google-auth 2.49.0__tar.gz → 3.0.0.dev0__tar.gz

{google_auth-2.49.0/google_auth.egg-info → google_auth-3.0.0.dev0}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.4
+Metadata-Version: 2.1
 Name: google-auth
-Version: 2.49.0
+Version: 3.0.0.dev0
 Summary: Google Authentication Library
 Home-page: https://github.com/googleapis/google-auth-library-python
 Author: Google Cloud Platform
@@ -8,6 +8,7 @@ Author-email: googleapis-packages@google.com
 License: Apache 2.0
 Keywords: google auth oauth client
 Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
@@ -23,13 +24,13 @@ Classifier: Operating System :: Microsoft :: Windows
 Classifier: Operating System :: MacOS :: MacOS X
 Classifier: Operating System :: OS Independent
 Classifier: Topic :: Internet :: WWW/HTTP
-Requires-Python: >=3.8
+Requires-Python: >=3.7
 License-File: LICENSE
+Requires-Dist: cachetools<7.0,>=2.0.0
 Requires-Dist: pyasn1-modules>=0.2.1
 Requires-Dist: cryptography>=38.0.3
-Requires-Dist: rsa<5,>=3.1.4
+Requires-Dist: cryptography<39.0.0; python_version < "3.8"
 Provides-Extra: cryptography
-Requires-Dist: cryptography>=38.0.3; extra == "cryptography"
 Provides-Extra: aiohttp
 Requires-Dist: aiohttp<4.0.0,>=3.6.2; extra == "aiohttp"
 Requires-Dist: requests<3.0.0,>=2.20.0; extra == "aiohttp"
@@ -47,6 +48,7 @@ Provides-Extra: testing
 Requires-Dist: grpcio; extra == "testing"
 Requires-Dist: flask; extra == "testing"
 Requires-Dist: freezegun; extra == "testing"
+Requires-Dist: mock; extra == "testing"
 Requires-Dist: oauth2client; extra == "testing"
 Requires-Dist: pyjwt>=2.0; extra == "testing"
 Requires-Dist: pytest; extra == "testing"
@@ -66,18 +68,6 @@ Requires-Dist: aiohttp<3.10.0; extra == "testing"
 Provides-Extra: urllib3
 Requires-Dist: urllib3; extra == "urllib3"
 Requires-Dist: packaging; extra == "urllib3"
-Dynamic: author
-Dynamic: author-email
-Dynamic: classifier
-Dynamic: description
-Dynamic: home-page
-Dynamic: keywords
-Dynamic: license
-Dynamic: license-file
-Dynamic: provides-extra
-Dynamic: requires-dist
-Dynamic: requires-python
-Dynamic: summary
 
 Google Auth Python Library
 ==========================
@@ -116,16 +106,15 @@ Note that the extras pyopenssl and enterprise_cert should not be used together b
 
 Supported Python Versions
 ^^^^^^^^^^^^^^^^^^^^^^^^^
-Python >= 3.8
+Python >= 3.7
 
 **NOTE**:
-Python 3.8 and Python 3.9 were marked as `unsupported`_ by the python community in 
-October 2024 and October 2025, respectively.
-We recommend that all developers upgrade to Python 3.10 and newer as soon as
-they can. Support for end-of-life Python runtimes will be removed from this
-library in future updates.
-Previous releases that support end-of-life Python versions will continue to be available
-for download, but future releases will only target supported versions.
+Python 3.7 was marked as `unsupported`_ by the python community in June 2023.
+We recommend that all developers upgrade to Python 3.8 and newer as soon as
+they can. Support for Python 3.7 will be removed from this library after
+January 1 2024. Previous releases that support Python 3.7 will continue to be available
+for download, but releases after January 1 2024 will only target Python 3.8 and
+newer.
 
 .. _unsupported: https://devguide.python.org/versions/#unsupported-versions
 
@@ -140,10 +129,6 @@ Unsupported Python Versions
 - Python 3.6:   The last version of this library with support for Python 3.6
   was `google.auth == 2.22.0`.
 
