def _GetTokenScopes(access_token):
"""Return the list of valid scopes for the given token as a list."""
url = _OAUTH2_TOKENINFO_TEMPLATE.format(access_token=access_token)
response = apitools_base.MakeRequest(
apitools_base.GetHttp(), apitools_base.Request(url))
if response.status_code not in [httplib.OK, httplib.BAD_REQUEST]:
raise apitools_base.HttpError.FromResponse(response)
if response.status_code == httplib.BAD_REQUEST:
return []
return json.loads(response.content)['scope'].split(' ')
def FetchCredentials(scopes, client_info=None, credentials_filename=None):
"""Fetch a credential for the given client_info and scopes."""
client_info = client_info or GetClientInfoFromFlags()
scopes = _ExpandScopes(scopes)
if not scopes:
raise ValueError('No scopes provided')
credentials_filename = credentials_filename or FLAGS.credentials_filename
# TODO(craigcitro): Remove this logging nonsense once we quiet the
# spurious logging in oauth2client.
old_level = logging.getLogger().level
logging.getLogger().setLevel(logging.ERROR)
credentials = apitools_base.GetCredentials(
'oauth2l', scopes, credentials_filename=credentials_filename,
service_account_json_keyfile=FLAGS.service_account_json_keyfile,
oauth2client_args='', **client_info)
logging.getLogger().setLevel(old_level)
if not _ValidateToken(credentials.access_token):
credentials.refresh(apitools_base.GetHttp())
return credentials