def get_access_token(self, owner, scope):
google_identity = self.get_google_identity(owner)
try:
refresh_token = RefreshToken.get(google_identity)
except DatabaseObjectNotFound:
# The user has not authorized the broker yet
abort(grpc.StatusCode.PERMISSION_DENIED,
self.AUTHZ_ERROR_MESSAGE.format(owner))
oauthsession, client_config = session_from_client_secrets_file(
settings.CLIENT_SECRET_PATH, scopes=scope.split(','))
decrypted_value = encryption.decrypt(
settings.ENCRYPTION_REFRESH_TOKEN_CRYPTO_KEY, refresh_token.value)
try:
access_token = oauthsession.refresh_token(
token_url='https://oauth2.googleapis.com/token',
client_id=client_config['web']['client_id'],
client_secret=client_config['web']['client_secret'],
refresh_token=decrypted_value)
except InvalidGrantError:
# The refresh token has expired or has been revoked
abort(grpc.StatusCode.PERMISSION_DENIED,
self.AUTHZ_ERROR_MESSAGE.format(owner))
return {
'access_token': access_token['access_token'],
'expires_at':
self.calculate_expiry_time(access_token['expires_in'])
}
def __init__(self, secrets_file, user_service: UserService):
self.user_service = user_service
# Verify the secrets_file is in the correct format and save the
# parsed configuration
self.scopes = ['email', 'openid']
session, config = session_from_client_secrets_file(
secrets_file,
scopes=self.scopes)
self.config = config
self.redirect_uri = config['web']['redirect_uris'][0]
def run(*, launch_browser: bool = True):
logging.basicConfig(level=logging.DEBUG)
scopes = [
"https://www.googleapis.com/auth/drive",
"https://www.googleapis.com/auth/spreadsheets",
]
dotenv.load_dotenv(verbose=True)
json_file = pathlib.Path((os.environ["GOOGLE_SECRET"])).expanduser()
session, config = helpers.session_from_client_secrets_file(
json_file, scopes)
gclient = gspread.authorize(Adapter(session, config))
def authorize():
SCOPES = ['https://www.googleapis.com/auth/calendar.events']
#Load application credentials and set redirect url for callback
oauth2_session, client_config = session_from_client_secrets_file(
'Static/Python/credentials.json', scopes=SCOPES)
redirect_uri = url_for('oauth_callback', _external=True)
flow = Flow(oauth2_session, 'web', client_config, redirect_uri,
code_verifier)
#Get authorization url and save state to session
authorization_url, state = flow.authorization_url(prompt='consent')
session['state'] = state
#Send user to authorize
return redirect(authorization_url)
def oauth_callback():
SCOPES = ['https://www.googleapis.com/auth/calendar.events']
state = session['state']
redirect_uri = url_for('oauth_callback', _external=True)
oauth2_session, client_config = session_from_client_secrets_file(
'Static/Python/credentials.json', scopes=SCOPES, state=state)
flow = Flow(oauth2_session, 'web', client_config, redirect_uri,
code_verifier)
#Exchange response for token
authorization_response = request.url
flow.fetch_token(authorization_response=authorization_response)
#Store credentials in session
credentials = flow.credentials
session['credentials'] = credentials_to_dict(credentials)
return redirect(url_for('calendar_import'))
def test_session_from_client_secrets_file():
session, config = helpers.session_from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=mock.sentinel.scopes)
assert config == CLIENT_SECRETS_INFO
assert session.client_id == CLIENT_SECRETS_INFO["web"]["client_id"]
assert session.scope == mock.sentinel.scopes