def exchange_token_from_code(self, redirect_uri): if 'error' in self.request.params: raise AuthFailed('Error from Google (%s)' % self.request.params['error']) try: code = self.request.params['code'] except KeyError as err: raise AuthFailed('No authorization code from Google') params = { 'code': code, 'client_id': self.id, 'client_secret': self.secret, 'redirect_uri': redirect_uri, 'grant_type': 'authorization_code', } try: response = requests.post(self.token_endpoint, data=params) response.raise_for_status() oauth2_tokens = response.json() except RequestException as err: raise AuthFailed('Failed to get token from Google (%s)' % err) except Exception as err: log.warning('Unkown error while calling token endpoint', exc_info=True) raise AuthFailed('Failed to get token from Google (unkown error)') if 'access_token' not in oauth2_tokens: raise AuthFailed('No access_token in response from Google') return oauth2_tokens
def check_hosted_domain_user(self, userinfo): if self.hosted_domain is None: return try: user_hosted_domain = userinfo['hd'] except KeyError: raise AuthFailed('Missing hd field from Google userinfo') if self.hosted_domain != user_hosted_domain: raise AuthFailed('You logged in with an unkown domain ' '(%s rather than %s)' % (user_hosted_domain, self.hosted_domain))
def get_user_id_from_userinfo(self, userinfo): try: user_id = userinfo[self.user_id_field] except KeyError: raise AuthFailed('Missing user id field from Google userinfo') return user_id
def get_userinfo_from_token(self, oauth2_tokens): try: params = {'access_token': oauth2_tokens['access_token']} response = requests.get(self.userinfo_endpoint, params=params) response.raise_for_status() return response.json() except Exception: log.warning('Unkown error calling userinfo endpoint', exc_info=True) raise AuthFailed('Failed to get userinfo from Google')
def refresh_access_token(self, refresh_token): params = { 'client_id': self.id, 'client_secret': self.secret, 'refresh_token': refresh_token, 'grant_type': 'refresh_token', } try: response = requests.post(self.token_endpoint, params=params) response.raise_for_status() oauth2_tokens = response.json() except RequestException as err: raise AuthFailed(err, 'Failed to get token from Google (%s)' % err) except Exception as err: log.warning('Unkown error while calling token endpoint', exc_info=True) raise AuthFailed( err, 'Failed to get token from Google (unknown error)') if 'access_token' not in oauth2_tokens: raise AuthFailed('No access_token in response from Google') return oauth2_tokens