def test__handle_error_response_non_json(): response_data = "Oops, something wrong happened" with pytest.raises(exceptions.OAuthError) as excinfo: utils.handle_error_response(response_data) assert excinfo.match(r"Oops, something wrong happened")
def test__handle_error_response_code_only(): error_resp = {"error": "unsupported_grant_type"} response_data = json.dumps(error_resp) with pytest.raises(exceptions.OAuthError) as excinfo: utils.handle_error_response(response_data) assert excinfo.match(r"Error code unsupported_grant_type")
def test__handle_error_response_code_description(): error_resp = { "error": "unsupported_grant_type", "error_description": "The provided grant_type is unsupported", } response_data = json.dumps(error_resp) with pytest.raises(exceptions.OAuthError) as excinfo: utils.handle_error_response(response_data) assert excinfo.match( r"Error code unsupported_grant_type: The provided grant_type is unsupported" )
def test__handle_error_response_code_description_uri(): error_resp = { "error": "unsupported_grant_type", "error_description": "The provided grant_type is unsupported", "error_uri": "https://tools.ietf.org/html/rfc6749", } response_data = json.dumps(error_resp) with pytest.raises(exceptions.OAuthError) as excinfo: utils.handle_error_response(response_data) assert excinfo.match( r"Error code unsupported_grant_type: The provided grant_type is unsupported - https://tools.ietf.org/html/rfc6749" )
def exchange_token( self, request, grant_type, subject_token, subject_token_type, resource=None, audience=None, scopes=None, requested_token_type=None, actor_token=None, actor_token_type=None, additional_options=None, additional_headers=None, ): """Exchanges the provided token for another type of token based on the rfc8693 spec. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. grant_type (str): The OAuth 2.0 token exchange grant type. subject_token (str): The OAuth 2.0 token exchange subject token. subject_token_type (str): The OAuth 2.0 token exchange subject token type. resource (Optional[str]): The optional OAuth 2.0 token exchange resource field. audience (Optional[str]): The optional OAuth 2.0 token exchange audience field. scopes (Optional[Sequence[str]]): The optional list of scopes to use. requested_token_type (Optional[str]): The optional OAuth 2.0 token exchange requested token type. actor_token (Optional[str]): The optional OAuth 2.0 token exchange actor token. actor_token_type (Optional[str]): The optional OAuth 2.0 token exchange actor token type. additional_options (Optional[Mapping[str, str]]): The optional additional non-standard Google specific options. additional_headers (Optional[Mapping[str, str]]): The optional additional headers to pass to the token exchange endpoint. Returns: Mapping[str, str]: The token exchange JSON-decoded response data containing the requested token and its expiration time. Raises: google.auth.exceptions.OAuthError: If the token endpoint returned an error. """ # Initialize request headers. headers = _URLENCODED_HEADERS.copy() # Inject additional headers. if additional_headers: for k, v in dict(additional_headers).items(): headers[k] = v # Initialize request body. request_body = { "grant_type": grant_type, "resource": resource, "audience": audience, "scope": " ".join(scopes or []), "requested_token_type": requested_token_type, "subject_token": subject_token, "subject_token_type": subject_token_type, "actor_token": actor_token, "actor_token_type": actor_token_type, "options": None, } # Add additional non-standard options. if additional_options: request_body["options"] = urllib.parse.quote( json.dumps(additional_options)) # Remove empty fields in request body. for k, v in dict(request_body).items(): if v is None or v == "": del request_body[k] # Apply OAuth client authentication. self.apply_client_authentication_options(headers, request_body) # Execute request. response = request( url=self._token_exchange_endpoint, method="POST", headers=headers, body=urllib.parse.urlencode(request_body).encode("utf-8"), ) response_body = (response.data.decode("utf-8") if hasattr( response.data, "decode") else response.data) # If non-200 response received, translate to OAuthError exception. if response.status != http.client.OK: utils.handle_error_response(response_body) response_data = json.loads(response_body) # Return successful response. return response_data