-- Python 3.7:   The last version of this library with support for Python 3.7
-  was `google.auth == 2.45.0`.
-
-
 Documentation
 -------------
 

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/README.rst

@@ -35,16 +35,15 @@ Note that the extras pyopenssl and enterprise_cert should not be used together b
 
 Supported Python Versions
 ^^^^^^^^^^^^^^^^^^^^^^^^^
-Python >= 3.8
+Python >= 3.7
 
 **NOTE**:
-Python 3.8 and Python 3.9 were marked as `unsupported`_ by the python community in 
-October 2024 and October 2025, respectively.
-We recommend that all developers upgrade to Python 3.10 and newer as soon as
-they can. Support for end-of-life Python runtimes will be removed from this
-library in future updates.
-Previous releases that support end-of-life Python versions will continue to be available
-for download, but future releases will only target supported versions.
+Python 3.7 was marked as `unsupported`_ by the python community in June 2023.
+We recommend that all developers upgrade to Python 3.8 and newer as soon as
+they can. Support for Python 3.7 will be removed from this library after
+January 1 2024. Previous releases that support Python 3.7 will continue to be available
+for download, but releases after January 1 2024 will only target Python 3.8 and
+newer.
 
 .. _unsupported: https://devguide.python.org/versions/#unsupported-versions
 
@@ -59,10 +58,6 @@ Unsupported Python Versions
 - Python 3.6:   The last version of this library with support for Python 3.6
   was `google.auth == 2.22.0`.
 
-- Python 3.7:   The last version of this library with support for Python 3.7
-  was `google.auth == 2.45.0`.
-
-
 Documentation
 -------------
 

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/google/auth/__init__.py

@@ -41,17 +41,13 @@ class Python37DeprecationWarning(DeprecationWarning):  # pragma: NO COVER
     pass
 
 
-# Raise warnings for deprecated versions
-eol_message = (
-    "You are using a Python version {} past its end of life. Google will update "
-    "google-auth with critical bug fixes on a best-effort basis, but not "
-    "with any other fixes or features. Please upgrade your Python version, "
-    "and then update google-auth."
-)
-if sys.version_info.major == 3 and sys.version_info.minor == 8:  # pragma: NO COVER
-    warnings.warn(eol_message.format("3.8"), FutureWarning)
-elif sys.version_info.major == 3 and sys.version_info.minor == 9:  # pragma: NO COVER
-    warnings.warn(eol_message.format("3.9"), FutureWarning)
+# Checks if the current runtime is Python 3.7.
+if sys.version_info.major == 3 and sys.version_info.minor == 7:  # pragma: NO COVER
+    message = (
+        "After January 1, 2024, new releases of this library will drop support "
+        "for Python 3.7."
+    )
+    warnings.warn(message, Python37DeprecationWarning)
 
 # Set default logging handler to avoid "No handler found" warnings.
 logging.getLogger(__name__).addHandler(logging.NullHandler())

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/google/auth/_agent_identity_utils.py

@@ -24,6 +24,7 @@ from urllib.parse import quote, urlparse
 
 from google.auth import environment_vars
 from google.auth import exceptions
+from google.auth.transport import _mtls_helper
 
 
 _LOGGER = logging.getLogger(__name__)
@@ -262,6 +263,14 @@ def should_request_bound_token(cert):
     return is_agent_cert and is_opted_in
 
 
+def call_client_cert_callback():
+    """Calls the client cert callback and returns the certificate and key."""
+    _, cert_bytes, key_bytes, passphrase = _mtls_helper.get_client_ssl_credentials(
+        generate_encrypted_key=True
+    )
+    return cert_bytes, key_bytes
+
+
 def get_cached_cert_fingerprint(cached_cert):
     """Returns the fingerprint of the cached certificate."""
     if cached_cert:

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/google/auth/_default.py

@@ -16,23 +16,17 @@
 
 Implements application default credentials and project ID detection.
 """
-from __future__ import annotations
 
 import io
 import json
 import logging
 import os
-from typing import Optional, Sequence, TYPE_CHECKING
 import warnings
 
 from google.auth import environment_vars
 from google.auth import exceptions
 import google.auth.transport._http_client
 
-if TYPE_CHECKING:  # pragma: NO COVER
-    from google.auth.credentials import Credentials  # noqa: F401
-    from google.auth.transport import Request  # noqa: F401
-
 _LOGGER = logging.getLogger(__name__)
 
