本文整理汇总了Python中google.appengine.api.app_identity.sign_blob方法的典型用法代码示例。如果您正苦于以下问题:Python app_identity.sign_blob方法的具体用法?Python app_identity.sign_blob怎么用?Python app_identity.sign_blob使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类google.appengine.api.app_identity
的用法示例。
在下文中一共展示了app_identity.sign_blob方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: sign_jwt
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_jwt(aud):
"""Produces a JWT signed with app's service account key."""
now = int(utils.time_time())
issuer = utils.get_service_account_name()
claims = {
'email': issuer,
'exp': now + 3600,
'iat': now,
'iss': issuer,
'sub': issuer,
}
if aud:
claims['aud'] = aud
claims_b64 = b64.encode(utils.encode_to_json(claims))
payload = '.'.join((_jwt_header_b64, claims_b64))
# TODO(vadimsh): Use sign_jwt RPC to get JWT header with 'kid' populated.
_, sig = app_identity.sign_blob(payload)
return '.'.join((payload, b64.encode(sig)))
示例2: create_custom_token
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def create_custom_token(uid, valid_minutes=59):
"""Create a secure token for the given id.
This method is used to create secure custom JWT tokens to be passed to
clients. It takes a unique id (user_id) that will be used by Firebase's
security rules to prevent unauthorized access.
"""
# use the app_identity service from google.appengine.api to get the
# project's service account email automatically
client_email = app_identity.get_service_account_name()
now = int(time.time())
# encode the required claims
# per https://firebase.google.com/docs/auth/server/create-custom-tokens
payload = base64.b64encode(json.dumps({
'iss': client_email,
'sub': client_email,
'aud': _IDENTITY_ENDPOINT,
'uid': uid, # the important parameter, as it will be the channel id
'iat': now,
'exp': now + (valid_minutes * 60),
}))
# add standard header to identify this as a JWT
header = base64.b64encode(json.dumps({'typ': 'JWT', 'alg': 'RS256'}))
to_sign = '{}.{}'.format(header, payload)
# Sign the jwt using the built in app_identity service
return '{}.{}'.format(to_sign, base64.b64encode(
app_identity.sign_blob(to_sign)[1]))
示例3: sign
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign(self, message):
message = _helpers.to_bytes(message)
_, signature = app_identity.sign_blob(message)
return signature
示例4: sign_blob
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_blob(self, blob):
"""Cryptographically sign a blob (of bytes).
Implements abstract method
:meth:`oauth2client.client.AssertionCredentials.sign_blob`.
Args:
blob: bytes, Message to be signed.
Returns:
tuple, A pair of the private key ID used to sign the blob and
the signed contents.
"""
return app_identity.sign_blob(blob)
示例5: generate_jwt
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def generate_jwt():
"""Generates a signed JSON Web Token using the Google App Engine default
service account."""
now = int(time.time())
header_json = json.dumps({
"typ": "JWT",
"alg": "RS256"})
payload_json = json.dumps({
'iat': now,
# expires after one hour.
"exp": now + 3600,
# iss is the Google App Engine default service account email.
'iss': DEFAULT_SERVICE_ACCOUNT,
'sub': DEFAULT_SERVICE_ACCOUNT,
# Typically, the audience is the hostname of your API. The aud
# defined here must match the audience in the security configuration
# in yourOpenAPI spec.
'aud': 'echo.endpoints.sample.google.com',
"email": DEFAULT_SERVICE_ACCOUNT
})
header_and_payload = '{}.{}'.format(
base64.urlsafe_b64encode(header_json),
base64.urlsafe_b64encode(payload_json))
(key_name, signature) = app_identity.sign_blob(header_and_payload)
signed_jwt = '{}.{}'.format(
header_and_payload,
base64.urlsafe_b64encode(signature))
return signed_jwt
示例6: generate_jwt
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def generate_jwt():
"""Generates a signed JSON Web Token using the Google App Engine default
service account."""
now = int(time.time())
header_json = json.dumps({
"typ": "JWT",
"alg": "RS256"})
payload_json = json.dumps({
"iat": now,
# expires after one hour.
"exp": now + 3600,
# iss is the service account email.
"iss": SERVICE_ACCOUNT_EMAIL,
# target_audience is the URL of the target service.
"target_audience": TARGET_AUD,
# aud must be Google token endpoints URL.
"aud": "https://www.googleapis.com/oauth2/v4/token"
})
header_and_payload = '{}.{}'.format(
base64.urlsafe_b64encode(header_json),
base64.urlsafe_b64encode(payload_json))
(key_name, signature) = app_identity.sign_blob(header_and_payload)
signed_jwt = '{}.{}'.format(
header_and_payload,
base64.urlsafe_b64encode(signature))
return signed_jwt
示例7: create_custom_token
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def create_custom_token(uid, valid_minutes=60):
"""Create a secure token for the given id.
