From a0819277ad674a5048ff84cc62cf99ba0cee341f Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Tue, 18 Oct 2022 10:20:25 -0700 Subject: [PATCH 1/6] Update to allow for 3PI credentials --- google_auth_oauthlib/helpers.py | 28 +++++++++++++++++++--------- testing/constraints-3.6.txt | 4 ++-- testing/constraints-3.7.txt | 4 ++-- tests/unit/test_helpers.py | 26 ++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 13 deletions(-) diff --git a/google_auth_oauthlib/helpers.py b/google_auth_oauthlib/helpers.py index 7dea24d..c32cc38 100644 --- a/google_auth_oauthlib/helpers.py +++ b/google_auth_oauthlib/helpers.py @@ -24,6 +24,7 @@ import datetime import json +from google.auth import external_account_authorized_user import google.oauth2.credentials import requests_oauthlib @@ -125,14 +126,23 @@ def credentials_from_session(session, client_config=None): "There is no access token for this session, did you call " "fetch_token?" ) - credentials = google.oauth2.credentials.Credentials( - session.token["access_token"], - refresh_token=session.token.get("refresh_token"), - id_token=session.token.get("id_token"), - token_uri=client_config.get("token_uri"), - client_id=client_config.get("client_id"), - client_secret=client_config.get("client_secret"), - scopes=session.scope, - ) + if client_config.get("3pi"): + credentials = google.auth.external_account_authorized_user.Credentials( + token=session.token["access_token"], + refresh_token=session.token.get("refresh_token"), + token_url=client_config.get("token_uri"), + client_id=client_config.get("client_id"), + client_secret=client_config.get("client_secret"), + ) + else: + credentials = google.oauth2.credentials.Credentials( + session.token["access_token"], + refresh_token=session.token.get("refresh_token"), + id_token=session.token.get("id_token"), + token_uri=client_config.get("token_uri"), + client_id=client_config.get("client_id"), + client_secret=client_config.get("client_secret"), + scopes=session.scope, + ) credentials.expiry = datetime.datetime.utcfromtimestamp(session.token["expires_at"]) return credentials diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt index 30ad2de..0b6d9d1 100644 --- a/testing/constraints-3.6.txt +++ b/testing/constraints-3.6.txt @@ -5,6 +5,6 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-auth==1.0.0 +google-auth>=1.13.0 requests-oauthlib==0.7.0 -click==6.0.0 \ No newline at end of file +click==6.0.0 diff --git a/testing/constraints-3.7.txt b/testing/constraints-3.7.txt index 30ad2de..0b6d9d1 100644 --- a/testing/constraints-3.7.txt +++ b/testing/constraints-3.7.txt @@ -5,6 +5,6 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-auth==1.0.0 +google-auth>=1.13.0 requests-oauthlib==0.7.0 -click==6.0.0 \ No newline at end of file +click==6.0.0 diff --git a/tests/unit/test_helpers.py b/tests/unit/test_helpers.py index 9b6472c..6c91aa9 100644 --- a/tests/unit/test_helpers.py +++ b/tests/unit/test_helpers.py @@ -19,6 +19,8 @@ import mock import pytest +from google.auth import external_account_authorized_user +import google.oauth2.credentials from google_auth_oauthlib import helpers DATA_DIR = os.path.join(os.path.dirname(__file__), "data") @@ -85,6 +87,7 @@ def test_credentials_from_session(session): credentials = helpers.credentials_from_session(session, CLIENT_SECRETS_INFO["web"]) + assert isinstance(credentials, google.oauth2.credentials.Credentials) assert credentials.token == mock.sentinel.access_token assert credentials.expiry == datetime.datetime(1990, 5, 29, 8, 20, 0) assert credentials._refresh_token == mock.sentinel.refresh_token @@ -94,6 +97,29 @@ def test_credentials_from_session(session): assert credentials._token_uri == CLIENT_SECRETS_INFO["web"]["token_uri"] +def test_credentials_from_session_3pi(session): + session.token = { + "access_token": mock.sentinel.access_token, + "refresh_token": mock.sentinel.refresh_token, + "id_token": mock.sentinel.id_token, + "expires_at": 643969200.0, + } + + client_secrets_info = CLIENT_SECRETS_INFO["web"].copy() + client_secrets_info["3pi"] = True + credentials = helpers.credentials_from_session(session, client_secrets_info) + + assert isinstance( + credentials, google.auth.external_account_authorized_user.Credentials + ) + assert credentials.token == mock.sentinel.access_token + assert credentials.expiry == datetime.datetime(1990, 5, 29, 8, 20, 0) + assert credentials._refresh_token == mock.sentinel.refresh_token + assert credentials._client_id == CLIENT_SECRETS_INFO["web"]["client_id"] + assert credentials._client_secret == CLIENT_SECRETS_INFO["web"]["client_secret"] + assert credentials._token_url == CLIENT_SECRETS_INFO["web"]["token_uri"] + + def test_bad_credentials(session): with pytest.raises(ValueError): helpers.credentials_from_session(session) From e44235699ce493b4b67ec18e73830ec5c4bcfb64 Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Tue, 18 Oct 2022 10:30:52 -0700 Subject: [PATCH 2/6] Lint --- google_auth_oauthlib/helpers.py | 2 +- tests/unit/test_helpers.