Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / e290a3dbecc4767dd25ee14574951cdb6c2157cb^! / . / docs
commite290a3dbecc4767dd25ee14574951cdb6c2157cb[log] [tgz]
authorThea Flowers <theaflowers@google.com>Wed Apr 01 10:11:42 2020 -0700
committerGitHub <noreply@github.com>Wed Apr 01 10:11:42 2020 -0700
tree715be596ca8d3046d6339cddc0a1bf0fd62ee36d
parent772dac6a6512230d32cb0dfae65a1a6aa9015049 [diff]
feat: Implement ES256 for JWT verification (#340)

feat: Implement EC256 for JWT verification
diff --git a/docs/reference/google.auth.crypt.es256.rst b/docs/reference/google.auth.crypt.es256.rst
new file mode 100644
index 0000000..5a63184
--- /dev/null
+++ b/docs/reference/google.auth.crypt.es256.rst

@@ -0,0 +1,7 @@
+google.auth.crypt.es256 module
+==============================
+
+.. automodule:: google.auth.crypt.es256
+   :members:
+   :inherited-members:
+   :show-inheritance:

diff --git a/docs/reference/google.auth.crypt.rst b/docs/reference/google.auth.crypt.rst
index 0833e7f..be142f4 100644
--- a/docs/reference/google.auth.crypt.rst
+++ b/docs/reference/google.auth.crypt.rst

@@ -12,4 +12,5 @@
 .. toctree::
 
    google.auth.crypt.base
+   google.auth.crypt.es256
    google.auth.crypt.rsa

diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt
index 8dabaf9..89ad689 100644
--- a/docs/requirements-docs.txt
+++ b/docs/requirements-docs.txt

@@ -1,3 +1,4 @@
+cryptography
 sphinx-docstring-typing
 urllib3
 requests

diff --git a/docs/user-guide.rst b/docs/user-guide.rst
index 0abe160..3877bff 100644
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst

@@ -291,7 +291,21 @@
                                       target_credentials,
                                       target_audience=target_audience)
 
-IDToken verification can be done for various type of IDTokens using the :class:`google.oauth2.id_token` module 
+IDToken verification can be done for various type of IDTokens using the
+:class:`google.oauth2.id_token` module. It supports ID token signed with RS256
+and ES256 algorithms. However, ES256 algorithm won't be available unless
+`cryptography` dependency of version at least 1.4.0 is installed. You can check
+the dependency with `pip freeze` or try `from google.auth.crypt import es256`.
+The following is an example of verifying ID tokens:
+
+    from google.auth2 import id_token
+
+    request = google.auth.transport.requests.Request()
+
+    try:
+      decoded_token = id_token.verify_token(token_to_verify,request)
+    except ValueError:
+      # Verification failed.
 
 A sample end-to-end flow using an ID Token against a Cloud Run endpoint maybe ::