|
24 | 24 | import google.oauth2.service_account |
25 | 25 | import requests |
26 | 26 | import requests_toolbelt.adapters.appengine |
27 | | -from six.moves import urllib_parse as urlparse |
28 | 27 |
|
29 | 28 |
|
30 | 29 | IAM_SCOPE = 'https://www.googleapis.com/auth/iam' |
31 | 30 | OAUTH_TOKEN_URI = 'https://www.googleapis.com/oauth2/v4/token' |
32 | 31 |
|
33 | 32 |
|
34 | | -def make_iap_request(url): |
| 33 | +def make_iap_request(url, client_id): |
35 | 34 | """Makes a request to an application protected by Identity-Aware Proxy. |
36 | 35 |
|
37 | 36 | Args: |
38 | 37 | url: The Identity-Aware Proxy-protected URL to fetch. |
| 38 | + client_id: The client ID used by Identity-Aware Proxy. |
39 | 39 |
|
40 | 40 | Returns: |
41 | 41 | The page body, or raises an exception if the page couldn't be retrieved. |
42 | 42 | """ |
43 | | - # Take the input URL and remove everything except the protocol, domain, |
44 | | - # and port. Examples: |
45 | | - # https://foo.example.com/ => https://foo.example.com |
46 | | - # https://example.com:8443/foo/bar?quuz=quux#lorem => |
47 | | - # https://example.com:8443 |
48 | | - base_url = urlparse.urlunparse( |
49 | | - urlparse.urlparse(url)._replace(path='', query='', fragment='')) |
50 | | - |
51 | 43 | # Figure out what environment we're running in and get some preliminary |
52 | 44 | # information about the service account. |
53 | 45 | bootstrap_credentials, _ = google.auth.default( |
@@ -90,7 +82,7 @@ def make_iap_request(url): |
90 | 82 | # and email acquired from the bootstrap credentials. |
91 | 83 | service_account_credentials = google.oauth2.service_account.Credentials( |
92 | 84 | signer, signer_email, token_uri=OAUTH_TOKEN_URI, additional_claims={ |
93 | | - 'target_audience': base_url |
| 85 | + 'target_audience': client_id |
94 | 86 | }) |
95 | 87 |
|
96 | 88 | # service_account_credentials gives us a JWT signed by the service |
|
0 commit comments