File tree Expand file tree Collapse file tree 1 file changed +16
-0
lines changed Expand file tree Collapse file tree 1 file changed +16
-0
lines changed Original file line number Diff line number Diff line change 2222
2323
2424def certs ():
25+ """Returns a dictionary of current Google public key certificates for
26+ validating Google-signed JWTs. Since these change rarely, the result
27+ is cached on first request for faster subsequent responses.
28+ """
2529 import requests
2630
2731 global CERTS
@@ -34,6 +38,10 @@ def certs():
3438
3539
3640def get_metadata (item_name ):
41+ """Returns a string with the project metadata value for the item_name.
42+ See https://cloud.google.com/compute/docs/storing-retrieving-metadata for
43+ possible item_name values.
44+ """
3745 import requests
3846
3947 endpoint = 'http://metadata.google.internal'
@@ -48,6 +56,10 @@ def get_metadata(item_name):
4856
4957
5058def audience ():
59+ """Returns the audience value (the JWT 'aud' property) for the current
60+ running instance. Since this involves a metadata lookup, the result is
61+ cached when first requested for faster future responses.
62+ """
5163 global AUDIENCE
5264 if AUDIENCE is None :
5365 project_number = get_metadata ('numeric-project-id' )
@@ -59,6 +71,10 @@ def audience():
5971
6072
6173def validate_assertion (assertion ):
74+ """Checks that the JWT assertion is valid (properly signed, for the
75+ correct audience) and if so, returns strings for the requesting user's
76+ email and a persistent user ID. If not valid, returns None for each field.
77+ """
6278 from jose import jwt
6379
6480 try :
You can’t perform that action at this time.
0 commit comments