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/google_auth_oauthlib/helpers.py b/google_auth_oauthlib/helpers.py index c32cc38..19a4af9 100644 --- a/google_auth_oauthlib/helpers.py +++ b/google_auth_oauthlib/helpers.py @@ -127,7 +127,7 @@ def credentials_from_session(session, client_config=None): ) if client_config.get("3pi"): - credentials = google.auth.external_account_authorized_user.Credentials( + credentials = external_account_authorized_user.Credentials( token=session.token["access_token"], refresh_token=session.token.get("refresh_token"), token_url=client_config.get("token_uri"), diff --git a/tests/unit/test_helpers.py b/tests/unit/test_helpers.py index 6c91aa9..52c6755 100644 --- a/tests/unit/test_helpers.py +++ b/tests/unit/test_helpers.py @@ -110,7 +110,7 @@ def test_credentials_from_session_3pi(session): credentials = helpers.credentials_from_session(session, client_secrets_info) assert isinstance( - credentials, google.auth.external_account_authorized_user.Credentials + credentials, external_account_authorized_user.Credentials ) assert credentials.token == mock.sentinel.access_token assert credentials.expiry == datetime.datetime(1990, 5, 29, 8, 20, 0) From 420ec82826cf1517669facea293cfcdbed133493 Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Tue, 18 Oct 2022 10:36:32 -0700 Subject: [PATCH 3/6] Changes Requested by Sai --- testing/constraints-3.6.txt | 2 +- testing/constraints-3.7.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/constraints-3.6.txt b/testing/constraints-3.6.txt index 0b6d9d1..7decfc9 100644 --- a/testing/constraints-3.6.txt +++ b/testing/constraints-3.6.txt @@ -5,6 +5,6 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-auth>=1.13.0 +google-auth==2.13.0 requests-oauthlib==0.7.0 click==6.0.0 diff --git a/testing/constraints-3.7.txt b/testing/constraints-3.7.txt index 0b6d9d1..65744e7 100644 --- a/testing/constraints-3.7.txt +++ b/testing/constraints-3.7.txt @@ -5,6 +5,6 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-auth>=1.13.0 +google-aut==2.13.0 requests-oauthlib==0.7.0 click==6.0.0 From c8e6abe9d03cee291355172943919d4059eb1ebd Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Tue, 18 Oct 2022 10:38:57 -0700 Subject: [PATCH 4/6] Update google_auth_oauthlib/helpers.py Co-authored-by: Carl Lundin <108372512+clundin25@users.noreply.github.com> --- google_auth_oauthlib/helpers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google_auth_oauthlib/helpers.py b/google_auth_oauthlib/helpers.py index 19a4af9..292c19d 100644 --- a/google_auth_oauthlib/helpers.py +++ b/google_auth_oauthlib/helpers.py @@ -126,7 +126,7 @@ def credentials_from_session(session, client_config=None): "There is no access token for this session, did you call " "fetch_token?" ) - if client_config.get("3pi"): + if "3pi" in client_config: credentials = external_account_authorized_user.Credentials( token=session.token["access_token"], refresh_token=session.token.get("refresh_token"), From 3d02ca51eea2892d77596acb61966ea555b837b4 Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Tue, 18 Oct 2022 10:40:43 -0700 Subject: [PATCH 5/6] Black --- tests/unit/test_helpers.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/unit/test_helpers.py b/tests/unit/test_helpers.py index 52c6755..a0fba03 100644 --- a/tests/unit/test_helpers.py +++ b/tests/unit/test_helpers.py @@ -109,9 +109,7 @@ def test_credentials_from_session_3pi(session): client_secrets_info["3pi"] = True credentials = helpers.credentials_from_session(session, client_secrets_info) - assert isinstance( - credentials, external_account_authorized_user.Credentials - ) + assert isinstance(credentials, external_account_authorized_user.Credentials) assert credentials.token == mock.sentinel.access_token assert credentials.expiry == datetime.datetime(1990, 5, 29, 8, 20, 0) assert credentials._refresh_token == mock.sentinel.refresh_token From e21348f11cc4844bd82fc583ed613512d05362dc Mon Sep 17 00:00:00 2001 From: Ryan Kohler Date: Tue, 18 Oct 2022 13:52:53 -0700 Subject: [PATCH 6/6] Typo --- testing/constraints-3.7.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testing/constraints-3.7.txt b/testing/constraints-3.7.txt index 65744e7..7decfc9 100644 --- a/testing/constraints-3.7.txt +++ b/testing/constraints-3.7.txt @@ -5,6 +5,6 @@ # # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev", # Then this file should have foo==1.14.0 -google-aut==2.13.0 +google-auth==2.13.0 requests-oauthlib==0.7.0 click==6.0.0