Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / bf5ce0c56c10f655ced6630653f0f2ad47fcceeb^! / . / google / auth / _default.py
commitbf5ce0c56c10f655ced6630653f0f2ad47fcceeb[log] [tgz]
authorBu Sun Kim <8822365+busunkim96@users.noreply.github.com>Mon Feb 01 15:17:49 2021 -0700
committerGitHub <noreply@github.com>Mon Feb 01 15:17:49 2021 -0700
tree12b164830a1d1f1e3f299dad272aa933edb1eb6a
parent3ca10394c036385b44c153c925de71c261ca82ea [diff] [blame]
feat: use self-signed jwt for service account (#665)


diff --git a/google/auth/_default.py b/google/auth/_default.py
index 4377893..3b8c281 100644
--- a/google/auth/_default.py
+++ b/google/auth/_default.py

@@ -69,7 +69,9 @@
         warnings.warn(_CLOUD_SDK_CREDENTIALS_WARNING)
 
 
-def load_credentials_from_file(filename, scopes=None, quota_project_id=None):
+def load_credentials_from_file(
+    filename, scopes=None, default_scopes=None, quota_project_id=None
+):
     """Loads Google credentials from a file.
 
     The credentials file must be a service account key or stored authorized
@@ -80,6 +82,8 @@
         scopes (Optional[Sequence[str]]): The list of scopes for the credentials. If
             specified, the credentials will automatically be scoped if
             necessary
+        default_scopes (Optional[Sequence[str]]): Default scopes passed by a
+            Google client library. Use 'scopes' for user-defined scopes.
         quota_project_id (Optional[str]):  The project ID used for
                 quota and billing.
 
@@ -132,7 +136,7 @@
 
         try:
             credentials = service_account.Credentials.from_service_account_info(
-                info, scopes=scopes
+                info, scopes=scopes, default_scopes=default_scopes
             )
         except ValueError as caught_exc:
             msg = "Failed to load service account credentials from {}".format(filename)
@@ -248,7 +252,7 @@
         return None, None
 
 
-def default(scopes=None, request=None, quota_project_id=None):
+def default(scopes=None, request=None, quota_project_id=None, default_scopes=None):
     """Gets the default credentials for the current environment.
 
     `Application Default Credentials`_ provides an easy way to obtain
@@ -312,6 +316,8 @@
             use the standard library http client to make requests.
         quota_project_id (Optional[str]):  The project ID used for
             quota and billing.
+        default_scopes (Optional[Sequence[str]]): Default scopes passed by a
+            Google client library. Use 'scopes' for user-defined scopes.
     Returns:
         Tuple[~google.auth.credentials.Credentials, Optional[str]]:
             the current environment's credentials and project ID. Project ID
@@ -339,7 +345,9 @@
     for checker in checkers:
         credentials, project_id = checker()
         if credentials is not None:
-            credentials = with_scopes_if_required(credentials, scopes)
+            credentials = with_scopes_if_required(
+                credentials, scopes, default_scopes=default_scopes
+            )
             if quota_project_id:
                 credentials = credentials.with_quota_project(quota_project_id)