feat: implements the OAuth token exchange spec based on rfc8693 #598
Conversation
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
google/oauth2/sts.py
Outdated
| subject_token_type, | ||
| resource=None, | ||
| audience=None, | ||
| scope=None, |
There was a problem hiding this comment.
Can this be renamed to scopes for consistency with other methods in this library?
There was a problem hiding this comment.
The spec defines this as scope (the request parameter) but since that is the space separated string, and this is an array which will be joined into a string, I have renamed it to scopes. Note that the base credential class will align with the rest of the library in using scopes.
google/oauth2/sts.py
Outdated
| actor_token (Optional[str]): The optional OAuth 2.0 token exchange actor token. | ||
| actor_token_type (Optional[str]): The optional OAuth 2.0 token exchange actor token type. | ||
| additional_options (Optional[Mapping[str, str]]): The optional additional | ||
| non-standard GCP specific options. |
There was a problem hiding this comment.
Same comment as above
| non-standard GCP specific options. | |
| non-standard Google specific options. |
google/oauth2/sts.py
Outdated
| The implementation will support various types of client authentication as | ||
| allowed in the spec. | ||
|
|
||
| A deviation on the spec will be for additional GCP specific options that |
There was a problem hiding this comment.
Unless these options are only available with Cloud APIs, I think it's better to be more general (Google instead of GCP).
| A deviation on the spec will be for additional GCP specific options that | |
| A deviation on the spec will be for additional Google specific options that |
|
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
Implements an internal utility for exchanging OAuth tokens using the rfc/8693 spec.