresh credentials
487 credentials.refresh(request)
494 assert token_uri == credentials._token_uri
499 # Check that the credentials have the token.
500 assert credentials.token == token
502 # Check that the credentials are valid (have a token and are not
504 assert credentials.valid
508 credentials = self.make_credentials()
517 # Credentials should start as invalid
518 assert not credentials.valid
521 credentials.before_request(request, "GET", "http://example.com?a=1#3", {})
526 # Credentials should now be valid.
527 assert credentials.valid