def _get_cached_credentials(self): """Returns oauth2client.Credentials loaded from storage.""" storage = self._get_storage() credentials = storage.get() # Is using --auth-refresh-token-json? if self._external_token: # Cached credentials are valid and match external token -> use them. It is # important to reuse credentials from the storage because they contain # cached access token. valid = ( credentials and not credentials.invalid and credentials.refresh_token == self._external_token.refresh_token and credentials.client_id == self._external_token.client_id and credentials.client_secret == self._external_token.client_secret) if valid: return credentials # Construct new credentials from externally provided refresh token, # associate them with cache storage (so that access_token will be placed # in the cache later too). credentials = client.OAuth2Credentials( access_token=None, client_id=self._external_token.client_id, client_secret=self._external_token.client_secret, refresh_token=self._external_token.refresh_token, token_expiry=None, token_uri='https://accounts.google.com/o/oauth2/token', user_agent=None, revoke_uri=None) credentials.set_store(storage) storage.put(credentials) return credentials # Not using external refresh token -> return whatever is cached. return credentials if (credentials and not credentials.invalid) else None
def _get_luci_auth_credentials(scopes): try: token_info = json.loads( subprocess2.check_output( ['luci-auth', 'token', '-scopes', scopes, '-json-output', '-'], stderr=subprocess2.VOID)) except subprocess2.CalledProcessError: return None return client.OAuth2Credentials( access_token=token_info['token'], client_id=OAUTH_CLIENT_ID, client_secret=OAUTH_CLIENT_SECRET, refresh_token=None, token_expiry=datetime.datetime.utcfromtimestamp(token_info['expiry']), token_uri=None, user_agent=None, revoke_uri=None)
def _get_cached_credentials(self): """Returns oauth2client.Credentials loaded from luci-auth.""" credentials = _get_luci_auth_credentials(self._scopes) if not credentials: logging.debug('No cached token') else: _log_credentials_info('cached token', credentials) # Is using --auth-refresh-token-json? if self._external_token: # Cached credentials are valid and match external token -> use them. It is # important to reuse credentials from the storage because they contain # cached access token. valid = (credentials and not credentials.invalid and credentials.refresh_token == self._external_token.refresh_token and credentials.client_id == self._external_token.client_id and credentials.client_secret == self._external_token.client_secret) if valid: logging.debug( 'Cached credentials match external refresh token') return credentials # Construct new credentials from externally provided refresh token, # associate them with cache storage (so that access_token will be placed # in the cache later too). logging.debug('Putting external refresh token into the cache') credentials = client.OAuth2Credentials( access_token=None, client_id=self._external_token.client_id, client_secret=self._external_token.client_secret, refresh_token=self._external_token.refresh_token, token_expiry=None, token_uri='https://accounts.google.com/o/oauth2/token', user_agent=None, revoke_uri=None) return credentials # Not using external refresh token -> return whatever is cached. return credentials if (credentials and not credentials.invalid) else None