@@ -364,6 +364,7 @@ async def _ensure_initialized(self) -> None:
364364 endpoint = self ._discovered_endpoints .register ,
365365 transport = self .transport ,
366366 auth = self .auth_strategy ,
367+ issuer = self .issuer ,
367368 user_agent = self .config .user_agent ,
368369 custom_headers = self .config .custom_headers ,
369370 timeout = self .config .timeout ,
@@ -552,6 +553,7 @@ async def register_client(self, request: ClientRegistrationRequest | None = None
552553 endpoint = endpoints .register ,
553554 transport = self .transport ,
554555 auth = self .auth_strategy ,
556+ issuer = self .issuer ,
555557 user_agent = self .config .user_agent ,
556558 custom_headers = self .config .custom_headers ,
557559 timeout = client_registration_args .get ("timeout" , self .config .timeout ),
@@ -618,6 +620,7 @@ async def discover_server_metadata(self, request: ServerMetadataRequest | None =
618620 endpoint = self .issuer ,
619621 transport = self .transport ,
620622 auth = self .auth_strategy ,
623+ issuer = self .issuer ,
621624 user_agent = self .config .user_agent ,
622625 custom_headers = self .config .custom_headers ,
623626 timeout = self .config .timeout ,
@@ -632,13 +635,16 @@ async def discover_server_metadata(self, request: ServerMetadataRequest | None =
632635 async def exchange_token (
633636 self ,
634637 request : TokenExchangeRequest ,
638+ * ,
639+ issuer : str | None = None ,
635640 ) -> TokenResponse : ...
636641
637642 @overload
638643 async def exchange_token (
639644 self ,
640645 / ,
641646 * ,
647+ issuer : str | None = None ,
642648 subject_token : str ,
643649 subject_token_type : str = ...,
644650 grant_type : str | None = None ,
@@ -689,6 +695,10 @@ async def exchange_token(self, request: TokenExchangeRequest | None = None, /, *
689695
690696 Args:
691697 request: TokenExchangeRequest with all exchange parameters
698+ issuer: Issuer URL selecting which credentials a zone-aware auth
699+ strategy (e.g. MultiZoneBasicAuth) applies for this call.
700+ Defaults to the client's issuer. Single-credential strategies
701+ ignore it. May be combined with either calling form.
692702 **token_exchange_args: Alternative to request - provide individual parameters
693703
694704 Returns:
@@ -697,6 +707,7 @@ async def exchange_token(self, request: TokenExchangeRequest | None = None, /, *
697707 Raises:
698708 TypeError: If both request and token_exchange_args are provided
699709 """
710+ issuer = token_exchange_args .pop ("issuer" , None )
700711 if request is not None and token_exchange_args :
701712 raise TypeError ("Pass either `request` or keyword arguments, not both." )
702713
@@ -709,6 +720,7 @@ async def exchange_token(self, request: TokenExchangeRequest | None = None, /, *
709720 endpoint = endpoints .token ,
710721 transport = self .transport ,
711722 auth = self .auth_strategy ,
723+ issuer = issuer if issuer is not None else self .issuer ,
712724 user_agent = self .config .user_agent ,
713725 custom_headers = self .config .custom_headers ,
714726 timeout = token_exchange_args .get ("timeout" , self .config .timeout ),
@@ -720,13 +732,16 @@ async def exchange_token(self, request: TokenExchangeRequest | None = None, /, *
720732 async def client_credentials_grant (
721733 self ,
722734 request : ClientCredentialsRequest ,
735+ * ,
736+ issuer : str | None = None ,
723737 ) -> TokenResponse : ...
724738
725739 @overload
726740 async def client_credentials_grant (
727741 self ,
728742 / ,
729743 * ,
744+ issuer : str | None = None ,
730745 resource : str | None = None ,
731746 scope : str | None = None ,
732747 client_assertion : str | None = None ,
@@ -755,6 +770,10 @@ async def client_credentials_grant(self, request: ClientCredentialsRequest | Non
755770
756771 Args:
757772 request: ClientCredentialsRequest with all grant parameters
773+ issuer: Issuer URL selecting which credentials a zone-aware auth
774+ strategy (e.g. MultiZoneBasicAuth) applies for this call.
