def test_refresh_grant_no_access_token():
request = make_request({
# No access token.
'refresh_token': 'new_refresh_token',
'expires_in': 500,
'extra': 'data'})
with pytest.raises(exceptions.RefreshError):
_client.refresh_grant(
request, 'http://example.com', 'refresh_token', 'client_id',
'client_secret')
def test_refresh_grant_no_access_token():
request = make_request({
# No access token.
"refresh_token": "new_refresh_token",
"expires_in": 500,
"extra": "data",
})
with pytest.raises(exceptions.RefreshError):
_client.refresh_grant(request, "http://example.com", "refresh_token",
"client_id", "client_secret")
def refresh(self, request):
if (self._refresh_token is None or
self._token_uri is None or
self._client_id is None or
self._client_secret is None):
raise exceptions.RefreshError(
'The credentials do not contain the necessary fields need to '
'refresh the access token. You must specify refresh_token, '
'token_uri, client_id, and client_secret.')
access_token, refresh_token, expiry, grant_response = (
_client.refresh_grant(
request, self._token_uri, self._refresh_token, self._client_id,
self._client_secret, self._scopes))
self.token = access_token
self.expiry = expiry
self._refresh_token = refresh_token
self._id_token = grant_response.get('id_token')
if self._scopes and 'scopes' in grant_response:
requested_scopes = frozenset(self._scopes)
granted_scopes = frozenset(grant_response['scopes'].split())
scopes_requested_but_not_granted = (
requested_scopes - granted_scopes)
if scopes_requested_but_not_granted:
raise exceptions.RefreshError(
'Not all requested scopes were granted by the '
'authorization server, missing scopes {}.'.format(
', '.join(scopes_requested_but_not_granted)))
def refresh(self, request):
if (self._refresh_token is None or self._token_uri is None
or self._client_id is None or self._client_secret is None):
raise exceptions.RefreshError(
"The credentials do not contain the necessary fields need to "
"refresh the access token. You must specify refresh_token, "
"token_uri, client_id, and client_secret.")
access_token, refresh_token, expiry, grant_response = _client.refresh_grant(
request,
self._token_uri,
self._refresh_token,
self._client_id,
self._client_secret,
self._scopes,
)
self.token = access_token
self.expiry = expiry
self._refresh_token = refresh_token
self._id_token = grant_response.get("id_token")
if self._scopes and "scopes" in grant_response:
requested_scopes = frozenset(self._scopes)
granted_scopes = frozenset(grant_response["scopes"].split())
scopes_requested_but_not_granted = requested_scopes - granted_scopes
if scopes_requested_but_not_granted:
raise exceptions.RefreshError(
"Not all requested scopes were granted by the "
"authorization server, missing scopes {}.".format(
", ".join(scopes_requested_but_not_granted)))
def test_refresh_grant_with_scopes(unused_utcnow):
request = make_request({
"access_token": "token",
"refresh_token": "new_refresh_token",
"expires_in": 500,
"extra": "data",
"scope": SCOPES_AS_STRING,
})
token, refresh_token, expiry, extra_data = _client.refresh_grant(
request,
"http://example.com",
"refresh_token",
"client_id",
"client_secret",
SCOPES_AS_LIST,
)
# Check request call.
verify_request_params(
request,
{
"grant_type": _client._REFRESH_GRANT_TYPE,
"refresh_token": "refresh_token",
"client_id": "client_id",
"client_secret": "client_secret",
"scope": SCOPES_AS_STRING,
},
)
# Check result.
assert token == "token"
assert refresh_token == "new_refresh_token"
assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500)
assert extra_data["extra"] == "data"
def test_refresh_grant_with_scopes(unused_utcnow):
request = make_request({
'access_token': 'token',
'refresh_token': 'new_refresh_token',
'expires_in': 500,
'extra': 'data',
'scope': SCOPES_AS_STRING
})
token, refresh_token, expiry, extra_data = _client.refresh_grant(
request, 'http://example.com', 'refresh_token', 'client_id',
'client_secret', SCOPES_AS_LIST)