 # Valid types accepted for file-based credentials.
@@ -330,24 +324,23 @@ def _get_explicit_environ_credentials(quota_project_id=None):
     from google.auth import _cloud_sdk
 
     cloud_sdk_adc_path = _cloud_sdk.get_application_default_credentials_path()
-    explicit_file = os.environ.get(environment_vars.CREDENTIALS, "")
+    explicit_file = os.environ.get(environment_vars.CREDENTIALS)
 
     _LOGGER.debug(
-        "Checking '%s' for explicit credentials as part of auth process...",
-        explicit_file,
+        "Checking %s for explicit credentials as part of auth process...", explicit_file
     )
 
-    if explicit_file != "" and explicit_file == cloud_sdk_adc_path:
+    if explicit_file is not None and explicit_file == cloud_sdk_adc_path:
         # Cloud sdk flow calls gcloud to fetch project id, so if the explicit
         # file path is cloud sdk credentials path, then we should fall back
         # to cloud sdk flow, otherwise project id cannot be obtained.
         _LOGGER.debug(
-            "Explicit credentials path '%s' is the same as Cloud SDK credentials path, fall back to Cloud SDK credentials flow...",
+            "Explicit credentials path %s is the same as Cloud SDK credentials path, fall back to Cloud SDK credentials flow...",
             explicit_file,
         )
         return _get_gcloud_sdk_credentials(quota_project_id=quota_project_id)
 
-    if explicit_file != "":
+    if explicit_file is not None:
         with warnings.catch_warnings():
             warnings.simplefilter("ignore", DeprecationWarning)
             credentials, project_id = load_credentials_from_file(
@@ -355,6 +348,7 @@ def _get_explicit_environ_credentials(quota_project_id=None):
                 quota_project_id=quota_project_id,
             )
             credentials._cred_file_path = f"{explicit_file} file via the GOOGLE_APPLICATION_CREDENTIALS environment variable"
+
             return credentials, project_id
 
     else:
@@ -594,12 +588,7 @@ def _apply_quota_project_id(credentials, quota_project_id):
     return credentials
 
 
-def default(
-    scopes: Optional[Sequence[str]] = None,
-    request: Optional["google.auth.transport.Request"] = None,
-    quota_project_id: Optional[str] = None,
-    default_scopes: Optional[Sequence[str]] = None,
-) -> tuple["google.auth.credentials.Credentials", Optional[str]]:
+def default(scopes=None, request=None, quota_project_id=None, default_scopes=None):
     """Gets the default credentials for the current environment.
 
     `Application Default Credentials`_ provides an easy way to obtain

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/google/auth/_helpers.py

@@ -124,26 +124,6 @@ def utcnow():
     return now
 
 
-def utcfromtimestamp(timestamp):
-    """Returns the UTC datetime from a timestamp.
-
-    Args:
-        timestamp (float): The timestamp to convert.
-
-    Returns:
-        datetime: The time in UTC.
-    """
-    # We used datetime.utcfromtimestamp() before, since it's deprecated from
-    # python 3.12, we are using datetime.fromtimestamp(timestamp, timezone.utc)
-    # now. "utcfromtimestamp()" is offset-native (no timezone info), but
-    # "fromtimestamp(timestamp, timezone.utc)" is offset-aware (with timezone
-    # info). This will cause datetime comparison problem. For backward
-    # compatibility, we need to remove the timezone info.
-    dt = datetime.datetime.fromtimestamp(timestamp, tz=datetime.timezone.utc)
-    dt = dt.replace(tzinfo=None)
-    return dt
-
-
 def datetime_to_secs(value):
     """Convert a datetime object to the number of seconds since the UNIX epoch.
 
@@ -354,8 +334,7 @@ def is_python_3():
     Returns:
         bool: True if the Python interpreter is Python 3 and False otherwise.
     """
-
-    return sys.version_info > (3, 0)  # pragma: NO COVER
+    return sys.version_info > (3, 0)
 
 
 def _hash_sensitive_info(data: Union[dict, list]) -> Union[dict, list, str]:

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/google/auth/aio/transport/aiohttp.py

@@ -12,11 +12,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-"""Transport adapter for Asynchronous HTTP Requests based on aiohttp."""
+"""Transport adapter for Asynchronous HTTP Requests based on aiohttp.
+"""
 
 import asyncio
 import logging
-from typing import AsyncGenerator, Mapping, Optional, TYPE_CHECKING, Union
+from typing import AsyncGenerator, Mapping, Optional
 
 try:
     import aiohttp  # type: ignore
@@ -30,15 +31,6 @@ from google.auth import exceptions
 from google.auth.aio import _helpers as _helpers_async
 from google.auth.aio import transport
 
