google.auth.app_engine module¶
Google App Engine standard environment support.
This module provides authentication and signing for applications running on App Engine in the standard environment using the App Identity API.
- class Signer[source]¶
Bases:
SignerSigns messages using the App Engine App Identity service.
This can be used in place of
google.auth.crypt.Signerwhen running in the App Engine standard environment.- property key_id¶
The key ID used to identify this private key.
Warning
This is always
None. The key ID used by App Engine can not be reliably determined ahead of time.
- get_project_id()[source]¶
Gets the project ID for the current App Engine application.
- Returns:
The project ID
- Return type:
- Raises:
google.auth.exceptions.OSError – If the App Engine APIs are unavailable.
- class Credentials(scopes=None, default_scopes=None, service_account_id=None, quota_project_id=None)[source]¶
Bases:
Scoped,Signing,CredentialsWithQuotaProjectApp Engine standard environment credentials.
These credentials use the App Engine App Identity API to obtain access tokens.
- Parameters:
scopes (
Sequencestr) – Scopes to request from the App Identity API.default_scopes (
Sequencestr) – Default scopes passed by a Google client library. Use ‘scopes’ for user-defined scopes.service_account_id (str) – The service account ID passed into
google.appengine.api.app_identity.get_access_token(). If not specified, the default application service account ID will be used.quota_project_id (
Optionalstr) – The project ID used for quota and billing.
- Raises:
google.auth.exceptions.OSError – If the App Engine APIs are unavailable.
- refresh(request)[source]¶
Refreshes the access token.
- Parameters:
request (google.auth.transport.Request) – The object used to make HTTP requests.
- Raises:
google.auth.exceptions.RefreshError – If the credentials could not be refreshed.
- property service_account_email¶
The service account email.
- property requires_scopes¶
Checks if the credentials requires scopes.
- Returns:
True if there are no scopes set otherwise False.
- Return type:
- with_scopes(scopes, default_scopes=None)[source]¶
Create a copy of these credentials with the specified scopes.
- Parameters:
scopes (
Sequencestr) – The list of scopes to attach to the current credentials.- Raises:
NotImplementedError – If the credentials’ scopes can not be changed. This can be avoided by checking
requires_scopesbefore calling this method.
- with_quota_project(quota_project_id)[source]¶
Returns a copy of these credentials with a modified quota project.
- Parameters:
quota_project_id (str) – The project to use for quota and billing purposes
- Returns:
A new credentials instance.
- Return type:
- property signer¶
The signer used to sign bytes.
- Type:
- before_request(request, method, url, headers)[source]¶
Performs credential-specific before request logic.
Refreshes the credentials if necessary, then calls
apply()to apply the token to the authentication header.- Parameters:
request (google.auth.transport.Request) – The object used to make HTTP requests.
method (str) – The request’s HTTP method or the RPC method being invoked.
url (str) – The request’s URI or the RPC service’s URI.
headers (Mapping) – The request’s headers.
- property expired¶
Checks if the credentials are expired.
Note that credentials can be invalid but not expired because Credentials with
expiryset to None is considered to never expire.Deprecated since version v2.24.0: Prefer checking
token_stateinstead.
- has_scopes(scopes)¶
Checks if the credentials have the given scopes.
- property quota_project_id¶
Project to use for quota and billing purposes.
- property token_state¶
See :obj:`TokenState
- property universe_domain¶
The universe domain value.
- property valid¶
Checks the validity of the credentials.
This is True if the credentials have a
tokenand the token is notexpired.Deprecated since version v2.24.0: Prefer checking
token_stateinstead.
