From 210b7b23369d2a9946d7dbfd7945a7d0776f9ccb Mon Sep 17 00:00:00 2001 From: Abby Carey Date: Fri, 19 Jul 2019 09:54:59 -0700 Subject: [PATCH] Adding issuer (#2266) * Adding issuer * Update make_iap_request.py --- iap/make_iap_request.py | 2 +- iap/validate_jwt.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/iap/make_iap_request.py b/iap/make_iap_request.py index 4e93b9391d16..d44e827ab2c3 100644 --- a/iap/make_iap_request.py +++ b/iap/make_iap_request.py @@ -48,7 +48,7 @@ def make_iap_request(url, client_id, method='GET', **kwargs): # Set the default timeout, if missing if 'timeout' not in kwargs: kwargs['timeout'] = 90 - + # Figure out what environment we're running in and get some preliminary # information about the service account. bootstrap_credentials, _ = google.auth.default( diff --git a/iap/validate_jwt.py b/iap/validate_jwt.py index 8a69e368874c..a672e1d94ae4 100644 --- a/iap/validate_jwt.py +++ b/iap/validate_jwt.py @@ -77,6 +77,7 @@ def _validate_iap_jwt(iap_jwt, expected_audience): decoded_jwt = jwt.decode( iap_jwt, key, algorithms=['ES256'], + issuer='https://cloud.google.com/iap', audience=expected_audience) return (decoded_jwt['sub'], decoded_jwt['email'], '') except (jwt.exceptions.InvalidTokenError,