in appengine/standard/migration/incoming/main.py [0:0]
def get_app_id(request):
# Requests from App Engine Standard for Python 2.7 will include a
# trustworthy X-Appengine-Inbound-Appid. Other requests won't have
# that header, as the App Engine runtime will strip it out
incoming_app_id = request.headers.get("X-Appengine-Inbound-Appid", None)
if incoming_app_id is not None:
return incoming_app_id
# Other App Engine apps can get an ID token for the App Engine default
# service account, which will identify the application ID. They will
# have to include at token in an Authorization header to be recognized
# by this method.
auth_header = request.headers.get("Authorization", None)
if auth_header is None:
return None
# The auth_header must be in the form Authorization: Bearer token.
bearer, token = auth_header.split()
if bearer.lower() != "bearer":
return None
try:
info = id_token.verify_oauth2_token(token, requests.Request())
service_account_email = info["email"]
incoming_app_id, domain = service_account_email.split("@")
if domain != "appspot.gserviceaccount.com": # Not App Engine svc acct
return None
else:
return incoming_app_id
except Exception as e:
# report or log if desired, as here:
logging.warning("Request has bad OAuth2 id token: {}".format(e))
return None