def get_rapt_token(http_request,
client_id,
client_secret,
refresh_token,
token_uri,
scopes=None):
"""Given an http request method and refresh_token, get rapt token.
Args:
http_request: callable to run http requests. Accepts uri, method, body
and headers. Returns a tuple: (response, content)
client_id: client id to get access token for reauth scope.
client_secret: client secret for the client_id
refresh_token: refresh token to refresh access token
token_uri: uri to refresh access token
scopes: scopes required by the client application
Returns: rapt token.
Raises:
errors.ReauthError if reauth failed
"""
sys.stderr.write('Reauthentication required.\n')
# Get access token for reauth.
response, content = _reauth_client.refresh_grant(
http_request=http_request,
client_id=client_id,
client_secret=client_secret,
refresh_token=refresh_token,
token_uri=token_uri,
scopes=_REAUTH_SCOPE,
headers={'Content-Type': 'application/x-www-form-urlencoded'})
try:
content = json.loads(content)
except (TypeError, ValueError):
raise errors.ReauthAccessTokenRefreshError(
'Invalid response {0}'.format(_substr_for_error_message(content)))
if response.status != http_client.OK:
raise errors.ReauthAccessTokenRefreshError(
_get_refresh_error_message(content), response.status)
if 'access_token' not in content:
raise errors.ReauthAccessTokenRefreshError(
'Access token missing from the response')
# Get rapt token from reauth API.
rapt_token = _obtain_rapt(http_request,
content['access_token'],
requested_scopes=scopes)
return rapt_token
def refresh_access_token(http_request,
client_id,
client_secret,
refresh_token,
token_uri,
rapt=None,
scopes=None,
headers=None):
"""Refresh the access_token using the refresh_token.
Args:
http_request: callable to run http requests. Accepts uri, method, body
and headers. Returns a tuple: (response, content)
client_id: client id to get access token for reauth scope.
client_secret: client secret for the client_id
refresh_token: refresh token to refresh access token
token_uri: uri to refresh access token
scopes: scopes required by the client application
Returns:
Tuple[str, str, str, Optional[str], Optional[str], Optional[str]]: The
rapt token, the access token, new refresh token, expiration,
token id and response content returned by the token endpoint.
Raises:
errors.ReauthError if reauth failed
errors.HttpAccessTokenRefreshError it access token refresh failed
"""
response, content = _reauth_client.refresh_grant(
http_request=http_request,
client_id=client_id,
client_secret=client_secret,
refresh_token=refresh_token,
token_uri=token_uri,
rapt=rapt,
headers=headers)
if response.status != http_client.OK:
# Check if we need a rapt token or if the rapt token is invalid.
# Once we refresh the rapt token, retry the access token refresh.
# If we did refresh the rapt token and still got an error, then the
# refresh token is expired or revoked.
if (_rapt_refresh_required(content)):
rapt = get_rapt_token(
http_request,
client_id,
client_secret,
refresh_token,
token_uri,
scopes=scopes,
)
# retry with refreshed rapt
response, content = _reauth_client.refresh_grant(
http_request=http_request,
client_id=client_id,
client_secret=client_secret,
refresh_token=refresh_token,
token_uri=token_uri,
rapt=rapt,
headers=headers)
try:
content = json.loads(content)
except (TypeError, ValueError):
raise errors.HttpAccessTokenRefreshError(
'Invalid response {0}'.format(_substr_for_error_message(content)),
response.status)
if response.status != http_client.OK:
raise errors.HttpAccessTokenRefreshError(
_get_refresh_error_message(content), response.status)
access_token = content['access_token']
refresh_token = content.get('refresh_token', None)
expires_in = content.get('expires_in', None)
id_token = content.get('id_token', None)
return rapt, content, access_token, refresh_token, expires_in, id_token
