Merge pull request #22471 from lidizheng/auth-meta

Correct the docstring and implementation of AuthMetadataPlugin
pull/22477/head
Lidi Zheng 5 years ago committed by GitHub
commit a687274c74
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      src/python/grpcio/grpc/__init__.py
  2. 37
      src/python/grpcio/grpc/_auth.py

@ -628,7 +628,7 @@ class AuthMetadataPlugin(six.with_metaclass(abc.ABCMeta)):
def __call__(self, context, callback): def __call__(self, context, callback):
"""Implements authentication by passing metadata to a callback. """Implements authentication by passing metadata to a callback.
Implementations of this method must not block. This method will be invoked asynchronously in a separate thread.
Args: Args:
context: An AuthMetadataContext providing information on the RPC that context: An AuthMetadataContext providing information on the RPC that

@ -14,7 +14,6 @@
"""GRPCAuthMetadataPlugins for standard authentication.""" """GRPCAuthMetadataPlugins for standard authentication."""
import inspect import inspect
from concurrent import futures
import grpc import grpc
@ -24,43 +23,29 @@ def _sign_request(callback, token, error):
callback(metadata, error) callback(metadata, error)
def _create_get_token_callback(callback):
def get_token_callback(future):
try:
access_token = future.result().access_token
except Exception as exception: # pylint: disable=broad-except
_sign_request(callback, None, exception)
else:
_sign_request(callback, access_token, None)
return get_token_callback
class GoogleCallCredentials(grpc.AuthMetadataPlugin): class GoogleCallCredentials(grpc.AuthMetadataPlugin):
"""Metadata wrapper for GoogleCredentials from the oauth2client library.""" """Metadata wrapper for GoogleCredentials from the oauth2client library."""
def __init__(self, credentials): def __init__(self, credentials):
self._credentials = credentials self._credentials = credentials
self._pool = futures.ThreadPoolExecutor(max_workers=1)
# Hack to determine if these are JWT creds and we need to pass # Hack to determine if these are JWT creds and we need to pass
# additional_claims when getting a token # additional_claims when getting a token
self._is_jwt = 'additional_claims' in inspect.getargspec( # pylint: disable=deprecated-method self._is_jwt = 'additional_claims' in inspect.getargspec( # pylint: disable=deprecated-method
credentials.get_access_token).args credentials.get_access_token).args
def __call__(self, context, callback): def __call__(self, context, callback):
# MetadataPlugins cannot block (see grpc.beta.interfaces.py) try:
if self._is_jwt: if self._is_jwt:
future = self._pool.submit( access_token = self._credentials.get_access_token(
self._credentials.get_access_token, additional_claims={
additional_claims={'aud': context.service_url}) 'aud': context.service_url
}).access_token
else:
access_token = self._credentials.get_access_token().access_token
except Exception as exception: # pylint: disable=broad-except
_sign_request(callback, None, exception)
else: else:
future = self._pool.submit(self._credentials.get_access_token) _sign_request(callback, access_token, None)
future.add_done_callback(_create_get_token_callback(callback))
def __del__(self):
self._pool.shutdown(wait=False)
class AccessTokenAuthMetadataPlugin(grpc.AuthMetadataPlugin): class AccessTokenAuthMetadataPlugin(grpc.AuthMetadataPlugin):

Loading…
Cancel
Save