google.appengine.api.app_identity.app_identity module

Summary

Provides access functions for the app identity service.

To learn more about the App Identity API, review the Overview document.

Contents

exception google.appengine.api.app_identity.app_identity.BackendDeadlineExceededsource

Bases: google.appengine.api.app_identity.app_identity.Error

The communication to the backend service timed out.

exception google.appengine.api.app_identity.app_identity.BlobSizeTooLargesource

Bases: google.appengine.api.app_identity.app_identity.Error

The size of the blob to sign is larger than the allowed limit.

exception google.appengine.api.app_identity.app_identity.InternalErrorsource

Bases: google.appengine.api.app_identity.app_identity.Error

An unspecified internal failure occurred.

exception google.appengine.api.app_identity.app_identity.InvalidScopesource

Bases: google.appengine.api.app_identity.app_identity.Error

The scope is invalid.

exception google.appengine.api.app_identity.app_identity.NotAllowedsource

Bases: google.appengine.api.app_identity.app_identity.Error

The operation is not allowed.

exception google.appengine.api.app_identity.app_identity.OperationNotImplementedsource

Bases: google.appengine.api.app_identity.app_identity.Error

The operation is not implemented for the service account.

exception google.appengine.api.app_identity.app_identity.Errorsource

Bases: exceptions.Exception

Base error type.

google.appengine.api.app_identity.app_identity.create_rpc(deadline=None, callback=None)source

Creates an RPC object for use with the App Identity API.

Parameters
  • deadline – Optional deadline in seconds for the operation; the default value is a system-specific deadline, typically 5 seconds.

  • callback – Optional callable to invoke on completion.

Returns

An apiproxy_stub_map.UserRPC object specialized for this service.

google.appengine.api.app_identity.app_identity.make_sign_blob_call(rpc, bytes_to_sign)source

Executes the RPC call to sign a blob.

Parameters
  • rpc – A UserRPC instance.

  • bytes_to_sign – Blob that must be signed.

Returns

A tuple that contains the signing key name and the signature.

Raises

TypeError – If bytes_to_sign is not a string.

google.appengine.api.app_identity.app_identity.make_get_public_certificates_call(rpc)source

Executes the RPC call to get a list of public certificates.

Parameters

rpc – A UserRPC instance.

Returns

A list of PublicCertificate objects.

google.appengine.api.app_identity.app_identity.make_get_service_account_name_call(rpc)source

Gets the service account name of the app.

Parameters

rpc – A UserRPC object.

Returns

Service account name of the app.

google.appengine.api.app_identity.app_identity.sign_blob(bytes_to_sign, deadline=None)source

Signs a blob.

Parameters
  • bytes_to_sign – The blob that must be signed.

  • deadline – Optional deadline in seconds for the operation; the default value is a system-specific deadline, typically 5 seconds.

Returns

A tuple containing the signing key name and signature.

google.appengine.api.app_identity.app_identity.get_public_certificates(deadline=None)source

Gets public certificates.

Parameters

deadline – Optional deadline in seconds for the operation; the default value is a system-specific deadline, typically 5 seconds.

Returns

A list of PublicCertificate objects.

class google.appengine.api.app_identity.app_identity.PublicCertificate(key_name, x509_certificate_pem)source

Bases: object

Class that specifies information about a public certificate.

key_name

Name of the certificate.

x509_certificate_pem

X.509 certificates in PEM format.

google.appengine.api.app_identity.app_identity.get_service_account_name(deadline=None)source

Gets the service account name of the app.

Parameters

deadline – Optional deadline in seconds for the operation; the default value is a system-specific deadline, typically 5 seconds.

Returns

The service account name of the app.

google.appengine.api.app_identity.app_identity.get_application_id()source

Gets the application ID of an app.

Returns

The application ID of the app.

google.appengine.api.app_identity.app_identity.get_default_version_hostname()source

Gets the standard host name of the default version of the app.

For example, if your application_id is my-app, then the result might be my-app.appspot.com.

Returns

The standard host name of the default version of the application.

google.appengine.api.app_identity.app_identity.get_access_token(scopes, service_account_id=None)source

The OAuth 2.0 access token to act on behalf of the application.

This token will be cached.

A token will be generated and cached for the service account for the App Engine application.

Each application has an associated Google account. This function returns an OAuth 2.0 access token that corresponds to the running app. Access tokens are safe to cache and reuse until their expiry time as returned. This method caches access tokens using both an in-process cache and memcache.

Parameters

scopes – The requested API scope string, or a list of strings.

Returns

A Pair, Access token string and the expiration time in seconds since the epoch.

google.appengine.api.app_identity.app_identity.get_access_token_uncached(scopes, deadline=None, service_account_id=None)source

Generates the OAuth 2.0 access token to act on behalf of the application.

This method is asynchronous and uncached. Most developers should use get_access_token instead.

Parameters
  • scopes – The requested API scope string, or a list of strings.

  • deadline – Optional deadline in seconds for the operation; the default value is a system-specific deadline, typically 5 seconds.

Returns

A Pair, Access token string and the expiration time in seconds since the epoch.

google.appengine.api.app_identity.app_identity.make_get_access_token_call(rpc, scopes, service_account_id=None)source

Generates the OAuth 2.0 access token to act on behalf of the application.

This method is asynchronous and uncached. Most developers should use get_access_token instead.

Parameters
  • rpc – An RPC object.

  • scopes – The requested API scope string, or a list of strings.

Raises

InvalidScope – If the scopes are unspecified or invalid.

google.appengine.api.app_identity.app_identity.get_default_gcs_bucket_name(deadline=None)source

Gets the default Google Cloud Storage bucket name for the app.

Parameters

deadline – Optional deadline in seconds for the operation; the default value is a system-specific deadline, typically 5 seconds.

Returns

Default bucket name for the app.

google.appengine.api.app_identity.app_identity.make_get_default_gcs_bucket_name_call(rpc)source

Gets the default Google Cloud Storage bucket name for the app.

Parameters

rpc – A UserRPC object.

Returns

The default Google Cloud Storage bucket name for the app.