fix: fix decoding ID token

flamingo-run · Apr 20, 2024 · 7b6cc9d · 7b6cc9d
1 parent ca97aef
commit 7b6cc9d
Showing 1 changed file with 15 additions and 9 deletions.
diff --git a/gcp_pilot/iam.py b/gcp_pilot/iam.py
@@ -9,6 +9,7 @@
 import requests
 from google.auth import jwt
 from google.cloud import iam_credentials_v1
+from google.oauth2 import id_token
 
 from gcp_pilot import exceptions
 from gcp_pilot.base import AccountManagerMixin, DiscoveryMixin, GoogleCloudPilotAPI, PolicyType, friendly_http_error
@@ -216,9 +217,14 @@ def generate_id_token(self, audience: str, service_account_email: str | None = N
                 project="-",
             ),
             audience=audience,
+            include_email=True,
         )
         return response.token
 
+    @classmethod
+    def decode_id_token(cls, token: str, audience: str | list[str] | None = None) -> dict[str, Any]:
+        return id_token.verify_token(id_token=token, request=requests.Request(), audience=audience)
+
     @classmethod
     def decode_jwt(cls, token: str, issuer_email: str, audience: str | None, verify: bool = True) -> dict[str, Any]:
         certs = cls._fetch_public_certs(email=issuer_email)
@@ -231,15 +237,6 @@ def decode_jwt(cls, token: str, issuer_email: str, audience: str | None, verify:
             ),
         )
 
-    @classmethod
-    def decode_id_token(cls, token: str, issuer_email: str, verify: bool = True) -> dict[str, Any]:
-        return cls.decode_jwt(
-            token=token,
-            issuer_email=issuer_email,
-            audience=IDP_JWT_AUDIENCE,
-            verify=verify,
-        )
-
     def generate_custom_token(
         self,
         uid: str | None = None,
@@ -266,6 +263,15 @@ def generate_custom_token(
             service_account_email=authenticator_email,
         )
 
+    @classmethod
+    def decode_custom_token(cls, token: str, issuer_email: str, verify: bool = True) -> dict[str, Any]:
+        return cls.decode_jwt(
+            token=token,
+            issuer_email=issuer_email,
+            audience=IDP_JWT_AUDIENCE,
+            verify=verify,
+        )
+
     @classmethod
     def _fetch_public_certs(cls, email: str) -> dict:
         url = f"https://www.googleapis.com/robot/v1/metadata/x509/{email}"