def _GetOauth2UserAccountCredentials(): """Retrieves OAuth2 service account credentials for a refresh token.""" if not _HasOauth2UserAccountCreds(): return provider_token_uri = _GetProviderTokenUri() gsutil_client_id, gsutil_client_secret = ( system_util.GetGsutilClientIdAndSecret()) client_id = config.get( 'OAuth2', 'client_id', os.environ.get('OAUTH2_CLIENT_ID', gsutil_client_id)) client_secret = config.get( 'OAuth2', 'client_secret', os.environ.get('OAUTH2_CLIENT_SECRET', gsutil_client_secret)) # Note that these scopes don't necessarily correspond to the refresh token # being used. This list is is used for obtaining the RAPT in the reauth flow, # to determine which challenges should be used. scopes_for_reauth_challenge = [ constants.Scopes.CLOUD_PLATFORM, constants.Scopes.REAUTH ] return reauth_creds.Oauth2WithReauthCredentials( None, # access_token client_id, client_secret, config.get('Credentials', 'gs_oauth2_refresh_token'), None, # token_expiry provider_token_uri, None, # user_agent scopes=scopes_for_reauth_challenge)
def GetCredentials(self): """Fetches a credentials objects from the provider's token endpoint.""" access_token = self.GetAccessToken() credentials = reauth_creds.Oauth2WithReauthCredentials( access_token.token, self.client_id, self.client_secret, self.refresh_token, access_token.expiry, self.token_uri, None) # user_agent return credentials
def FetchAccessToken(self, rapt_token=None): """Fetches an access token from the provider's token endpoint. Fetches an access token from this client's OAuth2 provider's token endpoint. Args: rapt_token: (str) The RAPT to be passed when refreshing the access token. Returns: The fetched AccessToken. """ try: http = self.CreateHttpRequest() credentials = reauth_creds.Oauth2WithReauthCredentials( None, # access_token self.client_id, self.client_secret, self.refresh_token, None, # token_expiry self.token_uri, None, # user_agent scopes=RAPT_SCOPES, rapt_token=rapt_token) credentials.refresh(http) return AccessToken(credentials.access_token, credentials.token_expiry, datetime_strategy=self.datetime_strategy, rapt_token=credentials.rapt_token) except oauth2client.client.AccessTokenRefreshError as e: if 'Invalid response 403' in e.message: # This is the most we can do at the moment to accurately detect rate # limiting errors since they come back as 403s with no further # information. raise GsAccessTokenRefreshError(e) elif 'invalid_grant' in e.message: LOG.info(""" Attempted to retrieve an access token from an invalid refresh token. Two common cases in which you will see this error are: 1. Your refresh token was revoked. 2. Your refresh token was typed incorrectly. """) raise GsInvalidRefreshTokenError(e) else: raise