def get_access_token(self, owner, scope): google_identity = self.get_google_identity(owner) try: refresh_token = RefreshToken.get(google_identity) except DatabaseObjectNotFound: # The user has not authorized the broker yet abort(grpc.StatusCode.PERMISSION_DENIED, self.AUTHZ_ERROR_MESSAGE.format(owner)) oauthsession, client_config = session_from_client_secrets_file( settings.CLIENT_SECRET_PATH, scopes=scope.split(',')) decrypted_value = encryption.decrypt( settings.ENCRYPTION_REFRESH_TOKEN_CRYPTO_KEY, refresh_token.value) try: access_token = oauthsession.refresh_token( token_url='https://oauth2.googleapis.com/token', client_id=client_config['web']['client_id'], client_secret=client_config['web']['client_secret'], refresh_token=decrypted_value) except InvalidGrantError: # The refresh token has expired or has been revoked abort(grpc.StatusCode.PERMISSION_DENIED, self.AUTHZ_ERROR_MESSAGE.format(owner)) return { 'access_token': access_token['access_token'], 'expires_at': self.calculate_expiry_time(access_token['expires_in']) }
def __init__(self, secrets_file, user_service: UserService): self.user_service = user_service # Verify the secrets_file is in the correct format and save the # parsed configuration self.scopes = ['email', 'openid'] session, config = session_from_client_secrets_file( secrets_file, scopes=self.scopes) self.config = config self.redirect_uri = config['web']['redirect_uris'][0]
def run(*, launch_browser: bool = True): logging.basicConfig(level=logging.DEBUG) scopes = [ "https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/spreadsheets", ] dotenv.load_dotenv(verbose=True) json_file = pathlib.Path((os.environ["GOOGLE_SECRET"])).expanduser() session, config = helpers.session_from_client_secrets_file( json_file, scopes) gclient = gspread.authorize(Adapter(session, config))
def authorize(): SCOPES = ['https://www.googleapis.com/auth/calendar.events'] #Load application credentials and set redirect url for callback oauth2_session, client_config = session_from_client_secrets_file( 'Static/Python/credentials.json', scopes=SCOPES) redirect_uri = url_for('oauth_callback', _external=True) flow = Flow(oauth2_session, 'web', client_config, redirect_uri, code_verifier) #Get authorization url and save state to session authorization_url, state = flow.authorization_url(prompt='consent') session['state'] = state #Send user to authorize return redirect(authorization_url)
def oauth_callback(): SCOPES = ['https://www.googleapis.com/auth/calendar.events'] state = session['state'] redirect_uri = url_for('oauth_callback', _external=True) oauth2_session, client_config = session_from_client_secrets_file( 'Static/Python/credentials.json', scopes=SCOPES, state=state) flow = Flow(oauth2_session, 'web', client_config, redirect_uri, code_verifier) #Exchange response for token authorization_response = request.url flow.fetch_token(authorization_response=authorization_response) #Store credentials in session credentials = flow.credentials session['credentials'] = credentials_to_dict(credentials) return redirect(url_for('calendar_import'))
def test_session_from_client_secrets_file(): session, config = helpers.session_from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=mock.sentinel.scopes) assert config == CLIENT_SECRETS_INFO assert session.client_id == CLIENT_SECRETS_INFO["web"]["client_id"] assert session.scope == mock.sentinel.scopes