googleapis · clundin25 · Oct 20, 2022 · Oct 18, 2022 · Oct 18, 2022 · Oct 18, 2022
@@ -24,6 +24,7 @@
 import datetime
 import json
 
+from google.auth import external_account_authorized_user
 import google.oauth2.credentials
 import requests_oauthlib
 
@@ -125,14 +126,23 @@ def credentials_from_session(session, client_config=None):
             "There is no access token for this session, did you call " "fetch_token?"
         )
 
-    credentials = google.oauth2.credentials.Credentials(
-        session.token["access_token"],
-        refresh_token=session.token.get("refresh_token"),
-        id_token=session.token.get("id_token"),
-        token_uri=client_config.get("token_uri"),
-        client_id=client_config.get("client_id"),
-        client_secret=client_config.get("client_secret"),
-        scopes=session.scope,
-    )
+    if "3pi" in client_config:
+        credentials = external_account_authorized_user.Credentials(
+            token=session.token["access_token"],
+            refresh_token=session.token.get("refresh_token"),
+            token_url=client_config.get("token_uri"),
+            client_id=client_config.get("client_id"),
+            client_secret=client_config.get("client_secret"),
+        )
+    else:
+        credentials = google.oauth2.credentials.Credentials(
+            session.token["access_token"],
+            refresh_token=session.token.get("refresh_token"),
+            id_token=session.token.get("id_token"),
+            token_uri=client_config.get("token_uri"),
+            client_id=client_config.get("client_id"),
+            client_secret=client_config.get("client_secret"),
+            scopes=session.scope,
+        )
     credentials.expiry = datetime.datetime.utcfromtimestamp(session.token["expires_at"])
     return credentials
@@ -5,6 +5,6 @@
 #
 # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev",
 # Then this file should have foo==1.14.0
-google-auth==1.0.0
+google-auth==2.13.0
 requests-oauthlib==0.7.0
-click==6.0.0
+click==6.0.0
@@ -5,6 +5,6 @@
 #
 # e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev",
 # Then this file should have foo==1.14.0
-google-auth==1.0.0
+google-auth==2.13.0
 requests-oauthlib==0.7.0
-click==6.0.0
+click==6.0.0
@@ -19,6 +19,8 @@
 import mock
 import pytest
 
+from google.auth import external_account_authorized_user
+import google.oauth2.credentials
 from google_auth_oauthlib import helpers
 
 DATA_DIR = os.path.join(os.path.dirname(__file__), "data")
@@ -85,6 +87,7 @@ def test_credentials_from_session(session):
 
     credentials = helpers.credentials_from_session(session, CLIENT_SECRETS_INFO["web"])
 
+    assert isinstance(credentials, google.oauth2.credentials.Credentials)
     assert credentials.token == mock.sentinel.access_token
     assert credentials.expiry == datetime.datetime(1990, 5, 29, 8, 20, 0)
     assert credentials._refresh_token == mock.sentinel.refresh_token
@@ -94,6 +97,27 @@ def test_credentials_from_session(session):
     assert credentials._token_uri == CLIENT_SECRETS_INFO["web"]["token_uri"]
 
 
+def test_credentials_from_session_3pi(session):
+    session.token = {
+        "access_token": mock.sentinel.access_token,
+        "refresh_token": mock.sentinel.refresh_token,
+        "id_token": mock.sentinel.id_token,
+        "expires_at": 643969200.0,
+    }
+
+    client_secrets_info = CLIENT_SECRETS_INFO["web"].copy()
+    client_secrets_info["3pi"] = True
+    credentials = helpers.credentials_from_session(session, client_secrets_info)
+
+    assert isinstance(credentials, external_account_authorized_user.Credentials)
+    assert credentials.token == mock.sentinel.access_token
+    assert credentials.expiry == datetime.datetime(1990, 5, 29, 8, 20, 0)
+    assert credentials._refresh_token == mock.sentinel.refresh_token
+    assert credentials._client_id == CLIENT_SECRETS_INFO["web"]["client_id"]
+    assert credentials._client_secret == CLIENT_SECRETS_INFO["web"]["client_secret"]
+    assert credentials._token_url == CLIENT_SECRETS_INFO["web"]["token_uri"]
+
+
 def test_bad_credentials(session):
     with pytest.raises(ValueError):
         helpers.credentials_from_session(session)