775+ Defaults to the client's issuer. Single-credential strategies
776+ ignore it. May be combined with either calling form.
758777 **client_credentials_args: Alternative to request - provide individual parameters
759778
760779 Returns:
@@ -763,6 +782,7 @@ async def client_credentials_grant(self, request: ClientCredentialsRequest | Non
763782 Raises:
764783 TypeError: If both request and client_credentials_args are provided
765784 """
785+ issuer = client_credentials_args .pop ("issuer" , None )
766786 if request is not None and client_credentials_args :
767787 raise TypeError ("Pass either `request` or keyword arguments, not both." )
768788
@@ -775,6 +795,7 @@ async def client_credentials_grant(self, request: ClientCredentialsRequest | Non
775795 endpoint = endpoints .token ,
776796 transport = self .transport ,
777797 auth = self .auth_strategy ,
798+ issuer = issuer if issuer is not None else self .issuer ,
778799 user_agent = self .config .user_agent ,
779800 custom_headers = self .config .custom_headers ,
780801 timeout = client_credentials_args .get ("timeout" , self .config .timeout ),
@@ -821,6 +842,7 @@ async def exchange_authorization_code(
821842 endpoint = endpoints .token ,
822843 transport = self .transport ,
823844 auth = self .auth_strategy ,
845+ issuer = self .issuer ,
824846 user_agent = self .config .user_agent ,
825847 custom_headers = self .config .custom_headers ,
826848 timeout = timeout or self .config .timeout ,
@@ -889,6 +911,7 @@ async def impersonate(
889911 endpoint = endpoints .token ,
890912 transport = self .transport ,
891913 auth = self .auth_strategy ,
914+ issuer = self .issuer ,
892915 user_agent = self .config .user_agent ,
893916 custom_headers = self .config .custom_headers ,
894917 timeout = timeout or self .config .timeout ,
@@ -1048,6 +1071,7 @@ def _ensure_initialized(self) -> None:
10481071 endpoint = self ._discovered_endpoints .register ,
10491072 transport = self .transport ,
10501073 auth = self .auth_strategy ,
1074+ issuer = self .issuer ,
10511075 user_agent = self .config .user_agent ,
10521076 custom_headers = self .config .custom_headers ,
10531077 timeout = self .config .timeout ,
@@ -1199,6 +1223,7 @@ def register_client(self, request: ClientRegistrationRequest | None = None, /, *
11991223 endpoint = endpoints .register ,
12001224 transport = self .transport ,
12011225 auth = self .auth_strategy ,
1226+ issuer = self .issuer ,
12021227 user_agent = self .config .user_agent ,
12031228 custom_headers = self .config .custom_headers ,
12041229 timeout = client_registration_args .get ("timeout" , self .config .timeout ),
@@ -1264,6 +1289,7 @@ def discover_server_metadata(self, request: ServerMetadataRequest | None = None,
12641289 endpoint = self .issuer ,
12651290 transport = self .transport ,
12661291 auth = self .auth_strategy ,
1292+ issuer = self .issuer ,
12671293 user_agent = self .config .user_agent ,
12681294 custom_headers = self .config .custom_headers ,
12691295 timeout = self .config .timeout ,
@@ -1278,13 +1304,16 @@ def discover_server_metadata(self, request: ServerMetadataRequest | None = None,
12781304 def exchange_token (
12791305 self ,
12801306 request : TokenExchangeRequest ,
1307+ * ,
1308+ issuer : str | None = None ,
12811309 ) -> TokenResponse : ...
12821310
12831311 @overload
12841312 def exchange_token (
12851313 self ,
12861314 / ,
12871315 * ,
1316+ issuer : str | None = None ,
12881317 subject_token : str ,
12891318 subject_token_type : str = ...,
12901319 grant_type : str | None = None ,
@@ -1335,6 +1364,10 @@ def exchange_token(self, request: TokenExchangeRequest | None = None, /, **token
13351364
13361365 Args:
13371366 request: TokenExchangeRequest with all exchange parameters
1367+ issuer: Issuer URL selecting which credentials a zone-aware auth
1368+ strategy (e.g. MultiZoneBasicAuth) applies for this call.
