本文整理汇总了Python中google.auth.jwt.decode方法的典型用法代码示例。如果您正苦于以下问题:Python jwt.decode方法的具体用法?Python jwt.decode怎么用?Python jwt.decode使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类google.auth.jwt的用法示例。
在下文中一共展示了jwt.decode方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_with_service_account
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_with_service_account(self, sign, get, utcnow):
sign.side_effect = [b"signature"]
request = mock.create_autospec(transport.Request, instance=True)
self.credentials = credentials.IDTokenCredentials(
request=request,
target_audience="https://audience.com",
service_account_email="service-account@other.com",
)
# Generate authorization grant:
token = self.credentials._make_authorization_grant_assertion()
payload = jwt.decode(token, verify=False)
# The JWT token signature is 'signature' encoded in base 64:
assert token.endswith(b".c2lnbmF0dXJl")
# Check that the credentials have the token and proper expiration
assert payload == {
"aud": "https://www.googleapis.com/oauth2/v4/token",
"exp": 3600,
"iat": 0,
"iss": "service-account@other.com",
"target_audience": "https://audience.com",
} 示例2: sign_bytes
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def sign_bytes(self, message):
iam_sign_endpoint = _IAM_SIGN_ENDPOINT.format(self._target_principal)
body = {
"payload": base64.b64encode(message).decode("utf-8"),
"delegates": self._delegates,
}
headers = {"Content-Type": "application/json"}
authed_session = AuthorizedSession(self._source_credentials)
response = authed_session.post(
url=iam_sign_endpoint, headers=headers, json=body
)
return base64.b64decode(response.json()["signedBlob"]) 示例3: _fetch_certs
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def _fetch_certs(request, certs_url):
"""Fetches certificates.
Google-style cerificate endpoints return JSON in the format of
``{'key id': 'x509 certificate'}``.
Args:
request (google.auth.transport.Request): The object used to make
HTTP requests.
certs_url (str): The certificate endpoint URL.
Returns:
Mapping[str, str]: A mapping of public key ID to x.509 certificate
data.
"""
response = request(certs_url, method="GET")
if response.status != http_client.OK:
raise exceptions.TransportError(
"Could not fetch certificates at {}".format(certs_url)
)
return json.loads(response.data.decode("utf-8")) 示例4: verify_token
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def verify_token(id_token, request, audience=None, certs_url=_GOOGLE_OAUTH2_CERTS_URL):
"""Verifies an ID token and returns the decoded token.
Args:
id_token (Union[str, bytes]): The encoded token.
request (google.auth.transport.Request): The object used to make
HTTP requests.
audience (str): The audience that this token is intended for. If None
then the audience is not verified.
certs_url (str): The URL that specifies the certificates to use to
verify the token. This URL should return JSON in the format of
``{'key id': 'x509 certificate'}``.
Returns:
Mapping[str, Any]: The decoded token.
"""
certs = _fetch_certs(request, certs_url)
return jwt.decode(id_token, certs=certs, audience=audience) 示例5: _validate_iap_jwt
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def _validate_iap_jwt(iap_jwt, expected_audience):
try:
# Retrieve public key for token signature verification.
key_id = jwt.decode_header(iap_jwt).get('kid')
if not key_id:
return (None, None, '**ERROR: no key ID**')
key = get_iap_key(key_id)
# Verify token signature, expiry and audience.
decoded_jwt = jwt.decode(iap_jwt, certs=key, audience=expected_audience)
# Verify token issuer.
if decoded_jwt.get('iss') != 'https://cloud.google.com/iap':
return (None, None, '**ERROR: invalid issuer**')
return (decoded_jwt['sub'], decoded_jwt['email'], '')
except (ValueError, requests.exceptions.RequestException) as e:
return (None, None, '**ERROR: JWT validation error {}**'.format(e)) 示例6: _fetch_certs
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def _fetch_certs(request, certs_url):
"""Fetches certificates.