# Check request call.
verify_request_params(
request, {
'grant_type': _client._REFRESH_GRANT_TYPE,
'refresh_token': 'refresh_token',
'client_id': 'client_id',
'client_secret': 'client_secret',
'scope': SCOPES_AS_STRING
})
# Check result.
assert token == 'token'
assert refresh_token == 'new_refresh_token'
assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500)
assert extra_data['extra'] == 'data'
def get_rapt_token(
request, client_id, client_secret, refresh_token, token_uri, scopes=None
):
"""Given an http request method and refresh_token, get rapt token.
Args:
request (google.auth.transport.Request): A callable used to make
HTTP requests.
client_id (str): client id to get access token for reauth scope.
client_secret (str): client secret for the client_id
refresh_token (str): refresh token to refresh access token
token_uri (str): uri to refresh access token
scopes (Optional(Sequence[str])): scopes required by the client application
Returns:
str: The rapt token.
Raises:
google.auth.exceptions.RefreshError: If reauth failed.
"""
sys.stderr.write("Reauthentication required.\n")
# Get access token for reauth.
access_token, _, _, _ = _client.refresh_grant(
request=request,
client_id=client_id,
client_secret=client_secret,
refresh_token=refresh_token,
token_uri=token_uri,
scopes=[_REAUTH_SCOPE],
)
# Get rapt token from reauth API.
rapt_token = _obtain_rapt(request, access_token, requested_scopes=scopes)
return rapt_token
def test_refresh_grant(now_mock):
request = _make_request({
'access_token': 'token',
'refresh_token': 'new_refresh_token',
'expires_in': 500,
'extra': 'data'
})
token, refresh_token, expiry, extra_data = _client.refresh_grant(
request, 'http://example.com', 'refresh_token', 'client_id',
'client_secret')
# Check request call
_verify_request_params(
request, {
'grant_type': _client._REFRESH_GRANT_TYPE,
'refresh_token': 'refresh_token',
'client_id': 'client_id',
'client_secret': 'client_secret'
})
# Check result
assert token == 'token'
assert refresh_token == 'new_refresh_token'
assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500)
assert extra_data['extra'] == 'data'
def refresh(self, request):
access_token, refresh_token, expiry, _ = _client.refresh_grant(
request, self._token_uri, self._refresh_token, self._client_id,
self._client_secret)
self.token = access_token
self.expiry = expiry
self._refresh_token = refresh_token
def refresh(self, request):
access_token, refresh_token, expiry, grant_response = (
_client.refresh_grant(
request, self._token_uri, self._refresh_token, self._client_id,
self._client_secret))
self.token = access_token
self.expiry = expiry
self._refresh_token = refresh_token
self._id_token = grant_response.get('id_token')
def refresh(self, request):
if (self._refresh_token is None or self._token_uri is None or
self._client_id is None or self._client_secret is None):
raise exceptions.RefreshError(
'The credentials do not contain the necessary fields need to '
'refresh the access token. You must specify refresh_token, '
'token_uri, client_id, and client_secret.')
access_token, refresh_token, expiry, grant_response = (
_client.refresh_grant(request, self._token_uri, self._refresh_token,
self._client_id, self._client_secret))
self.token = access_token
self.expiry = expiry
self._refresh_token = refresh_token
self._id_token = grant_response.get('id_token')
def refresh(self, request):
if (self._refresh_token is None or
self._token_uri is None or
self._client_id is None or
self._client_secret is None):
raise exceptions.RefreshError(
'The credentials do not contain the necessary fields need to '
'refresh the access token. You must specify refresh_token, '
'token_uri, client_id, and client_secret.')
access_token, refresh_token, expiry, grant_response = (
_client.refresh_grant(
request, self._token_uri, self._refresh_token, self._client_id,
self._client_secret))
self.token = access_token
self.expiry = expiry
self._refresh_token = refresh_token
self._id_token = grant_response.get('id_token')
