fix: invalid expiry type

google/auth/compute_engine/credentials.py

@@ -274,6 +274,10 @@ def _call_metadata_identity_endpoint(self, request):
             request (google.auth.transport.Request): The object used to make
                 HTTP requests.
 
+        Returns:
+            str: The ID token.
+            datetime.datetime: Expiry of the ID token.
+
         Raises:
             google.auth.exceptions.RefreshError: If the Compute Engine metadata
                 service can't be reached or if the instance has no credentials.
@@ -291,7 +295,7 @@ def _call_metadata_identity_endpoint(self, request):
             six.raise_from(new_exc, caught_exc)
 
         _, payload, _, _ = jwt._unverified_decode(id_token)
-        return id_token, payload["exp"]
+        return id_token, datetime.datetime.fromtimestamp(payload["exp"])
 
     def refresh(self, request):
         """Refreshes the ID token.

system_tests/test_compute_engine.py

@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from datetime import datetime
+
 import pytest
 
 import google.auth
@@ -61,8 +63,9 @@ def test_id_token_from_metadata(http_request):
     credentials.refresh(http_request)
 
     _, payload, _, _ = jwt._unverified_decode(credentials.token)
+    assert credentials.valid
     assert payload["aud"] == AUDIENCE
-    assert payload["exp"] == credentials.expiry
+    assert datetime.fromtimestamp(payload["exp"]) == credentials.expiry
 
 
 def test_fetch_id_token(http_request):

tests/compute_engine/test_credentials.py

@@ -522,7 +522,7 @@ def test_get_id_token_from_metadata(self, get, get_service_account_info):
         cred.refresh(request=mock.Mock())
 
         assert cred.token == SAMPLE_ID_TOKEN
-        assert cred.expiry == SAMPLE_ID_TOKEN_EXP
+        assert cred.expiry == datetime.datetime.fromtimestamp(SAMPLE_ID_TOKEN_EXP)
         assert cred._use_metadata_identity_endpoint
         assert cred._signer is None
         assert cred._token_uri is None