Index: client/third_party/google/oauth2/credentials.py |
diff --git a/client/third_party/google/oauth2/credentials.py b/client/third_party/google/oauth2/credentials.py |
new file mode 100644 |
index 0000000000000000000000000000000000000000..6a635ddad99bade2b7c6486e92c7aef6fed8cb0e |
--- /dev/null |
+++ b/client/third_party/google/oauth2/credentials.py |
@@ -0,0 +1,131 @@ |
+# Copyright 2016 Google Inc. |
+# |
+# Licensed under the Apache License, Version 2.0 (the "License"); |
+# you may not use this file except in compliance with the License. |
+# You may obtain a copy of the License at |
+# |
+# http://www.apache.org/licenses/LICENSE-2.0 |
+# |
+# Unless required by applicable law or agreed to in writing, software |
+# distributed under the License is distributed on an "AS IS" BASIS, |
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
+# See the License for the specific language governing permissions and |
+# limitations under the License. |
+ |
+"""OAuth 2.0 Credentials. |
+ |
+This module provides credentials based on OAuth 2.0 access and refresh tokens. |
+These credentials usually access resources on behalf of a user (resource |
+owner). |
+ |
+Specifically, this is intended to use access tokens acquired using the |
+`Authorization Code grant`_ and can refresh those tokens using a |
+optional `refresh token`_. |
+ |
+Obtaining the initial access and refresh token is outside of the scope of this |
+module. Consult `rfc6749 section 4.1`_ for complete details on the |
+Authorization Code grant flow. |
+ |
+.. _Authorization Code grant: https://tools.ietf.org/html/rfc6749#section-1.3.1 |
+.. _refresh token: https://tools.ietf.org/html/rfc6749#section-6 |
+.. _rfc6749 section 4.1: https://tools.ietf.org/html/rfc6749#section-4.1 |
+""" |
+ |
+from google.auth import _helpers |
+from google.auth import credentials |
+from google.oauth2 import _client |
+ |
+ |
+class Credentials(credentials.Scoped, credentials.Credentials): |
+ """Credentials using OAuth 2.0 access and refresh tokens.""" |
+ |
+ def __init__(self, token, refresh_token=None, id_token=None, |
+ token_uri=None, client_id=None, client_secret=None, |
+ scopes=None): |
+ """ |
+ Args: |
+ token (Optional(str)): The OAuth 2.0 access token. Can be None |
+ if refresh information is provided. |
+ refresh_token (str): The OAuth 2.0 refresh token. If specified, |
+ credentials can be refreshed. |
+ id_token (str): The Open ID Connect ID Token. |
+ token_uri (str): The OAuth 2.0 authorization server's token |
+ endpoint URI. Must be specified for refresh, can be left as |
+ None if the token can not be refreshed. |
+ client_id (str): The OAuth 2.0 client ID. Must be specified for |
+ refresh, can be left as None if the token can not be refreshed. |
+ client_secret(str): The OAuth 2.0 client secret. Must be specified |
+ for refresh, can be left as None if the token can not be |
+ refreshed. |
+ scopes (Sequence[str]): The scopes that were originally used |
+ to obtain authorization. This is a purely informative parameter |
+ that can be used by :meth:`has_scopes`. OAuth 2.0 credentials |
+ can not request additional scopes after authorization. |
+ """ |
+ super(Credentials, self).__init__() |
+ self.token = token |
+ self._refresh_token = refresh_token |
+ self._id_token = id_token |
+ self._scopes = scopes |
+ self._token_uri = token_uri |
+ self._client_id = client_id |
+ self._client_secret = client_secret |
+ |
+ @property |
+ def refresh_token(self): |
+ """Optional[str]: The OAuth 2.0 refresh token.""" |
+ return self._refresh_token |
+ |
+ @property |
+ def token_uri(self): |
+ """Optional[str]: The OAuth 2.0 authorization server's token endpoint |
+ URI.""" |
+ return self._token_uri |
+ |
+ @property |
+ def id_token(self): |
+ """Optional[str]: The Open ID Connect ID Token. |
+ |
+ Depending on the authorization server and the scopes requested, this |
+ may be populated when credentials are obtained and updated when |
+ :meth:`refresh` is called. This token is a JWT. It can be verified |
+ and decoded using :func:`google.oauth2.id_token.verify_oauth2_token`. |
+ """ |
+ return self._id_token |
+ |
+ @property |
+ def client_id(self): |
+ """Optional[str]: The OAuth 2.0 client ID.""" |
+ return self._client_id |
+ |
+ @property |
+ def client_secret(self): |
+ """Optional[str]: The OAuth 2.0 client secret.""" |
+ return self._client_secret |
+ |
+ @property |
+ def requires_scopes(self): |
+ """False: OAuth 2.0 credentials have their scopes set when |
+ the initial token is requested and can not be changed.""" |
+ return False |
+ |
+ def with_scopes(self, scopes): |
+ """Unavailable, OAuth 2.0 credentials can not be re-scoped. |
+ |
+ OAuth 2.0 credentials have their scopes set when the initial token is |
+ requested and can not be changed. |
+ """ |
+ raise NotImplementedError( |
+ 'OAuth 2.0 Credentials can not modify their scopes.') |
+ |
+ @_helpers.copy_docstring(credentials.Credentials) |
+ def refresh(self, request): |
+ access_token, refresh_token, expiry, grant_response = ( |
+ _client.refresh_grant( |
+ request, self._token_uri, self._refresh_token, self._client_id, |
+ self._client_secret)) |
+ |
+ self.token = access_token |
+ self.expiry = expiry |
+ self._refresh_token = refresh_token |
+ self._id_token = grant_response.get('id_token') |