Skip to main content
Join the official 2019 Python Developers SurveyStart the survey!

Python Client for Google Cloud Auth

Project description

This is a shared codebase for gcloud-rest-auth and gcloud-rest-auth. If you are using the RESTful version, please ignore any usages of async and await.

This library implements a IamClient class, which can be used to interact with GCP public keys and URL sign blobs.

It additionally implements a Token class, which is used for authorizing against Google Cloud. The other gcloud-rest-* package components accept a Token instance as an argument; you can define a single token for all of these components or define one for each. Each component corresponds to a given Google Cloud service and each service requires “scopes”.

Latest PyPI Version (gcloud-rest-auth) Python Version Support (gcloud-rest-auth) Latest PyPI Version (gcloud-rest-auth) Python Version Support (gcloud-rest-auth)


$ pip install --upgrade gcloud-rest-auth
# or
$ pip install --upgrade gcloud-rest-auth


from import IamClient

client = IamClient()
pubkeys = await client.list_public_keys()

from import Token

token = Token()

Additionally, the Token constructor accepts the following optional arguments:

  • service_file: path to a service account, authorized user file, or any other application credentials. Alternatively, you can pass a file-like object, like an io.StringIO instance, in case your credentials are not stored in a file but in memory. If omitted, will attempt to find one on your path or fallback to generating a token from GCE metadata.
  • session: an aiohttp.ClientSession instance to be used for all requests. If omitted, a default session will be created.
  • scopes: an optional list of GCP scopes for which to generate our token. Only valid (and required!) for service account authentication.


This project can also be used to help you manually authenticate to test GCP routes, eg. we can list our project’s uptime checks with a tool such as curl:

# using default application credentials
curl \
  -H "Authorization: Bearer $(python3 -c 'from import Token; print(Token().get())')" \

# using a service account (make sure to provide a scope!)
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service.json
curl \
  -H "Authorization: Bearer $(python3 -c 'from import Token; print(Token(scopes=["'""'"]).get())')" \

# using legacy account credentials
export GOOGLE_APPLICATION_CREDENTIALS=~/.config/gcloud/legacy_credentials/EMAIL@DOMAIN.TLD/adc.json
curl \
  -H "Authorization: Bearer $(python3 -c 'from import Token; print(Token().get())')" \


Please see our contributing guide.

Project details

Release history Release notifications

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for gcloud-rest-auth, version 3.0.0
Filename, size File type Python version Upload date Hashes
Filename, size gcloud_rest_auth-3.0.0-py2.py3-none-any.whl (15.3 kB) File type Wheel Python version py2.py3 Upload date Hashes View hashes
Filename, size gcloud-rest-auth-3.0.0.tar.gz (12.4 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page