fix: adding more properties to external_account_authorized_user

google/auth/external_account_authorized_user.py

@@ -73,6 +73,7 @@ def __init__(
         token_url=None,
         token_info_url=None,
         revoke_url=None,
+        scopes=None,
         quota_project_id=None,
     ):
         """Instantiates a external account authorized user credentials object.
@@ -117,6 +118,7 @@ def __init__(
         self._client_secret = client_secret
         self._revoke_url = revoke_url
         self._quota_project_id = quota_project_id
+        self._scopes = scopes
 
         self._client_auth = None
         if self._client_id:
@@ -154,20 +156,41 @@ def constructor_args(self):
             "token": self.token,
             "expiry": self.expiry,
             "revoke_url": self._revoke_url,
+            "scopes": self._scopes,
             "quota_project_id": self._quota_project_id,
         }
 
+    @property
+    def scopes(self):
+        """Optional[str]: The OAuth 2.0 permission scopes."""
+        return self._scopes
+
     @property
     def requires_scopes(self):
         """ False: OAuth 2.0 credentials have their scopes set when
         the initial token is requested and can not be changed."""
         return False
 
+    @property
+    def client_id(self):
+        """Optional[str]: The OAuth 2.0 client ID."""
+        return self._client_id
+
+    @property
+    def client_secret(self):
+        """Optional[str]: The OAuth 2.0 client secret."""
+        return self._client_secret
+
     @property
     def is_user(self):
         """ True: This credential always represents a user."""
         return True
 
+    @property
+    def token_info_url(self):
+        """Optional[str]: The STS endpoint for token info."""
+        return self._token_info_url
+
     def get_project_id(self):
         """Retrieves the project ID corresponding to the workload identity or workforce pool.
         For workforce pool credentials, it returns the project ID corresponding to

tests/test_external_account_authorized_user.py

@@ -42,6 +42,7 @@
 CLIENT_SECRET = "password"
 # Base64 encoding of "username:password".
 BASIC_AUTH_ENCODING = "dXNlcm5hbWU6cGFzc3dvcmQ="
+SCOPES = ["email", "profile"]
 
 
 class TestCredentials(object):
@@ -87,18 +88,23 @@ def test_default_state(self):
         assert not creds.token
         assert not creds.valid
         assert not creds.requires_scopes
+        assert not creds.scopes
+        assert creds.token_info_url
+        assert creds.client_id
+        assert creds.client_secret
         assert creds.is_user
 
     def test_basic_create(self):
         creds = external_account_authorized_user.Credentials(
-            token=ACCESS_TOKEN, expiry=datetime.datetime.max
+            token=ACCESS_TOKEN, expiry=datetime.datetime.max, scopes=SCOPES,
         )
 
         assert creds.expiry == datetime.datetime.max
         assert not creds.expired
         assert creds.token == ACCESS_TOKEN
         assert creds.valid
         assert not creds.requires_scopes
+        assert creds.scopes == SCOPES
         assert creds.is_user
 
     def test_stunted_create(self):