当前位置: 首页>>代码示例>>Python>>正文


Python app_identity.sign_blob方法代码示例

本文整理汇总了Python中google.appengine.api.app_identity.sign_blob方法的典型用法代码示例。如果您正苦于以下问题:Python app_identity.sign_blob方法的具体用法?Python app_identity.sign_blob怎么用?Python app_identity.sign_blob使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在google.appengine.api.app_identity的用法示例。


在下文中一共展示了app_identity.sign_blob方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: sign_jwt

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_jwt(aud):
  """Produces a JWT signed with app's service account key."""
  now = int(utils.time_time())
  issuer = utils.get_service_account_name()
  claims = {
      'email': issuer,
      'exp': now + 3600,
      'iat': now,
      'iss': issuer,
      'sub': issuer,
  }
  if aud:
    claims['aud'] = aud
  claims_b64 = b64.encode(utils.encode_to_json(claims))
  payload = '.'.join((_jwt_header_b64, claims_b64))
  # TODO(vadimsh): Use sign_jwt RPC to get JWT header with 'kid' populated.
  _, sig = app_identity.sign_blob(payload)
  return '.'.join((payload, b64.encode(sig))) 
开发者ID:luci,项目名称:luci-py,代码行数:20,代码来源:tokens.py

示例2: create_custom_token

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def create_custom_token(uid, valid_minutes=59):
    """Create a secure token for the given id.

    This method is used to create secure custom JWT tokens to be passed to
    clients. It takes a unique id (user_id) that will be used by Firebase's
    security rules to prevent unauthorized access.
    """

    # use the app_identity service from google.appengine.api to get the
    # project's service account email automatically
    client_email = app_identity.get_service_account_name()

    now = int(time.time())
    # encode the required claims
    # per https://firebase.google.com/docs/auth/server/create-custom-tokens
    payload = base64.b64encode(json.dumps({
        'iss': client_email,
        'sub': client_email,
        'aud': _IDENTITY_ENDPOINT,
        'uid': uid,  # the important parameter, as it will be the channel id
        'iat': now,
        'exp': now + (valid_minutes * 60),
    }))
    # add standard header to identify this as a JWT
    header = base64.b64encode(json.dumps({'typ': 'JWT', 'alg': 'RS256'}))
    to_sign = '{}.{}'.format(header, payload)
    # Sign the jwt using the built in app_identity service
    return '{}.{}'.format(to_sign, base64.b64encode(
        app_identity.sign_blob(to_sign)[1])) 
开发者ID:colohan,项目名称:dschat,代码行数:31,代码来源:dschat.py

示例3: sign

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign(self, message):
        message = _helpers.to_bytes(message)
        _, signature = app_identity.sign_blob(message)
        return signature 
开发者ID:googleapis,项目名称:google-auth-library-python,代码行数:6,代码来源:app_engine.py

示例4: sign_blob

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_blob(self, blob):
        """Cryptographically sign a blob (of bytes).

        Implements abstract method
        :meth:`oauth2client.client.AssertionCredentials.sign_blob`.

        Args:
            blob: bytes, Message to be signed.

        Returns:
            tuple, A pair of the private key ID used to sign the blob and
            the signed contents.
        """
        return app_identity.sign_blob(blob) 
开发者ID:Deltares,项目名称:aqua-monitor,代码行数:16,代码来源:appengine.py

示例5: generate_jwt

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def generate_jwt():
    """Generates a signed JSON Web Token using the Google App Engine default
    service account."""
    now = int(time.time())

    header_json = json.dumps({
        "typ": "JWT",
        "alg": "RS256"})

    payload_json = json.dumps({
        'iat': now,
        # expires after one hour.
        "exp": now + 3600,
        # iss is the Google App Engine default service account email.
        'iss': DEFAULT_SERVICE_ACCOUNT,
        'sub': DEFAULT_SERVICE_ACCOUNT,
        # Typically, the audience is the hostname of your API. The aud
        # defined here must match the audience in the security configuration
        # in yourOpenAPI spec.
        'aud': 'echo.endpoints.sample.google.com',
        "email": DEFAULT_SERVICE_ACCOUNT
    })

    header_and_payload = '{}.{}'.format(
        base64.urlsafe_b64encode(header_json),
        base64.urlsafe_b64encode(payload_json))
    (key_name, signature) = app_identity.sign_blob(header_and_payload)
    signed_jwt = '{}.{}'.format(
        header_and_payload,
        base64.urlsafe_b64encode(signature))

    return signed_jwt 
开发者ID:GoogleCloudPlatform,项目名称:python-docs-samples,代码行数:34,代码来源:main.py

示例6: generate_jwt

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def generate_jwt():
    """Generates a signed JSON Web Token using the Google App Engine default
    service account."""
    now = int(time.time())

    header_json = json.dumps({
        "typ": "JWT",
        "alg": "RS256"})

    payload_json = json.dumps({
        "iat": now,
        # expires after one hour.
        "exp": now + 3600,
        # iss is the service account email.
        "iss": SERVICE_ACCOUNT_EMAIL,
        # target_audience is the URL of the target service.
        "target_audience": TARGET_AUD,
        # aud must be Google token endpoints URL.
        "aud": "https://www.googleapis.com/oauth2/v4/token"
    })

    header_and_payload = '{}.{}'.format(
        base64.urlsafe_b64encode(header_json),
        base64.urlsafe_b64encode(payload_json))
    (key_name, signature) = app_identity.sign_blob(header_and_payload)
    signed_jwt = '{}.{}'.format(
        header_and_payload,
        base64.urlsafe_b64encode(signature))

    return signed_jwt 
开发者ID:GoogleCloudPlatform,项目名称:python-docs-samples,代码行数:32,代码来源:main.py

示例7: create_custom_token

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def create_custom_token(uid, valid_minutes=60):
    """Create a secure token for the given id.

