58 lines
2.1 KiB
Python
58 lines
2.1 KiB
Python
# Copyright 2016 gRPC authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""GRPCAuthMetadataPlugins for standard authentication."""
|
|
|
|
import inspect
|
|
|
|
import grpc
|
|
|
|
|
|
def _sign_request(callback, token, error):
|
|
metadata = (('authorization', 'Bearer {}'.format(token)),)
|
|
callback(metadata, error)
|
|
|
|
|
|
class GoogleCallCredentials(grpc.AuthMetadataPlugin):
|
|
"""Metadata wrapper for GoogleCredentials from the oauth2client library."""
|
|
|
|
def __init__(self, credentials):
|
|
self._credentials = credentials
|
|
# Hack to determine if these are JWT creds and we need to pass
|
|
# additional_claims when getting a token
|
|
self._is_jwt = 'additional_claims' in inspect.getargspec( # pylint: disable=deprecated-method
|
|
credentials.get_access_token).args
|
|
|
|
def __call__(self, context, callback):
|
|
try:
|
|
if self._is_jwt:
|
|
access_token = self._credentials.get_access_token(
|
|
additional_claims={
|
|
'aud': context.service_url
|
|
}).access_token
|
|
else:
|
|
access_token = self._credentials.get_access_token().access_token
|
|
except Exception as exception: # pylint: disable=broad-except
|
|
_sign_request(callback, None, exception)
|
|
else:
|
|
_sign_request(callback, access_token, None)
|
|
|
|
|
|
class AccessTokenAuthMetadataPlugin(grpc.AuthMetadataPlugin):
|
|
"""Metadata wrapper for raw access token credentials."""
|
|
|
|
def __init__(self, access_token):
|
|
self._access_token = access_token
|
|
|
|
def __call__(self, context, callback):
|
|
_sign_request(callback, self._access_token, None)
|