Skip to main content

Python Client for Google Cloud Auth

Project description

This is a shared codebase for gcloud-rest-auth and gcloud-rest-auth

This library implements an IamClient class, which can be used to interact with GCP public keys and URL sign blobs.

It additionally implements a Token class, which is used for authorizing against Google Cloud. The other gcloud-rest-* package components accept a Token instance as an argument; you can define a single token for all of these components or define one for each. Each component corresponds to a given Google Cloud service and each service requires “scopes”.

Latest PyPI Version (gcloud-rest-auth) Python Version Support (gcloud-rest-auth) Python Version Support (gcloud-rest-auth)


$ pip install --upgrade gcloud-{aio,rest}-auth


from import IamClient

client = IamClient()
pubkeys = await client.list_public_keys()

from import Token

token = Token()

Additionally, the Token constructor accepts the following optional arguments:

  • service_file: path to a service account, authorized user file, or any other application credentials. Alternatively, you can pass a file-like object, like an io.StringIO instance, in case your credentials are not stored in a file but in memory. If omitted, will attempt to find one on your path or fallback to generating a token from GCE metadata.
  • session: an aiohttp.ClientSession instance to be used for all requests. If omitted, a default session will be created. If you use the default session, you may be interested in using Token() as a context manager (async with Token(..) as token:) or explicitly calling the Token.close() method to ensure the session is cleaned up appropriately.
  • scopes: an optional list of GCP scopes for which to generate our token. Only valid (and required!) for service account authentication.


This project can also be used to help you manually authenticate to test GCP routes, eg. we can list our project’s uptime checks with a tool such as curl:

# using default application credentials
curl \
  -H "Authorization: Bearer $(python3 -c 'from import Token; print(Token().get())')" \

# using a service account (make sure to provide a scope!)
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service.json
curl \
  -H "Authorization: Bearer $(python3 -c 'from import Token; print(Token(scopes=["'""'"]).get())')" \

# using legacy account credentials
export GOOGLE_APPLICATION_CREDENTIALS=~/.config/gcloud/legacy_credentials/EMAIL@DOMAIN.TLD/adc.json
curl \
  -H "Authorization: Bearer $(python3 -c 'from import Token; print(Token().get())')" \


Please see our contributing guide.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for gcloud-rest-auth, version 3.6.0
Filename, size File type Python version Upload date Hashes
Filename, size gcloud_rest_auth-3.6.0-py2.py3-none-any.whl (17.4 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size gcloud-rest-auth-3.6.0.tar.gz (14.9 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page