-
Notifications
You must be signed in to change notification settings - Fork 305
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: implements the OAuth token exchange spec based on rfc8693 #598
feat: implements the OAuth token exchange spec based on rfc8693 #598
Conversation
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
google/oauth2/sts.py
Outdated
subject_token_type, | ||
resource=None, | ||
audience=None, | ||
scope=None, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this be renamed to scopes
for consistency with other methods in this library?
scopes=None, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The spec defines this as scope
(the request parameter) but since that is the space separated string, and this is an array which will be joined into a string, I have renamed it to scopes
. Note that the base credential class will align with the rest of the library in using scopes
.
google/oauth2/sts.py
Outdated
actor_token (Optional[str]): The optional OAuth 2.0 token exchange actor token. | ||
actor_token_type (Optional[str]): The optional OAuth 2.0 token exchange actor token type. | ||
additional_options (Optional[Mapping[str, str]]): The optional additional | ||
non-standard GCP specific options. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as above
non-standard GCP specific options. | |
non-standard Google specific options. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
google/oauth2/sts.py
Outdated
The implementation will support various types of client authentication as | ||
allowed in the spec. | ||
|
||
A deviation on the spec will be for additional GCP specific options that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unless these options are only available with Cloud APIs, I think it's better to be more general (Google instead of GCP).
A deviation on the spec will be for additional GCP specific options that | |
A deviation on the spec will be for additional Google specific options that |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google. ℹ️ Googlers: Go here for more info. |
Implements an internal utility for exchanging OAuth tokens using the rfc/8693 spec.