3 L(Y@sfdZddlZddlmZddlmZddlmZdZdZdd Z defd d Z dd d Z dddZ dS)zGoogle ID Token helpers.N) http_client) exceptions)jwtz*https://www.googleapis.com/oauth2/v1/certszXhttps://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.comcCs:||dd}|jtjkr(tjdj|tj|jj dS)aFetches certificates. Google-style cerificate endpoints return JSON in the format of ``{'key id': 'x509 certificate'}``. Args: request (google.auth.transport.Request): The object used to make HTTP requests. certs_url (str): The certificate endpoint URL. Returns: Mapping[str, str]: A mapping of public key ID to x.509 certificate data. GET)methodz"Could not fetch certificates at {}zutf-8) statusrOKrZTransportErrorformatjsonloadsdatadecode)request certs_urlresponserE/private/tmp/pip-build-nl73fm5q/google-auth/google/oauth2/id_token.py _fetch_certs#s    rcCst||}tj|||dS)a_Verifies an ID token and returns the decoded token. Args: id_token (Union[str, bytes]): The encoded token. request (google.auth.transport.Request): The object used to make HTTP requests. audience (str): The audience that this token is intended for. If None then the audience is not verified. certs_url (str): The URL that specifies the certificates to use to verify the token. This URL should return JSON in the format of ``{'key id': 'x509 certificate'}``. Returns: Mapping[str, Any]: The decoded token. )certsaudience)rrr )id_tokenrrrrrrr verify_token;s rcCst|||tdS)aVerifies an ID Token issued by Google's OAuth 2.0 authorization server. Args: id_token (Union[str, bytes]): The encoded token. request (google.auth.transport.Request): The object used to make HTTP requests. audience (str): The audience that this token is intended for. This is typically your application's OAuth 2.0 client ID. If None then the audience is not verified. Returns: Mapping[str, Any]: The decoded token. )rr)r_GOOGLE_OAUTH2_CERTS_URL)rrrrrrverify_oauth2_tokenQsrcCst|||tdS)aVerifies an ID Token issued by Firebase Authentication. Args: id_token (Union[str, bytes]): The encoded token. request (google.auth.transport.Request): The object used to make HTTP requests. audience (str): The audience that this token is intended for. This is typically your Firebase application ID. If None then the audience is not verified. Returns: Mapping[str, Any]: The decoded token. )rr)r_GOOGLE_APIS_CERTS_URL)rrrrrrverify_firebase_tokendsr)N)N) __doc__r Z six.movesrZ google.authrrrrrrrrrrrrs