Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / 7ae9a284dae16d274bfd4d876414f08efd6c3bff^! / .
commit7ae9a284dae16d274bfd4d876414f08efd6c3bff[log] [tgz]
authorarithmetic1728 <58957152+arithmetic1728@users.noreply.github.com>Wed Apr 01 16:29:50 2020 -0700
committerGitHub <noreply@github.com>Wed Apr 01 16:29:50 2020 -0700
treed7014a57e788b169702604301e7bbd8a424991b3
parent46fa9c4fa4783ef584b132e0628dc6031a7e48b5 [diff]
fix: invalid expiry type (#481)


diff --git a/google/auth/compute_engine/credentials.py b/google/auth/compute_engine/credentials.py
index 1927c26..1550465 100644
--- a/google/auth/compute_engine/credentials.py
+++ b/google/auth/compute_engine/credentials.py

@@ -274,6 +274,9 @@
             request (google.auth.transport.Request): The object used to make
                 HTTP requests.
 
+        Returns:
+            Tuple[str, datetime.datetime]: The ID token and the expiry of the ID token.
+
         Raises:
             google.auth.exceptions.RefreshError: If the Compute Engine metadata
                 service can't be reached or if the instance has no credentials.
@@ -291,7 +294,7 @@
             six.raise_from(new_exc, caught_exc)
 
         _, payload, _, _ = jwt._unverified_decode(id_token)
-        return id_token, payload["exp"]
+        return id_token, datetime.datetime.fromtimestamp(payload["exp"])
 
     def refresh(self, request):
         """Refreshes the ID token.

diff --git a/system_tests/test_compute_engine.py b/system_tests/test_compute_engine.py
index b0d42f3..1e0eaf1 100644
--- a/system_tests/test_compute_engine.py
+++ b/system_tests/test_compute_engine.py

@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from datetime import datetime
+
 import pytest
 
 import google.auth
@@ -61,8 +63,9 @@
     credentials.refresh(http_request)
 
     _, payload, _, _ = jwt._unverified_decode(credentials.token)
+    assert credentials.valid
     assert payload["aud"] == AUDIENCE
-    assert payload["exp"] == credentials.expiry
+    assert datetime.fromtimestamp(payload["exp"]) == credentials.expiry
 
 
 def test_fetch_id_token(http_request):

diff --git a/tests/compute_engine/test_credentials.py b/tests/compute_engine/test_credentials.py
index 264235e..98def0f 100644
--- a/tests/compute_engine/test_credentials.py
+++ b/tests/compute_engine/test_credentials.py

@@ -522,7 +522,7 @@
         cred.refresh(request=mock.Mock())
 
         assert cred.token == SAMPLE_ID_TOKEN
-        assert cred.expiry == SAMPLE_ID_TOKEN_EXP
+        assert cred.expiry == datetime.datetime.fromtimestamp(SAMPLE_ID_TOKEN_EXP)
         assert cred._use_metadata_identity_endpoint
         assert cred._signer is None
         assert cred._token_uri is None