google.auth.app_engine module¶
Google App Engine standard environment support.
This module provides authentication and signing for applications running on App Engine in the standard environment using the App Identity API.
- class Signer[source]¶
Bases:
Signer
Signs messages using the App Engine App Identity service.
This can be used in place of
google.auth.crypt.Signer
when running in the App Engine standard environment.- property key_id¶
The key ID used to identify this private key.
Warning
This is always
None
. The key ID used by App Engine can not be reliably determined ahead of time.
- get_project_id()[source]¶
Gets the project ID for the current App Engine application.
- Returns:
The project ID
- Return type:
- Raises:
EnvironmentError – If the App Engine APIs are unavailable.
- class Credentials(scopes=None, default_scopes=None, service_account_id=None, quota_project_id=None)[source]¶
Bases:
Scoped
,Signing
,CredentialsWithQuotaProject
App Engine standard environment credentials.
These credentials use the App Engine App Identity API to obtain access tokens.
- Parameters:
scopes (
Sequence
[str
]) – Scopes to request from the App Identity API.default_scopes (
Sequence
[str
]) – Default scopes passed by a Google client library. Use ‘scopes’ for user-defined scopes.service_account_id (str) – The service account ID passed into
google.appengine.api.app_identity.get_access_token()
. If not specified, the default application service account ID will be used.quota_project_id (
Optional
[str
]) – The project ID used for quota and billing.
- Raises:
EnvironmentError – If the App Engine APIs are unavailable.
- refresh(request)[source]¶
Refreshes the access token.
- Parameters:
request (google.auth.transport.Request) – The object used to make HTTP requests.
- Raises:
google.auth.exceptions.RefreshError – If the credentials could not be refreshed.
- property service_account_email¶
The service account email.
- property requires_scopes¶
Checks if the credentials requires scopes.
- Returns:
True if there are no scopes set otherwise False.
- Return type:
- with_scopes(scopes, default_scopes=None)[source]¶
Create a copy of these credentials with the specified scopes.
- Parameters:
scopes (
Sequence
[str
]) – The list of scopes to attach to the current credentials.- Raises:
NotImplementedError – If the credentials’ scopes can not be changed. This can be avoided by checking
requires_scopes
before calling this method.
- with_quota_project(quota_project_id)[source]¶
Returns a copy of these credentials with a modified quota project.
- Parameters:
quota_project_id (str) – The project to use for quota and billing purposes
- Returns:
A new credentials instance.
- Return type:
- property signer¶
The signer used to sign bytes.
- Type:
- before_request(request, method, url, headers)[source]¶
Performs credential-specific before request logic.
Refreshes the credentials if necessary, then calls
apply()
to apply the token to the authentication header.- Parameters:
request (google.auth.transport.Request) – The object used to make HTTP requests.
method (str) – The request’s HTTP method or the RPC method being invoked.
url (str) – The request’s URI or the RPC service’s URI.
headers (Mapping) – The request’s headers.
- property expired¶
Checks if the credentials are expired.
Note that credentials can be invalid but not expired because Credentials with
expiry
set to None is considered to never expire.
- has_scopes(scopes)¶
Checks if the credentials have the given scopes.
- property quota_project_id¶
Project to use for quota and billing purposes.