Google-style cerificate endpoints return JSON in the format of
``{'key id': 'x509 certificate'}``.
Args:
request (google.auth.transport.Request): The object used to make
HTTP requests.
certs_url (str): The certificate endpoint URL.
Returns:
Mapping[str, str]: A mapping of public key ID to x.509 certificate
data.
"""
response = request(certs_url, method='GET')
if response.status != http_client.OK:
raise exceptions.TransportError(
'Could not fetch certificates at {}'.format(certs_url))
return json.loads(response.data.decode('utf-8')) 示例7: verify_token
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def verify_token(id_token, request, audience=None,
certs_url=_GOOGLE_OAUTH2_CERTS_URL):
"""Verifies an ID token and returns the decoded token.
Args:
id_token (Union[str, bytes]): The encoded token.
request (google.auth.transport.Request): The object used to make
HTTP requests.
audience (str): The audience that this token is intended for. If None
then the audience is not verified.
certs_url (str): The URL that specifies the certificates to use to
verify the token. This URL should return JSON in the format of
``{'key id': 'x509 certificate'}``.
Returns:
Mapping[str, Any]: The decoded token.
"""
certs = _fetch_certs(request, certs_url)
return jwt.decode(id_token, certs=certs, audience=audience) 示例8: decode_token
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def decode_token(token, client_id):
decoded = jwt.decode(token, certs=GOOGLE_PUBLIC_KEY, verify=True, audience=client_id)
return decoded 示例9: test_decode_valid
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_decode_valid(token_factory):
payload = jwt.decode(token_factory(), certs=PUBLIC_CERT_BYTES)
assert payload["aud"] == "audience@example.com"
assert payload["user"] == "billy bob"
assert payload["metadata"]["meta"] == "data" 示例10: test_decode_valid_es256
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_decode_valid_es256(token_factory):
payload = jwt.decode(
token_factory(use_es256_signer=True), certs=EC_PUBLIC_CERT_BYTES
)
assert payload["aud"] == "audience@example.com"
assert payload["user"] == "billy bob"
assert payload["metadata"]["meta"] == "data" 示例11: test_decode_valid_with_audience
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_decode_valid_with_audience(token_factory):
payload = jwt.decode(
token_factory(), certs=PUBLIC_CERT_BYTES, audience="audience@example.com"
)
assert payload["aud"] == "audience@example.com"
assert payload["user"] == "billy bob"
assert payload["metadata"]["meta"] == "data" 示例12: test_decode_valid_unverified
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_decode_valid_unverified(token_factory):
payload = jwt.decode(token_factory(), certs=OTHER_CERT_BYTES, verify=False)
assert payload["aud"] == "audience@example.com"
assert payload["user"] == "billy bob"
assert payload["metadata"]["meta"] == "data" 示例13: test_decode_bad_token_wrong_number_of_segments
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_decode_bad_token_wrong_number_of_segments():
with pytest.raises(ValueError) as excinfo:
jwt.decode("1.2", PUBLIC_CERT_BYTES)
assert excinfo.match(r"Wrong number of segments") 示例14: test_decode_bad_token_not_json
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_decode_bad_token_not_json():
token = b".".join([base64.urlsafe_b64encode(b"123!")] * 3)
with pytest.raises(ValueError) as excinfo:
jwt.decode(token, PUBLIC_CERT_BYTES)
assert excinfo.match(r"Can\'t parse segment") 示例15: test_decode_bad_token_no_iat_or_exp
# 需要导入模块: from google.auth import jwt [as 别名]
# 或者: from google.auth.jwt import decode [as 别名]
def test_decode_bad_token_no_iat_or_exp(signer):
token = jwt.encode(signer, {"test": "value"})
with pytest.raises(ValueError) as excinfo:
jwt.decode(token, PUBLIC_CERT_BYTES)
assert excinfo.match(r"Token does not contain required claim")