def test_expired_contains_useful_info(mock_expired_tokens):
exc = None
try:
check_expired(mock_expired_tokens)
except TokensExpired as te:
exc = te
assert exc
for token in mock_expired_tokens:
assert token in str(exc)
def load_tokens(self, requested_scopes=None):
"""
Load tokens from the set token_storage object if one exists.
:param requested_scopes: Check that the loaded scopes match these
requested scopes. Raises ScopesMismatch if there is a discrepancy.
:return: Loaded tokens, or a LoadError if loading fails.
"""
tokens = self._load_raw_tokens()
if not tokens:
raise LoadError('No Tokens loaded')
if requested_scopes not in [None, ()]:
check_scopes(tokens, requested_scopes)
try:
check_expired(tokens)
except TokensExpired as te:
expired = {rs: tokens[rs] for rs in te.resource_servers}
if not self._refreshable(expired):
raise
tokens.update(self.refresh_tokens(expired))
self.save_tokens(tokens)
return tokens
def test_check_expired_with_valid_tokens(mock_tokens):
assert check_expired(mock_tokens) is None
def test_check_expired(mock_expired_tokens):
with pytest.raises(TokensExpired):
check_expired(mock_expired_tokens)
def load_tokens(self, requested_scopes=None):
"""
Load saved tokens and return them keyed by resource server. If no
requested_scopes are requested, will attempt to return all active
tokens, automatically refreshing expired tokens where possible.
If requested_scopes are provided, load_tokens will guarantee only those
scopes are returned and that the tokens have not expired (Note: Tokens
can still be invalid if the user rescind consent). If the tokens have
expired, a TokensExpired exception is raised. If loaded scopes do
not contain requested_scopes, a ScopesMismatch exception is raised.
**Parameters**
``requested_scopes`` (**iterable**)
A dict of token dicts, each containing a dict defined by
globus_sdk.auth.token_response.OAuthTokenResponse\
.by_resource_server.
**Example**
{"auth.globus.org": {
"scope": "profile openid email",
"access_token": "<token>",
"refresh_token": None,
"token_type": "Bearer",
"expires_at_seconds": 1539984535,
"resource_server": "auth.globus.org"
}, ...
}
"""
tokens = {
rs: verify_token_group(ts)
for rs, ts in self._load_raw_tokens().items()
}
if not tokens:
raise NoSavedTokens('No tokens were loaded')
if requested_scopes:
# Support both string and list for requested scope. But ensure
# it is a list.
if isinstance(requested_scopes, str):
requested_scopes = requested_scopes.split(' ')
requested_scopes = set(requested_scopes)
# Ensure only requested tokens are used.
tokens = {
rs: ts
for rs, ts in tokens.items()
if requested_scopes.intersection(ts['scope'].split())
}
# Ensure all requested tokens are present.
check_scopes(tokens, requested_scopes)
try:
check_expired(tokens)
except TokensExpired as te:
expired = {rs: tokens[rs] for rs in te.resource_servers}
# If the user requested scopes, one of their scopes expired by this
# point and we need to let them know.
if requested_scopes and not self._refreshable(expired):
raise
# At this point, scopes expired but either were refreshable, or
# the user didn't specify.
refreshed = self.refresh_tokens(self.get_refreshable(expired))
self.save_tokens(refreshed)
unexpired = {
rs: ts
for rs, ts in tokens.items() if rs not in expired
}
unexpired.update(refreshed)
tokens = unexpired
if not tokens:
raise
return tokens