-if TYPE_CHECKING:  # pragma: NO COVER
-    from aiohttp import ClientTimeout  # type: ignore
-
-else:
-    try:
-        from aiohttp import ClientTimeout
-    except (ImportError, AttributeError):
-        ClientTimeout = None
-
 _LOGGER = logging.getLogger(__name__)
 
 
@@ -112,7 +104,7 @@ class Request(transport.Request):
         # Custom aiohttp Session Example:
         session = session=aiohttp.ClientSession(auto_decompress=False)
         request = google.auth.aio.transport.aiohttp.Request(session=session)
-        auth_session = google.auth.aio.transport.sessions.AsyncAuthorizedSession(auth_request=request)
+        auth_sesion = google.auth.aio.transport.sessions.AsyncAuthorizedSession(auth_request=request)
 
     Args:
         session (aiohttp.ClientSession): An instance :class:`aiohttp.ClientSession` used
@@ -121,7 +113,7 @@ class Request(transport.Request):
     .. automethod:: __call__
     """
 
-    def __init__(self, session: Optional[aiohttp.ClientSession] = None):
+    def __init__(self, session: aiohttp.ClientSession = None):
         self._session = session
         self._closed = False
 
@@ -131,7 +123,7 @@ class Request(transport.Request):
         method: str = "GET",
         body: Optional[bytes] = None,
         headers: Optional[Mapping[str, str]] = None,
-        timeout: Union[float, ClientTimeout] = transport._DEFAULT_TIMEOUT_SECONDS,
+        timeout: float = transport._DEFAULT_TIMEOUT_SECONDS,
         **kwargs,
     ) -> transport.Response:
         """
@@ -166,10 +158,7 @@ class Request(transport.Request):
             if not self._session:
                 self._session = aiohttp.ClientSession()
 
-            if isinstance(timeout, aiohttp.ClientTimeout):
-                client_timeout = timeout
-            else:
-                client_timeout = aiohttp.ClientTimeout(total=timeout)
+            client_timeout = aiohttp.ClientTimeout(total=timeout)
             _helpers.request_log(_LOGGER, method, url, body, headers)
             response = await self._session.request(
                 method,
@@ -187,12 +176,8 @@ class Request(transport.Request):
             raise client_exc from caught_exc
 
         except asyncio.TimeoutError as caught_exc:
-            if isinstance(timeout, aiohttp.ClientTimeout):
-                timeout_seconds = timeout.total
-            else:
-                timeout_seconds = timeout
             timeout_exc = exceptions.TimeoutError(
-                f"Request timed out after {timeout_seconds} seconds."
+                f"Request timed out after {timeout} seconds."
             )
             raise timeout_exc from caught_exc
 

