def DoInstalledAppBrowserFlowGoogleAuth(launch_browser,
scopes,
client_id_file=None):
"""Launches a 3LO oauth2 flow to get google-auth credentials.
Args:
launch_browser: bool, True to launch the browser, false to ask users to copy
the auth url to a browser.
scopes: [str], The list of scopes to authorize.
client_id_file: str, The path to a file containing the client id and secret
to use for the flow. If None, the default client id for the Cloud SDK is
used.
Returns:
google.auth.credentials.Credentials, The credentials obtained from the flow.
"""
if client_id_file:
AssertClientSecretIsInstalledType(client_id_file)
google_auth_flow = c_flow.CreateGoogleAuthFlow(scopes, client_id_file)
try:
user_creds = c_flow.RunGoogleAuthFlow(google_auth_flow, launch_browser)
return c_google_auth.UserCredWithReauth.FromGoogleAuthUserCredentials(
user_creds)
except c_flow.Error as e:
if c_store.IsContextAwareAccessDeniedError(e):
msg = c_store.CONTEXT_AWARE_ACCESS_HELP_MSG
else:
msg = 'There was a problem with web authentication.'
if launch_browser:
msg += ' Try running again with --no-launch-browser.'
log.error(msg)
raise
def _HandleAuthError(e):
"""Handle a generic auth error and raise a nicer message.
Args:
e: The exception that was caught.
Raises:
store.TokenRefreshError: If an auth error occurs.
"""
msg = six.text_type(e)
log.debug('Exception caught during HTTP request: %s', msg, exc_info=True)
if store.IsContextAwareAccessDeniedError(e):
raise store.TokenRefreshDeniedByCAAError(msg)
raise store.TokenRefreshError(msg)
def DoInstalledAppBrowserFlow(launch_browser,
scopes,
client_id_file=None,
client_id=None,
client_secret=None):
"""Launches a browser to get credentials.
Args:
launch_browser: bool, True to do a browser flow, false to allow the user to
type in a token from a different browser.
scopes: [str], The list of scopes to authorize.
client_id_file: str, The path to a file containing the client id and secret
to use for the flow. If None, the default client id for the Cloud SDK is
used.
client_id: str, An alternate client id to use. This is ignored if you give
a client id file. If None, the default client id for the Cloud SDK is
used.
client_secret: str, The secret to go along with client_id if specified.
Returns:
The clients obtained from the web flow.
"""
try:
if client_id_file:
AssertClientSecretIsInstalledType(client_id_file)
webflow = client.flow_from_clientsecrets(filename=client_id_file,
scope=scopes)
return c_store.RunWebFlow(webflow, launch_browser=launch_browser)
else:
return c_store.AcquireFromWebFlow(launch_browser=launch_browser,
scopes=scopes,
client_id=client_id,
client_secret=client_secret)
except c_store.FlowError as e:
if c_store.IsContextAwareAccessDeniedError(e):
msg = c_store.CONTEXT_AWARE_ACCESS_HELP_MSG
else:
msg = 'There was a problem with web authentication.'
if launch_browser:
msg += ' Try running again with --no-launch-browser.'
log.error(msg)
raise