This method is used to create secure custom JWT tokens to be passed to
clients. It takes a unique id (uid) that will be used by Firebase's
security rules to prevent unauthorized access. In this case, the uid will
be the channel id which is a combination of user_id and game_key
"""
# use the app_identity service from google.appengine.api to get the
# project's service account email automatically
client_email = app_identity.get_service_account_name()
now = int(time.time())
# encode the required claims
# per https://firebase.google.com/docs/auth/server/create-custom-tokens
payload = base64.b64encode(json.dumps({
'iss': client_email,
'sub': client_email,
'aud': _IDENTITY_ENDPOINT,
'uid': uid, # the important parameter, as it will be the channel id
'iat': now,
'exp': now + (valid_minutes * 60),
}))
# add standard header to identify this as a JWT
header = base64.b64encode(json.dumps({'typ': 'JWT', 'alg': 'RS256'}))
to_sign = '{}.{}'.format(header, payload)
# Sign the jwt using the built in app_identity service
return '{}.{}'.format(to_sign, base64.b64encode(
app_identity.sign_blob(to_sign)[1]))
示例8: get
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def get(self):
message = 'Hello, world!'
signing_key_name, signature = app_identity.sign_blob(message)
verified = verify_signed_by_app(message, signature)
self.response.content_type = 'text/plain'
self.response.write('Message: {}\n'.format(message))
self.response.write(
'Signature: {}\n'.format(base64.b64encode(signature)))
self.response.write('Verified: {}\n'.format(verified))
示例9: sign_blob
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_blob(blob, deadline=None):
"""Signs a blob using current service's private key.
Just an alias for GAE app_identity.sign_blob function for symmetry with
'check_signature'. Note that |blob| can be at most 8KB.
Returns:
Tuple (name of a key used, RSA+SHA256 signature).
"""
# app_identity.sign_blob is producing RSA+SHA256 signature. Sadly, it isn't
# documented anywhere. But it should be relatively stable since this API is
# used by OAuth2 libraries (and so changing signature method may break a lot
# of stuff).
return app_identity.sign_blob(blob, deadline)
示例10: test_sign_blob
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def test_sign_blob():
cleartext = 'Curiouser and curiouser!'
key_name, signature = app_identity.sign_blob(cleartext)
assert key_name
assert signature
示例11: sign_url
# 需要导入模块: from google.appengine.api import app_identity [as 别名]
# 或者: from google.appengine.api.app_identity import sign_blob [as 别名]
def sign_url(self, object_name, url_lifetime):
""" Generates Cloud Storage signed URL to download Google Cloud Storage
object without sign in.
See: https://cloud.google.com/storage/docs/access-control/signed-urls
This only works on a real App Engine app, not in a dev app server.
Args:
object_name (str): The name of the object which is signed.
url_lifetime (datetime.timedelta): Lifetime of the signed URL. The
server rejects any requests received after this time from now.
"""
if utils.is_dev_app_server():
# Not working on a dev app server because it doesn't support
# app_identity.sign_blob(). An alternative implementation would
# be needed to make it work on a dev app server.
raise Exception(
'sign_url only works on a real App Engine app, not on a dev '
'app server.')
method = 'GET'
expiration_time = utils.get_utcnow() + url_lifetime
expiration_sec = int(time.mktime(expiration_time.timetuple()))
path = '/%s/%s' % (self.bucket_name, object_name)
# These are unused in our use case.
content_md5 = ''
content_type = ''
signed_text = '\n'.join([
method,
content_md5,
content_type,
str(expiration_sec),
path,
])
(_, signature) = app_identity.sign_blob(signed_text.encode('utf-8'))
query_params = {
'GoogleAccessId': app_identity.get_service_account_name(),
'Expires': str(expiration_sec),
'Signature': base64.b64encode(signature),
}
return 'https://storage.googleapis.com%s?%s' % (path, urllib.urlencode(query_params))