commit ab086899a00fe56303be39be5dec7ccfe0cd14b9
author Jon Wayne Parrott <jonwayne@google.com> Thu Feb 23 09:20:14 2017 -0800
committer GitHub <noreply@github.com> Thu Feb 23 09:20:14 2017 -0800
tree 4e6003873f0d071e7bb8c8b6f3e3018ff6456601
parent 254befe4eca0dcc5d65d348f74c450491aff0fa1

Remove one-time token behavior of JWT Credentials (#117)

google/oauth2/service_account.py

diff --git a/google/oauth2/service_account.py b/google/oauth2/service_account.py
index b71b8ac..a4fc1b6 100644
--- a/google/oauth2/service_account.py
+++ b/google/oauth2/service_account.py
@@ -204,7 +204,7 @@
             filename, require=['client_email', 'token_uri'])
         return cls._from_signer_and_info(signer, info, **kwargs)
 
-    def to_jwt_credentials(self):
+    def to_jwt_credentials(self, audience):
         """Creates a :class:`google.auth.jwt.Credentials` instance from this
         instance.
 
@@ -223,13 +223,18 @@
             jwt_creds = jwt.Credentials.from_service_account_file(
                 'service_account.json')
 
+        Args:
+            audience (str): the `aud` claim. The intended audience for the
+                credentials.
+
         Returns:
             google.auth.jwt.Credentials: A new Credentials instance.
         """
         return jwt.Credentials(
             self._signer,
             issuer=self._service_account_email,
-            subject=self._service_account_email)
+            subject=self._service_account_email,
+            audience=audience)
 
     @property
     def service_account_email(self):