1369+ Defaults to the client's issuer. Single-credential strategies
1370+ ignore it. May be combined with either calling form.
13381371 **token_exchange_args: Alternative to request - provide individual parameters
13391372
13401373 Returns:
@@ -1343,6 +1376,7 @@ def exchange_token(self, request: TokenExchangeRequest | None = None, /, **token
13431376 Raises:
13441377 TypeError: If both request and token_exchange_args are provided
13451378 """
1379+ issuer = token_exchange_args .pop ("issuer" , None )
13461380 if request is not None and token_exchange_args :
13471381 raise TypeError ("Pass either `request` or keyword arguments, not both." )
13481382
@@ -1355,6 +1389,7 @@ def exchange_token(self, request: TokenExchangeRequest | None = None, /, **token
13551389 endpoint = endpoints .token ,
13561390 transport = self .transport ,
13571391 auth = self .auth_strategy ,
1392+ issuer = issuer if issuer is not None else self .issuer ,
13581393 user_agent = self .config .user_agent ,
13591394 custom_headers = self .config .custom_headers ,
13601395 timeout = token_exchange_args .get ("timeout" , self .config .timeout ),
@@ -1366,13 +1401,16 @@ def exchange_token(self, request: TokenExchangeRequest | None = None, /, **token
13661401 def client_credentials_grant (
13671402 self ,
13681403 request : ClientCredentialsRequest ,
1404+ * ,
1405+ issuer : str | None = None ,
13691406 ) -> TokenResponse : ...
13701407
13711408 @overload
13721409 def client_credentials_grant (
13731410 self ,
13741411 / ,
13751412 * ,
1413+ issuer : str | None = None ,
13761414 resource : str | None = None ,
13771415 scope : str | None = None ,
13781416 client_assertion : str | None = None ,
@@ -1401,6 +1439,10 @@ def client_credentials_grant(self, request: ClientCredentialsRequest | None = No
14011439
14021440 Args:
14031441 request: ClientCredentialsRequest with all grant parameters
1442+ issuer: Issuer URL selecting which credentials a zone-aware auth
1443+ strategy (e.g. MultiZoneBasicAuth) applies for this call.
1444+ Defaults to the client's issuer. Single-credential strategies
1445+ ignore it. May be combined with either calling form.
14041446 **client_credentials_args: Alternative to request - provide individual parameters
14051447
14061448 Returns:
@@ -1409,6 +1451,7 @@ def client_credentials_grant(self, request: ClientCredentialsRequest | None = No
14091451 Raises:
14101452 TypeError: If both request and client_credentials_args are provided
14111453 """
1454+ issuer = client_credentials_args .pop ("issuer" , None )
14121455 if request is not None and client_credentials_args :
14131456 raise TypeError ("Pass either `request` or keyword arguments, not both." )
14141457
@@ -1421,6 +1464,7 @@ def client_credentials_grant(self, request: ClientCredentialsRequest | None = No
14211464 endpoint = endpoints .token ,
14221465 transport = self .transport ,
14231466 auth = self .auth_strategy ,
1467+ issuer = issuer if issuer is not None else self .issuer ,
14241468 user_agent = self .config .user_agent ,
14251469 custom_headers = self .config .custom_headers ,
14261470 timeout = client_credentials_args .get ("timeout" , self .config .timeout ),
@@ -1467,6 +1511,7 @@ def exchange_authorization_code(
14671511 endpoint = endpoints .token ,
14681512 transport = self .transport ,
14691513 auth = self .auth_strategy ,
1514+ issuer = self .issuer ,
14701515 user_agent = self .config .user_agent ,
14711516 custom_headers = self .config .custom_headers ,
14721517 timeout = timeout or self .config .timeout ,
@@ -1535,6 +1580,7 @@ def impersonate(
15351580 endpoint = endpoints .token ,
15361581 transport = self .transport ,
15371582 auth = self .auth_strategy ,
1583+ issuer = self .issuer ,
15381584 user_agent = self .config .user_agent ,
15391585 custom_headers = self .config .custom_headers ,
15401586 timeout = timeout or self .config .timeout ,
0 commit comments