本文整理汇总了Python中oauth2client.crypt.verify_signed_jwt_with_certs方法的典型用法代码示例。如果您正苦于以下问题:Python crypt.verify_signed_jwt_with_certs方法的具体用法?Python crypt.verify_signed_jwt_with_certs怎么用?Python crypt.verify_signed_jwt_with_certs使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类oauth2client.crypt的用法示例。
在下文中一共展示了crypt.verify_signed_jwt_with_certs方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: VerifyGitkitToken
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def VerifyGitkitToken(self, jwt):
"""Verifies a Gitkit token string.
Args:
jwt: string, the token to be checked
Returns:
GitkitUser, if the token is valid. None otherwise.
"""
certs = self.rpc_helper.GetPublicCert()
crypt.MAX_TOKEN_LIFETIME_SECS = 30 * 86400 # 30 days
parsed = None
for aud in filter(lambda x: x is not None, [self.project_id, self.client_id]):
try:
parsed = crypt.verify_signed_jwt_with_certs(jwt, certs, aud)
except crypt.AppIdentityError as e:
if "Wrong recipient" not in e.message:
return None
if parsed:
return GitkitUser.FromToken(parsed)
return None # Gitkit token audience doesn't match projectId or clientId in server configuration 示例2: test_get_access_token_additional_claims
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def test_get_access_token_additional_claims(self, time, utcnow):
utcnow.return_value = T1_DATE
time.return_value = T1
audience = 'https://test2.url.com'
subject = 'dummy2@google.com'
claims = {'aud': audience, 'sub': subject}
token_info = self.jwt.get_access_token(additional_claims=claims)
certs = {'key': datafile('public_cert.pem')}
payload = crypt.verify_signed_jwt_with_certs(
token_info.access_token, certs, audience=audience)
expires_in = token_info.expires_in
self.assertEqual(len(payload), 5)
self.assertEqual(payload['iss'], self.service_account_email)
self.assertEqual(payload['sub'], subject)
self.assertEqual(payload['iat'], T1)
self.assertEqual(payload['exp'], T1_EXPIRY)
self.assertEqual(payload['aud'], audience)
self.assertEqual(expires_in, T1_EXPIRY - T1) 示例3: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=ID_TOKEN_VERIFICATION_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError: if the JWT fails to verify.
CryptoUnavailableError: if no crypto library is available.
"""
_RequireCryptoOrDie()
if http is None:
http = _cached_http
resp, content = http.request(cert_uri)
if resp.status == 200:
certs = json.loads(content)
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise VerifyJwtTokenError('Status code: %d' % resp.status) 示例4: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=ID_TOKEN_VERIFICATON_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError if the JWT fails to verify.
"""
if http is None:
http = _cached_http
resp, content = http.request(cert_uri)
if resp.status == 200:
certs = simplejson.loads(content)
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise VerifyJwtTokenError('Status code: %d' % resp.status) 示例5: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=client.ID_TOKEN_VERIFICATON_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError if the JWT fails to verify.
"""
if http is None:
http = _cached_http
resp, content = http.request(cert_uri)
if resp.status == 200:
certs = json.loads(content)
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise client.VerifyJwtTokenError('Status code: %d' % resp.status) 示例6: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=ID_TOKEN_VERIFICATON_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError if the JWT fails to verify.
"""
if http is None:
http = _cached_http
resp, content = http.request(cert_uri)
if resp.status == 200:
certs = json.loads(content)
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise VerifyJwtTokenError('Status code: %d' % resp.status) 示例7: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=ID_TOKEN_VERIFICATION_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError: if the JWT fails to verify.
CryptoUnavailableError: if no crypto library is available.
"""
_require_crypto_or_die()
if http is None:
http = _cached_http
resp, content = http.request(cert_uri)
if resp.status == http_client.OK:
certs = json.loads(_from_bytes(content))
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise VerifyJwtTokenError('Status code: %d' % resp.status) 示例8: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=ID_TOKEN_VERIFICATION_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError: if the JWT fails to verify.
CryptoUnavailableError: if no crypto library is available.
"""
_require_crypto_or_die()
if http is None:
http = transport.get_cached_http()
resp, content = http.request(cert_uri)
if resp.status == http_client.OK:
certs = json.loads(_helpers._from_bytes(content))
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise VerifyJwtTokenError('Status code: {0}'.format(resp.status)) 示例9: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=ID_TOKEN_VERIFICATION_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError: if the JWT fails to verify.
CryptoUnavailableError: if no crypto library is available.
"""
_RequireCryptoOrDie()
if http is None:
http = _cached_http
resp, content = http.request(cert_uri)
if resp.status == http_client.OK:
certs = json.loads(_from_bytes(content))
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise VerifyJwtTokenError('Status code: %d' % resp.status) 示例10: verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def verify_id_token(id_token, audience, http=None,
cert_uri=ID_TOKEN_VERIFICATION_CERTS):
"""Verifies a signed JWT id_token.
