feat: add fetch_id_token to support id_token adc (#469)
feat: id_token adc with gcloud cred
diff --git a/system_tests/noxfile.py b/system_tests/noxfile.py
index 6e66eb4..14cd3db 100644
--- a/system_tests/noxfile.py
+++ b/system_tests/noxfile.py
@@ -200,7 +200,7 @@
session.env[EXPECT_PROJECT_ENV] = "1"
session.install(*TEST_DEPENDENCIES)
session.install(LIBRARY_DIR)
- session.run("pytest", "test_default.py")
+ session.run("pytest", "test_default.py", "test_id_token.py")
@nox.session(python=PYTHON_VERSIONS)
diff --git a/system_tests/test_compute_engine.py b/system_tests/test_compute_engine.py
index bcfdfd6..b0d42f3 100644
--- a/system_tests/test_compute_engine.py
+++ b/system_tests/test_compute_engine.py
@@ -20,6 +20,9 @@
from google.auth import exceptions
from google.auth import jwt
from google.auth.compute_engine import _metadata
+import google.oauth2.id_token
+
+AUDIENCE = "https://pubsub.googleapis.com"
@pytest.fixture(autouse=True)
@@ -53,10 +56,17 @@
def test_id_token_from_metadata(http_request):
credentials = compute_engine.IDTokenCredentials(
- http_request, "target_audience", use_metadata_identity_endpoint=True
+ http_request, AUDIENCE, use_metadata_identity_endpoint=True
)
credentials.refresh(http_request)
_, payload, _, _ = jwt._unverified_decode(credentials.token)
- assert payload["aud"] == "target_audience"
+ assert payload["aud"] == AUDIENCE
assert payload["exp"] == credentials.expiry
+
+
+def test_fetch_id_token(http_request):
+ token = google.oauth2.id_token.fetch_id_token(http_request, AUDIENCE)
+
+ _, payload, _, _ = jwt._unverified_decode(token)
+ assert payload["aud"] == AUDIENCE
diff --git a/system_tests/test_id_token.py b/system_tests/test_id_token.py
new file mode 100644
index 0000000..b07cefc
--- /dev/null
+++ b/system_tests/test_id_token.py
@@ -0,0 +1,25 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import pytest
+
+from google.auth import jwt
+import google.oauth2.id_token
+
+
+def test_fetch_id_token(http_request):
+ audience = "https://pubsub.googleapis.com"
+ token = google.oauth2.id_token.fetch_id_token(http_request, audience)
+
+ _, payload, _, _ = jwt._unverified_decode(token)
+ assert payload["aud"] == audience