async def test_credentials_with_scopes_refresh_failure_raises_refresh_error(
self, unused_utcnow, refresh_grant):
scopes = ["email", "profile"]
scopes_returned = ["email"]
token = "token"
expiry = _helpers.utcnow() + datetime.timedelta(seconds=500)
grant_response = {
"id_token": mock.sentinel.id_token,
"scope": " ".join(scopes_returned),
}
rapt_token = "rapt_token"
refresh_grant.return_value = (
# Access token
token,
# New refresh token
None,
# Expiry,
expiry,
# Extra data
grant_response,
# Rapt token
rapt_token,
)
request = mock.AsyncMock(spec=["transport.Request"])
creds = _credentials_async.Credentials(
token=None,
refresh_token=self.REFRESH_TOKEN,
token_uri=self.TOKEN_URI,
client_id=self.CLIENT_ID,
client_secret=self.CLIENT_SECRET,
scopes=scopes,
rapt_token=None,
)
# Refresh credentials
with pytest.raises(exceptions.RefreshError,
match="Not all requested scopes were granted"):
await creds.refresh(request)
# Check jwt grant call.
refresh_grant.assert_called_with(
request,
self.TOKEN_URI,
self.REFRESH_TOKEN,
self.CLIENT_ID,
self.CLIENT_SECRET,
scopes,
None,
)
# Check that the credentials have the token and expiry
assert creds.token == token
assert creds.expiry == expiry
assert creds.id_token == mock.sentinel.id_token
assert creds.has_scopes(scopes)
# Check that the credentials are valid (have a token and are not
# expired.)
assert creds.valid
def make_credentials(cls):
return _credentials_async.Credentials(
token=None,
refresh_token=cls.REFRESH_TOKEN,
token_uri=cls.TOKEN_URI,
client_id=cls.CLIENT_ID,
client_secret=cls.CLIENT_SECRET,
)
async def test_refresh_no_refresh_token(self):
request = mock.AsyncMock(spec=["transport.Request"])
credentials_ = _credentials_async.Credentials(token=None,
refresh_token=None)
with pytest.raises(exceptions.RefreshError, match="necessary fields"):
await credentials_.refresh(request)
request.assert_not_called()
def test_apply_with_no_quota_project_id(self):
creds = _credentials_async.Credentials(
token="token",
refresh_token=self.REFRESH_TOKEN,
token_uri=self.TOKEN_URI,
client_id=self.CLIENT_ID,
client_secret=self.CLIENT_SECRET,
)
headers = {}
creds.apply(headers)
assert "x-goog-user-project" not in headers
async def test_credentials_with_scopes_requested_refresh_success(
self, unused_utcnow, refresh_grant):
scopes = ["email", "profile"]
token = "token"
expiry = _helpers.utcnow() + datetime.timedelta(seconds=500)
grant_response = {"id_token": mock.sentinel.id_token}
refresh_grant.return_value = (
# Access token
token,
# New refresh token
None,
# Expiry,
expiry,
# Extra data
grant_response,
)
request = mock.AsyncMock(spec=["transport.Request"])
creds = _credentials_async.Credentials(
token=None,
refresh_token=self.REFRESH_TOKEN,
token_uri=self.TOKEN_URI,
client_id=self.CLIENT_ID,
client_secret=self.CLIENT_SECRET,
scopes=scopes,
)
# Refresh credentials
await creds.refresh(request)
# Check jwt grant call.
refresh_grant.assert_called_with(
request,
self.TOKEN_URI,
self.REFRESH_TOKEN,
self.CLIENT_ID,
self.CLIENT_SECRET,
scopes,
)
# Check that the credentials have the token and expiry
assert creds.token == token
assert creds.expiry == expiry
assert creds.id_token == mock.sentinel.id_token
assert creds.has_scopes(scopes)
# Check that the credentials are valid (have a token and are not
# expired.)
assert creds.valid
def test_with_quota_project(self):
creds = _credentials_async.Credentials(
token="token",
refresh_token=self.REFRESH_TOKEN,
token_uri=self.TOKEN_URI,
client_id=self.CLIENT_ID,
client_secret=self.CLIENT_SECRET,
quota_project_id="quota-project-123",
)
new_creds = creds.with_quota_project("new-project-456")
assert new_creds.quota_project_id == "new-project-456"
headers = {}
creds.apply(headers)
assert "x-goog-user-project" in headers