test_downscoped.py - OpenGrok cross reference for /external/python/google-auth-library-python/tests/test

Lines Matching +full:x +full:- +full:access +full:- +full:token
7 #      http://www.apache.org/licenses/LICENSE-2.0
31     "resource.name.startsWith('projects/_/buckets/example-bucket/objects/customer-a')"
33 TITLE = "customer-a-objects"
35     "Condition to make permissions available for objects starting with customer-a"
37 AVAILABLE_RESOURCE = "//storage.googleapis.com/projects/_/buckets/example-bucket"
41     "resource.name.startsWith('projects/_/buckets/example-bucket/objects/customer-b')"
43 OTHER_TITLE = "customer-b-objects"
45     "Condition to make permissions available for objects starting with customer-b"
47 OTHER_AVAILABLE_RESOURCE = "//storage.googleapis.com/projects/_/buckets/other-bucket"
50 GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange"
51 REQUESTED_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token"
52 TOKEN_EXCHANGE_ENDPOINT = "https://sts.googleapis.com/v1/token"
53 SUBJECT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token"
56     "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
62     "error_description": "Subject token is invalid.",
92                 "Failed to refresh access token in source credentials."
96         self.token = "ACCESS_TOKEN_{}".format(self._counter)
373             "Credential access boundary rules can have a maximum of 10 rules."
417             "Credential access boundary rules can have a maximum of 10 rules."
467         response.data = json.dumps(data).encode("utf-8")
484             assert v.decode("utf-8") == request_data[k.decode("utf-8")]
490         # No token acquired yet.
491         assert not credentials.token
504         quota_project_creds = credentials.with_quota_project("project-foo")
506         assert quota_project_creds.quota_project_id == "project-foo"
516         headers = {"Content-Type": "application/x-www-form-urlencoded"}
539             assert credentials.token == response["access_token"]
547         # The downscoped token expiration should match the source credentials
551         # Simulate the source credentials generates a token with 1800 second
552         # expiration time. The generated downscoped token should have the same
558         headers = {"Content-Type": "application/x-www-form-urlencoded"}
580             assert credentials.token == response["access_token"]
594 …       r"Error code invalid_grant: Subject token is invalid. - https://tools.ietf.org/html/rfc6749"
597         assert credentials.token is None
609         assert excinfo.match(r"Failed to refresh access token in source credentials.")
611         assert credentials.token is None
626         headers = {"other": "header-value"}
634             "other": "header-value",
636             "x-goog-user-project": QUOTA_PROJECT_ID,
640         headers = {"other": "header-value"}
644         # First call should call refresh, setting the token.
648             "other": "header-value",
658             "other": "header-value",
667         credentials.token = "token"
682         # Cached token should be used.
683         assert headers == {"authorization": "Bearer token"}
693         # New token should be retrieved.