This function requires PyOpenSSL and because of that it does not work on
App Engine.
Args:
id_token: string, A Signed JWT.
audience: string, The audience 'aud' that the token should be for.
http: httplib2.Http, instance to use to make the HTTP request. Callers
should supply an instance that has caching enabled.
cert_uri: string, URI of the certificates in JSON format to
verify the JWT against.
Returns:
The deserialized JSON in the JWT.
Raises:
oauth2client.crypt.AppIdentityError: if the JWT fails to verify.
CryptoUnavailableError: if no crypto library is available.
"""
_require_crypto_or_die()
if http is None:
http = transport.get_cached_http()
resp, content = transport.request(http, cert_uri)
if resp.status == http_client.OK:
certs = json.loads(_helpers._from_bytes(content))
return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
else:
raise VerifyJwtTokenError('Status code: {0}'.format(resp.status)) 示例11: _check_jwt_failure
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def _check_jwt_failure(self, jwt, expected_error):
public_key = datafile('public_cert.pem')
certs = {'foo': public_key}
audience = ('https://www.googleapis.com/auth/id?client_id='
'external_public_key@testing.gserviceaccount.com')
with self.assertRaises(crypt.AppIdentityError) as exc_manager:
crypt.verify_signed_jwt_with_certs(jwt, certs, audience)
self.assertTrue(expected_error in str(exc_manager.exception)) 示例12: test_verify_id_token
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def test_verify_id_token(self):
jwt = self._create_signed_jwt()
public_key = datafile('public_cert.pem')
certs = {'foo': public_key}
audience = 'some_audience_address@testing.gserviceaccount.com'
contents = crypt.verify_signed_jwt_with_certs(jwt, certs, audience)
self.assertEqual('billy bob', contents['user'])
self.assertEqual('data', contents['metadata']['meta']) 示例13: test_jwt_no_segments
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def test_jwt_no_segments(self):
exception_caught = None
try:
crypt.verify_signed_jwt_with_certs(b'', None)
except crypt.AppIdentityError as exc:
exception_caught = exc
self.assertNotEqual(exception_caught, None)
self.assertTrue(str(exception_caught).startswith(
'Wrong number of segments in token')) 示例14: test_jwt_payload_bad_json
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def test_jwt_payload_bad_json(self):
header = signature = b''
payload = base64.b64encode(b'{BADJSON')
jwt = b'.'.join([header, payload, signature])
exception_caught = None
try:
crypt.verify_signed_jwt_with_certs(jwt, None)
except crypt.AppIdentityError as exc:
exception_caught = exc
self.assertNotEqual(exception_caught, None)
self.assertTrue(str(exception_caught).startswith(
'Can\'t parse token')) 示例15: test_get_access_token_no_claims
# 需要导入模块: from oauth2client import crypt [as 别名]
# 或者: from oauth2client.crypt import verify_signed_jwt_with_certs [as 别名]
def test_get_access_token_no_claims(self, time, utcnow):
utcnow.return_value = T1_DATE
time.return_value = T1
token_info = self.jwt.get_access_token()
certs = {'key': datafile('public_cert.pem')}
payload = crypt.verify_signed_jwt_with_certs(
token_info.access_token, certs, audience=self.url)
self.assertEqual(len(payload), 5)
self.assertEqual(payload['iss'], self.service_account_email)
self.assertEqual(payload['sub'], self.service_account_email)
self.assertEqual(payload['iat'], T1)
self.assertEqual(payload['exp'], T1_EXPIRY)
self.assertEqual(payload['aud'], self.url)
self.assertEqual(token_info.expires_in, T1_EXPIRY - T1)
# Verify that we vend the same token after 100 seconds
utcnow.return_value = T2_DATE
token_info = self.jwt.get_access_token()
payload = crypt.verify_signed_jwt_with_certs(
token_info.access_token,
{'key': datafile('public_cert.pem')}, audience=self.url)
self.assertEqual(payload['iat'], T1)
self.assertEqual(payload['exp'], T1_EXPIRY)
self.assertEqual(token_info.expires_in, T1_EXPIRY - T2)
# Verify that we vend a new token after _MAX_TOKEN_LIFETIME_SECS
utcnow.return_value = T3_DATE
time.return_value = T3
token_info = self.jwt.get_access_token()
payload = crypt.verify_signed_jwt_with_certs(
token_info.access_token,
{'key': datafile('public_cert.pem')}, audience=self.url)
expires_in = token_info.expires_in
self.assertEqual(payload['iat'], T3)
self.assertEqual(payload['exp'], T3_EXPIRY)
self.assertEqual(expires_in, T3_EXPIRY - T3)