-
Notifications
You must be signed in to change notification settings - Fork 307
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add jwt.OnDemandCredentials #142
Conversation
/cc @jboeuf |
waow. Awesome. thanks much for the quick turnaround! |
We had most of this code already, we just needed justification for it. |
Very much appreciate either way :).
…On Thu, Mar 23, 2017 at 1:02 PM, Jon Wayne Parrott ***@***.*** > wrote:
waow. Awesome. thanks much for the quick turnaround!
We had most of this code already, we just needed justification for it.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#142 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AF-P7SubWG38nlNerSLDhcjgoPxc5mFvks5ros_agaJpZM4MnReb>
.
|
def869a
to
5b6f760
Compare
@dhermes @lukesneeringer re-based and should be ready for review. :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What should I know about cachetools
(never having used it)? Worth making it an optional dependency?
google/auth/jwt.py
Outdated
import google.auth.credentials | ||
|
||
|
||
_DEFAULT_TOKEN_LIFETIME_SECS = 3600 # 1 hour in seconds | ||
_DEFAULT_TOKEN_LIFETIME_SECS = 3600 # 1 hour in sections |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
Args: | ||
signer (google.auth.crypt.Signer): The signer used to sign JWTs. | ||
issuer (str): The `iss` claim. | ||
subject (str): The `sub` claim. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
signer (google.auth.crypt.Signer): The signer used to sign JWTs. | ||
issuer (str): The `iss` claim. | ||
subject (str): The `sub` claim. | ||
additional_claims (Mapping[str, str]): Any additional claims for |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
max_cache_size (int): The maximum number of JWT tokens to keep in | ||
cache. Tokens are cached using :class:`cachetools.LRUCache`. | ||
""" | ||
super(OnDemandCredentials, self).__init__() |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
google/auth/jwt.py
Outdated
if additional_claims is not None: | ||
self._additional_claims = additional_claims | ||
else: | ||
self._additional_claims = {} |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
google/auth/jwt.py
Outdated
def valid(self): | ||
"""Checks the validity of the credentials. | ||
|
||
These credentials are always valid. |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
google/auth/jwt.py
Outdated
Returns: | ||
bytes: The encoded JWT. | ||
""" | ||
|
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
google.auth.RefreshError | ||
""" | ||
# pylint: disable=unused-argument | ||
# (pylint doesn't correctly recognize overridden methods.) |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
tests/test_jwt.py
Outdated
@@ -343,3 +344,135 @@ def test_before_request_refreshes(self): | |||
self.credentials.before_request( | |||
None, 'GET', 'http://example.com?a=1#3', {}) | |||
assert self.credentials.valid | |||
|
|||
|
|||
class TestOnDemandCredentials: |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
tests/test_jwt.py
Outdated
SERVICE_ACCOUNT_EMAIL = 'service-account@example.com' | ||
SUBJECT = 'subject' | ||
ADDITIONAL_CLAIMS = {'meta': 'data'} | ||
credentials = None |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
It's a very well tested, maintained, and focused library that provides a pretty damn good implementation of an LRU cache. We could alternatively just pull in the LRUCache class (and associated tests) into this library. |
Your call |
I'm okay with the dependency. @lukesneeringer WDYT? |
Just did some quick research. I prefer the dep over vendoring. |
Resolves #136.
Note: this adds a new dependency on
cachetools
.