google_auth-3.0.0.dev0/google/auth/aio/transport/sessions.py

@@ -0,0 +1,268 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import asyncio
+from contextlib import asynccontextmanager
+import functools
+import time
+from typing import Mapping, Optional
+
+from google.auth import _exponential_backoff, exceptions
+from google.auth.aio import transport
+from google.auth.aio.credentials import Credentials
+from google.auth.exceptions import TimeoutError
+
+try:
+    from google.auth.aio.transport.aiohttp import Request as AiohttpRequest
+
+    AIOHTTP_INSTALLED = True
+except ImportError:  # pragma: NO COVER
+    AIOHTTP_INSTALLED = False
+
+
+@asynccontextmanager
+async def timeout_guard(timeout):
+    """
+    timeout_guard is an asynchronous context manager to apply a timeout to an asynchronous block of code.
+
+    Args:
+        timeout (float): The time in seconds before the context manager times out.
+
+    Raises:
+        google.auth.exceptions.TimeoutError: If the code within the context exceeds the provided timeout.
+
+    Usage:
+        async with timeout_guard(10) as with_timeout:
+            await with_timeout(async_function())
+    """
+    start = time.monotonic()
+    total_timeout = timeout
+
+    def _remaining_time():
+        elapsed = time.monotonic() - start
+        remaining = total_timeout - elapsed
+        if remaining <= 0:
+            raise TimeoutError(
+                f"Context manager exceeded the configured timeout of {total_timeout}s."
+            )
+        return remaining
+
+    async def with_timeout(coro):
+        try:
+            remaining = _remaining_time()
+            response = await asyncio.wait_for(coro, remaining)
+            return response
+        except (asyncio.TimeoutError, TimeoutError) as e:
+            raise TimeoutError(
+                f"The operation {coro} exceeded the configured timeout of {total_timeout}s."
+            ) from e
+
+    try:
+        yield with_timeout
+
+    finally:
+        _remaining_time()
+
+
+class AsyncAuthorizedSession:
+    """This is an asynchronous implementation of :class:`google.auth.requests.AuthorizedSession` class.
+    We utilize an instance of a class that implements :class:`google.auth.aio.transport.Request` configured
+    by the caller or otherwise default to `google.auth.aio.transport.aiohttp.Request` if the external aiohttp
+    package is installed.
+
+    A Requests Session class with credentials.
+
+    This class is used to perform asynchronous requests to API endpoints that require
+    authorization::
+
+        import aiohttp
+        from google.auth.aio.transport import sessions
+
+        async with sessions.AsyncAuthorizedSession(credentials) as authed_session:
+            response = await authed_session.request(
+                'GET', 'https://www.googleapis.com/storage/v1/b')
+
+    The underlying :meth:`request` implementation handles adding the
+    credentials' headers to the request and refreshing credentials as needed.
+
+    Args:
+        credentials (google.auth.aio.credentials.Credentials):
+            The credentials to add to the request.
+        auth_request (Optional[google.auth.aio.transport.Request]):
+            An instance of a class that implements
+            :class:`~google.auth.aio.transport.Request` used to make requests
+            and refresh credentials. If not passed,
+            an instance of :class:`~google.auth.aio.transport.aiohttp.Request`
+            is created.
+
+    Raises:
+        - google.auth.exceptions.TransportError: If `auth_request` is `None`
+            and the external package `aiohttp` is not installed.
+        - google.auth.exceptions.InvalidType: If the provided credentials are
+            not of type `google.auth.aio.credentials.Credentials`.
+    """
+
+    def __init__(
+        self, credentials: Credentials, auth_request: Optional[transport.Request] = None
+    ):
+        if not isinstance(credentials, Credentials):
+            raise exceptions.InvalidType(
+                f"The configured credentials of type {type(credentials)} are invalid and must be of type `google.auth.aio.credentials.Credentials`"
+            )
+        self._credentials = credentials
+        _auth_request = auth_request
+        if not _auth_request and AIOHTTP_INSTALLED:
+            _auth_request = AiohttpRequest()
+        if _auth_request is None:
+            raise exceptions.TransportError(
+                "`auth_request` must either be configured or the external package `aiohttp` must be installed to use the default value."
+            )
+        self._auth_request = _auth_request
+
+    async def request(
+        self,
+        method: str,
+        url: str,
+        data: Optional[bytes] = None,
+        headers: Optional[Mapping[str, str]] = None,
+        max_allowed_time: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        timeout: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        **kwargs,
+    ) -> transport.Response:
+        """
+        Args:
+                method (str): The http method used to make the request.
+                url (str): The URI to be requested.
+                data (Optional[bytes]): The payload or body in HTTP request.
+                headers (Optional[Mapping[str, str]]): Request headers.
+                timeout (float):
+                The amount of time in seconds to wait for the server response
+                with each individual request.
+                max_allowed_time (float):
+                If the method runs longer than this, a ``Timeout`` exception is
+                automatically raised. Unlike the ``timeout`` parameter, this
+                value applies to the total method execution time, even if
+                multiple requests are made under the hood.
+
+                Mind that it is not guaranteed that the timeout error is raised
+                at ``max_allowed_time``. It might take longer, for example, if
+                an underlying request takes a lot of time, but the request
+                itself does not timeout, e.g. if a large file is being
+                transmitted. The timout error will be raised after such
+                request completes.
+
+        Returns:
+                google.auth.aio.transport.Response: The HTTP response.
+
+        Raises:
+                google.auth.exceptions.TimeoutError: If the method does not complete within
+                the configured `max_allowed_time` or the request exceeds the configured
+                `timeout`.
+        """
+
+        retries = _exponential_backoff.AsyncExponentialBackoff(
+            total_attempts=transport.DEFAULT_MAX_RETRY_ATTEMPTS
+        )
+        async with timeout_guard(max_allowed_time) as with_timeout:
+            await with_timeout(
+                # Note: before_request will attempt to refresh credentials if expired.
+                self._credentials.before_request(
+                    self._auth_request, method, url, headers
+                )
+            )
+            # Workaround issue in python 3.9 related to code coverage by adding `# pragma: no branch`
+            # See https://github.com/googleapis/gapic-generator-python/pull/1174#issuecomment-1025132372
+            async for _ in retries:  # pragma: no branch
+                response = await with_timeout(
+                    self._auth_request(url, method, data, headers, timeout, **kwargs)
+                )
+                if response.status_code not in transport.DEFAULT_RETRYABLE_STATUS_CODES:
+                    break
+        return response
+
+    @functools.wraps(request)
+    async def get(
+        self,
+        url: str,
+        data: Optional[bytes] = None,
+        headers: Optional[Mapping[str, str]] = None,
+        max_allowed_time: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        timeout: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        **kwargs,
+    ) -> transport.Response:
+        return await self.request(
+            "GET", url, data, headers, max_allowed_time, timeout, **kwargs
+        )
+
+    @functools.wraps(request)
+    async def post(
+        self,
+        url: str,
+        data: Optional[bytes] = None,
+        headers: Optional[Mapping[str, str]] = None,
+        max_allowed_time: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        timeout: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        **kwargs,
+    ) -> transport.Response:
+        return await self.request(
+            "POST", url, data, headers, max_allowed_time, timeout, **kwargs
+        )
+
+    @functools.wraps(request)
+    async def put(
+        self,
+        url: str,
+        data: Optional[bytes] = None,
+        headers: Optional[Mapping[str, str]] = None,
+        max_allowed_time: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        timeout: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        **kwargs,
+    ) -> transport.Response:
+        return await self.request(
+            "PUT", url, data, headers, max_allowed_time, timeout, **kwargs
+        )
+
+    @functools.wraps(request)
+    async def patch(
+        self,
+        url: str,
+        data: Optional[bytes] = None,
+        headers: Optional[Mapping[str, str]] = None,
+        max_allowed_time: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        timeout: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        **kwargs,
+    ) -> transport.Response:
+        return await self.request(
+            "PATCH", url, data, headers, max_allowed_time, timeout, **kwargs
+        )
+
+    @functools.wraps(request)
+    async def delete(
+        self,
+        url: str,
+        data: Optional[bytes] = None,
+        headers: Optional[Mapping[str, str]] = None,
+        max_allowed_time: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        timeout: float = transport._DEFAULT_TIMEOUT_SECONDS,
+        **kwargs,
+    ) -> transport.Response:
+        return await self.request(
+            "DELETE", url, data, headers, max_allowed_time, timeout, **kwargs
+        )
+
+    async def close(self) -> None:
+        """
+        Close the underlying auth request session.
+        """
+        await self._auth_request.close()

