def test__handle_error_response_non_json():
response_data = "Oops, something wrong happened"
with pytest.raises(exceptions.OAuthError) as excinfo:
utils.handle_error_response(response_data)
assert excinfo.match(r"Oops, something wrong happened")
def test__handle_error_response_code_only():
error_resp = {"error": "unsupported_grant_type"}
response_data = json.dumps(error_resp)
with pytest.raises(exceptions.OAuthError) as excinfo:
utils.handle_error_response(response_data)
assert excinfo.match(r"Error code unsupported_grant_type")
def test__handle_error_response_code_description():
error_resp = {
"error": "unsupported_grant_type",
"error_description": "The provided grant_type is unsupported",
}
response_data = json.dumps(error_resp)
with pytest.raises(exceptions.OAuthError) as excinfo:
utils.handle_error_response(response_data)
assert excinfo.match(
r"Error code unsupported_grant_type: The provided grant_type is unsupported"
)
def test__handle_error_response_code_description_uri():
error_resp = {
"error": "unsupported_grant_type",
"error_description": "The provided grant_type is unsupported",
"error_uri": "https://tools.ietf.org/html/rfc6749",
}
response_data = json.dumps(error_resp)
with pytest.raises(exceptions.OAuthError) as excinfo:
utils.handle_error_response(response_data)
assert excinfo.match(
r"Error code unsupported_grant_type: The provided grant_type is unsupported - https://tools.ietf.org/html/rfc6749"
)
def exchange_token(
self,
request,
grant_type,
subject_token,
subject_token_type,
resource=None,
audience=None,
scopes=None,
requested_token_type=None,
actor_token=None,
actor_token_type=None,
additional_options=None,
additional_headers=None,
):
"""Exchanges the provided token for another type of token based on the
rfc8693 spec.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
grant_type (str): The OAuth 2.0 token exchange grant type.
subject_token (str): The OAuth 2.0 token exchange subject token.
subject_token_type (str): The OAuth 2.0 token exchange subject token type.
resource (Optional[str]): The optional OAuth 2.0 token exchange resource field.
audience (Optional[str]): The optional OAuth 2.0 token exchange audience field.
scopes (Optional[Sequence[str]]): The optional list of scopes to use.
requested_token_type (Optional[str]): The optional OAuth 2.0 token exchange requested
token type.
actor_token (Optional[str]): The optional OAuth 2.0 token exchange actor token.
actor_token_type (Optional[str]): The optional OAuth 2.0 token exchange actor token type.
additional_options (Optional[Mapping[str, str]]): The optional additional
non-standard Google specific options.
additional_headers (Optional[Mapping[str, str]]): The optional additional
headers to pass to the token exchange endpoint.
Returns:
Mapping[str, str]: The token exchange JSON-decoded response data containing
the requested token and its expiration time.
Raises:
google.auth.exceptions.OAuthError: If the token endpoint returned
an error.
"""
# Initialize request headers.
headers = _URLENCODED_HEADERS.copy()
# Inject additional headers.
if additional_headers:
for k, v in dict(additional_headers).items():
headers[k] = v
# Initialize request body.
request_body = {
"grant_type": grant_type,
"resource": resource,
"audience": audience,
"scope": " ".join(scopes or []),
"requested_token_type": requested_token_type,
"subject_token": subject_token,
"subject_token_type": subject_token_type,
"actor_token": actor_token,
"actor_token_type": actor_token_type,
"options": None,
}
# Add additional non-standard options.
if additional_options:
request_body["options"] = urllib.parse.quote(
json.dumps(additional_options))
# Remove empty fields in request body.
for k, v in dict(request_body).items():
if v is None or v == "":
del request_body[k]
# Apply OAuth client authentication.
self.apply_client_authentication_options(headers, request_body)
# Execute request.
response = request(
url=self._token_exchange_endpoint,
method="POST",
headers=headers,
body=urllib.parse.urlencode(request_body).encode("utf-8"),
)
response_body = (response.data.decode("utf-8") if hasattr(
response.data, "decode") else response.data)
# If non-200 response received, translate to OAuthError exception.
if response.status != http.client.OK:
utils.handle_error_response(response_body)
response_data = json.loads(response_body)
# Return successful response.
return response_data