    This method is used to create secure custom JWT tokens to be passed to
    clients. It takes a unique id (uid) that will be used by Firebase's
    security rules to prevent unauthorized access. In this case, the uid will
    be the channel id which is a combination of user_id and game_key
    """

    # use the app_identity service from google.appengine.api to get the
    # project's service account email automatically
    client_email = app_identity.get_service_account_name()

    now = int(time.time())
    # encode the required claims
    # per https://firebase.google.com/docs/auth/server/create-custom-tokens
    payload = base64.b64encode(json.dumps({
        'iss': client_email,
        'sub': client_email,
        'aud': _IDENTITY_ENDPOINT,
        'uid': uid,  # the important parameter, as it will be the channel id
        'iat': now,
        'exp': now + (valid_minutes * 60),
    }))
    # add standard header to identify this as a JWT
    header = base64.b64encode(json.dumps({'typ': 'JWT', 'alg': 'RS256'}))
    to_sign = '{}.{}'.format(header, payload)
    # Sign the jwt using the built in app_identity service
    return '{}.{}'.format(to_sign, base64.b64encode(
        app_identity.sign_blob(to_sign)[1])) 
开发者ID:GoogleCloudPlatform,项目名称:python-docs-samples,代码行数:32,代码来源:firetactoe.py

示例8: get

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def get(self):
        message = 'Hello, world!'
        signing_key_name, signature = app_identity.sign_blob(message)
        verified = verify_signed_by_app(message, signature)

        self.response.content_type = 'text/plain'
        self.response.write('Message: {}\n'.format(message))
        self.response.write(
            'Signature: {}\n'.format(base64.b64encode(signature)))
        self.response.write('Verified: {}\n'.format(verified)) 
开发者ID:GoogleCloudPlatform,项目名称:python-docs-samples,代码行数:12,代码来源:main.py

示例9: sign_blob

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_blob(blob, deadline=None):
  """Signs a blob using current service's private key.

  Just an alias for GAE app_identity.sign_blob function for symmetry with
  'check_signature'. Note that |blob| can be at most 8KB.

  Returns:
    Tuple (name of a key used, RSA+SHA256 signature).
  """
  # app_identity.sign_blob is producing RSA+SHA256 signature. Sadly, it isn't
  # documented anywhere. But it should be relatively stable since this API is
  # used by OAuth2 libraries (and so changing signature method may break a lot
  # of stuff).
  return app_identity.sign_blob(blob, deadline) 
开发者ID:luci,项目名称:luci-py,代码行数:16,代码来源:signature.py

示例10: test_sign_blob

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def test_sign_blob():
    cleartext = 'Curiouser and curiouser!'
    key_name, signature = app_identity.sign_blob(cleartext)
    assert key_name
    assert signature 
开发者ID:GoogleCloudPlatform,项目名称:python-compat-runtime,代码行数:7,代码来源:app_identity_test.py

示例11: sign_url

# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_url(self, object_name, url_lifetime):
        """ Generates Cloud Storage signed URL to download Google Cloud Storage
        object without sign in.

        See: https://cloud.google.com/storage/docs/access-control/signed-urls
        
        This only works on a real App Engine app, not in a dev app server.
        
        Args:
            object_name (str): The name of the object which is signed.
            url_lifetime (datetime.timedelta): Lifetime of the signed URL. The
                server rejects any requests received after this time from now.
        """
        if utils.is_dev_app_server():
            # Not working on a dev app server because it doesn't support
            # app_identity.sign_blob(). An alternative implementation would
            # be needed to make it work on a dev app server.
            raise Exception(
                'sign_url only works on a real App Engine app, not on a dev '
                'app server.')

        method = 'GET'
        expiration_time = utils.get_utcnow() + url_lifetime
        expiration_sec = int(time.mktime(expiration_time.timetuple()))
        path = '/%s/%s' % (self.bucket_name, object_name)

        # These are unused in our use case.
        content_md5 = ''
        content_type = ''

        signed_text = '\n'.join([
            method,
            content_md5,
            content_type,
            str(expiration_sec),
            path,
        ])
        (_, signature) = app_identity.sign_blob(signed_text.encode('utf-8'))

        query_params = {
            'GoogleAccessId': app_identity.get_service_account_name(),
            'Expires': str(expiration_sec),
            'Signature': base64.b64encode(signature),
        }
        return 'https://storage.googleapis.com%s?%s' % (path, urllib.urlencode(query_params)) 
开发者ID:google,项目名称:personfinder,代码行数:47,代码来源:cloud_storage.py


注:本文中的google.appengine.api.app_identity.sign_blob方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。