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/google/auth/app_engine.py

@@ -22,6 +22,7 @@ Engine in the standard environment using the `App Identity API`_.
     https://cloud.google.com/appengine/docs/python/appidentity/
 """
 
+import datetime
 
 from google.auth import _helpers
 from google.auth import credentials
@@ -127,7 +128,7 @@ class Credentials(
         scopes = self._scopes if self._scopes is not None else self._default_scopes
         # pylint: disable=unused-argument
         token, ttl = app_identity.get_access_token(scopes, self._service_account_id)
-        expiry = _helpers.utcfromtimestamp(ttl)
+        expiry = datetime.datetime.utcfromtimestamp(ttl)
 
         self.token, self.expiry = token, expiry
 

{google_auth-2.49.0 → google_auth-3.0.0.dev0}/google/auth/aws.py

@@ -530,10 +530,9 @@ class _DefaultAwsSecurityCredentialsSupplier(AwsSecurityCredentialsSupplier):
             google.auth.exceptions.RefreshError: If an error occurs while
                 retrieving the AWS security credentials.
         """
+        headers = {"Content-Type": "application/json"}
         if imdsv2_session_token is not None:
-            headers = {"X-aws-ec2-metadata-token": imdsv2_session_token}
-        else:
-            headers = None
+            headers["X-aws-ec2-metadata-token"] = imdsv2_session_token
 
         response = request(
             url="{}/{}".format(self._security_credentials_url, role_name),