As of January 1, 2020 this library no longer supports Python 2 on the latest released version.
Library versions released prior to that date will continue to be available. For more information please
visit Python 2 support on Google Cloud.
Source code for google_auth_oauthlib.helpers
# Copyright 2017 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Integration helpers.
This module provides helpers for integrating with `requests-oauthlib`_.
Typically, you'll want to use the higher-level helpers in
:mod:`google_auth_oauthlib.flow`.
.. _requests-oauthlib: http://requests-oauthlib.readthedocs.io/en/latest/
"""
import datetime
import json
from google.auth import external_account_authorized_user
import google.oauth2.credentials
import requests_oauthlib
_REQUIRED_CONFIG_KEYS = frozenset(("auth_uri", "token_uri", "client_id"))
[docs]def session_from_client_config(client_config, scopes, **kwargs):
"""Creates a :class:`requests_oauthlib.OAuth2Session` from client
configuration loaded from a Google-format client secrets file.
Args:
client_config (Mapping[str, Any]): The client
configuration in the Google `client secrets`_ format.
scopes (Sequence[str]): The list of scopes to request during the
flow.
kwargs: Any additional parameters passed to
:class:`requests_oauthlib.OAuth2Session`
Raises:
ValueError: If the client configuration is not in the correct
format.
Returns:
Tuple[requests_oauthlib.OAuth2Session, Mapping[str, Any]]: The new
oauthlib session and the validated client configuration.
.. _client secrets:
https://github.com/googleapis/google-api-python-client/blob/main/docs/client-secrets.md
"""
if "web" in client_config:
config = client_config["web"]
elif "installed" in client_config:
config = client_config["installed"]
else:
raise ValueError("Client secrets must be for a web or installed app.")
if not _REQUIRED_CONFIG_KEYS.issubset(config.keys()):
raise ValueError("Client secrets is not in the correct format.")
session = requests_oauthlib.OAuth2Session(
client_id=config["client_id"], scope=scopes, **kwargs
)
return session, client_config
[docs]def session_from_client_secrets_file(client_secrets_file, scopes, **kwargs):
"""Creates a :class:`requests_oauthlib.OAuth2Session` instance from a
Google-format client secrets file.
Args:
client_secrets_file (str): The path to the `client secrets`_ .json
file.
scopes (Sequence[str]): The list of scopes to request during the
flow.
kwargs: Any additional parameters passed to
:class:`requests_oauthlib.OAuth2Session`
Returns:
Tuple[requests_oauthlib.OAuth2Session, Mapping[str, Any]]: The new
oauthlib session and the validated client configuration.
.. _client secrets:
https://github.com/googleapis/google-api-python-client/blob/main/docs/client-secrets.md
"""
with open(client_secrets_file, "r") as json_file:
client_config = json.load(json_file)
return session_from_client_config(client_config, scopes, **kwargs)
[docs]def credentials_from_session(session, client_config=None):
"""Creates :class:`google.oauth2.credentials.Credentials` from a
:class:`requests_oauthlib.OAuth2Session`.
:meth:`fetch_token` must be called on the session before before calling
this. This uses the session's auth token and the provided client
configuration to create :class:`google.oauth2.credentials.Credentials`.
This allows you to use the credentials from the session with Google
API client libraries.
Args:
session (requests_oauthlib.OAuth2Session): The OAuth 2.0 session.
client_config (Mapping[str, Any]): The subset of the client
configuration to use. For example, if you have a web client
you would pass in `client_config['web']`.
Returns:
google.oauth2.credentials.Credentials: The constructed credentials.
Raises:
ValueError: If there is no access token in the session.
"""
client_config = client_config if client_config is not None else {}
if not session.token:
raise ValueError(
"There is no access token for this session, did you call " "fetch_token?"
)
if "3pi" in client_config:
credentials = external_account_authorized_user.Credentials(
token=session.token["access_token"],
refresh_token=session.token.get("refresh_token"),
token_url=client_config.get("token_uri"),
client_id=client_config.get("client_id"),
client_secret=client_config.get("client_secret"),
token_info_url=client_config.get("token_info_url"),
scopes=session.scope,
)
else:
credentials = google.oauth2.credentials.Credentials(
session.token["access_token"],
refresh_token=session.token.get("refresh_token"),
id_token=session.token.get("id_token"),
token_uri=client_config.get("token_uri"),
client_id=client_config.get("client_id"),
client_secret=client_config.get("client_secret"),
scopes=session.scope,
granted_scopes=session.token.get("scope"),
)
credentials.expiry = datetime.datetime.utcfromtimestamp(session.token["expires_at"])
return credentials