def test_refresh_grant_no_access_token(): request = make_request({ # No access token. 'refresh_token': 'new_refresh_token', 'expires_in': 500, 'extra': 'data'}) with pytest.raises(exceptions.RefreshError): _client.refresh_grant( request, 'http://example.com', 'refresh_token', 'client_id', 'client_secret')
def test_refresh_grant_no_access_token(): request = make_request({ # No access token. "refresh_token": "new_refresh_token", "expires_in": 500, "extra": "data", }) with pytest.raises(exceptions.RefreshError): _client.refresh_grant(request, "http://example.com", "refresh_token", "client_id", "client_secret")
def refresh(self, request): if (self._refresh_token is None or self._token_uri is None or self._client_id is None or self._client_secret is None): raise exceptions.RefreshError( 'The credentials do not contain the necessary fields need to ' 'refresh the access token. You must specify refresh_token, ' 'token_uri, client_id, and client_secret.') access_token, refresh_token, expiry, grant_response = ( _client.refresh_grant( request, self._token_uri, self._refresh_token, self._client_id, self._client_secret, self._scopes)) self.token = access_token self.expiry = expiry self._refresh_token = refresh_token self._id_token = grant_response.get('id_token') if self._scopes and 'scopes' in grant_response: requested_scopes = frozenset(self._scopes) granted_scopes = frozenset(grant_response['scopes'].split()) scopes_requested_but_not_granted = ( requested_scopes - granted_scopes) if scopes_requested_but_not_granted: raise exceptions.RefreshError( 'Not all requested scopes were granted by the ' 'authorization server, missing scopes {}.'.format( ', '.join(scopes_requested_but_not_granted)))
def refresh(self, request): if (self._refresh_token is None or self._token_uri is None or self._client_id is None or self._client_secret is None): raise exceptions.RefreshError( "The credentials do not contain the necessary fields need to " "refresh the access token. You must specify refresh_token, " "token_uri, client_id, and client_secret.") access_token, refresh_token, expiry, grant_response = _client.refresh_grant( request, self._token_uri, self._refresh_token, self._client_id, self._client_secret, self._scopes, ) self.token = access_token self.expiry = expiry self._refresh_token = refresh_token self._id_token = grant_response.get("id_token") if self._scopes and "scopes" in grant_response: requested_scopes = frozenset(self._scopes) granted_scopes = frozenset(grant_response["scopes"].split()) scopes_requested_but_not_granted = requested_scopes - granted_scopes if scopes_requested_but_not_granted: raise exceptions.RefreshError( "Not all requested scopes were granted by the " "authorization server, missing scopes {}.".format( ", ".join(scopes_requested_but_not_granted)))
def test_refresh_grant_with_scopes(unused_utcnow): request = make_request({ "access_token": "token", "refresh_token": "new_refresh_token", "expires_in": 500, "extra": "data", "scope": SCOPES_AS_STRING, }) token, refresh_token, expiry, extra_data = _client.refresh_grant( request, "http://example.com", "refresh_token", "client_id", "client_secret", SCOPES_AS_LIST, ) # Check request call. verify_request_params( request, { "grant_type": _client._REFRESH_GRANT_TYPE, "refresh_token": "refresh_token", "client_id": "client_id", "client_secret": "client_secret", "scope": SCOPES_AS_STRING, }, ) # Check result. assert token == "token" assert refresh_token == "new_refresh_token" assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500) assert extra_data["extra"] == "data"
def test_refresh_grant_with_scopes(unused_utcnow): request = make_request({ 'access_token': 'token', 'refresh_token': 'new_refresh_token', 'expires_in': 500, 'extra': 'data', 'scope': SCOPES_AS_STRING }) token, refresh_token, expiry, extra_data = _client.refresh_grant( request, 'http://example.com', 'refresh_token', 'client_id', 'client_secret', SCOPES_AS_LIST) # Check request call. verify_request_params( request, { 'grant_type': _client._REFRESH_GRANT_TYPE, 'refresh_token': 'refresh_token', 'client_id': 'client_id', 'client_secret': 'client_secret', 'scope': SCOPES_AS_STRING }) # Check result. assert token == 'token' assert refresh_token == 'new_refresh_token' assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500) assert extra_data['extra'] == 'data'
def get_rapt_token( request, client_id, client_secret, refresh_token, token_uri, scopes=None ): """Given an http request method and refresh_token, get rapt token. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. client_id (str): client id to get access token for reauth scope. client_secret (str): client secret for the client_id refresh_token (str): refresh token to refresh access token token_uri (str): uri to refresh access token scopes (Optional(Sequence[str])): scopes required by the client application Returns: str: The rapt token. Raises: google.auth.exceptions.RefreshError: If reauth failed. """ sys.stderr.write("Reauthentication required.\n") # Get access token for reauth. access_token, _, _, _ = _client.refresh_grant( request=request, client_id=client_id, client_secret=client_secret, refresh_token=refresh_token, token_uri=token_uri, scopes=[_REAUTH_SCOPE], ) # Get rapt token from reauth API. rapt_token = _obtain_rapt(request, access_token, requested_scopes=scopes) return rapt_token
def test_refresh_grant(now_mock): request = _make_request({ 'access_token': 'token', 'refresh_token': 'new_refresh_token', 'expires_in': 500, 'extra': 'data' }) token, refresh_token, expiry, extra_data = _client.refresh_grant( request, 'http://example.com', 'refresh_token', 'client_id', 'client_secret') # Check request call _verify_request_params( request, { 'grant_type': _client._REFRESH_GRANT_TYPE, 'refresh_token': 'refresh_token', 'client_id': 'client_id', 'client_secret': 'client_secret' }) # Check result assert token == 'token' assert refresh_token == 'new_refresh_token' assert expiry == datetime.datetime.min + datetime.timedelta(seconds=500) assert extra_data['extra'] == 'data'
def refresh(self, request): access_token, refresh_token, expiry, _ = _client.refresh_grant( request, self._token_uri, self._refresh_token, self._client_id, self._client_secret) self.token = access_token self.expiry = expiry self._refresh_token = refresh_token
def refresh(self, request): access_token, refresh_token, expiry, grant_response = ( _client.refresh_grant( request, self._token_uri, self._refresh_token, self._client_id, self._client_secret)) self.token = access_token self.expiry = expiry self._refresh_token = refresh_token self._id_token = grant_response.get('id_token')
def refresh(self, request): if (self._refresh_token is None or self._token_uri is None or self._client_id is None or self._client_secret is None): raise exceptions.RefreshError( 'The credentials do not contain the necessary fields need to ' 'refresh the access token. You must specify refresh_token, ' 'token_uri, client_id, and client_secret.') access_token, refresh_token, expiry, grant_response = ( _client.refresh_grant(request, self._token_uri, self._refresh_token, self._client_id, self._client_secret)) self.token = access_token self.expiry = expiry self._refresh_token = refresh_token self._id_token = grant_response.get('id_token')
def refresh(self, request): if (self._refresh_token is None or self._token_uri is None or self._client_id is None or self._client_secret is None): raise exceptions.RefreshError( 'The credentials do not contain the necessary fields need to ' 'refresh the access token. You must specify refresh_token, ' 'token_uri, client_id, and client_secret.') access_token, refresh_token, expiry, grant_response = ( _client.refresh_grant( request, self._token_uri, self._refresh_token, self._client_id, self._client_secret)) self.token = access_token self.expiry = expiry self._refresh_token = refresh_token self._id_token = grant_response.get('id_token')