google.oauth2.utils module

OAuth 2.0 Utilities.

This module provides implementations for various OAuth 2.0 utilities. This includes OAuth error handling and Client authentication for OAuth flows.

OAuth error handling

This will define interfaces for handling OAuth related error responses as stated in RFC 6749 section 5.2. This will include a common function to convert these HTTP error responses to a google.auth.exceptions.OAuthError exception.

Client authentication for OAuth flows

We introduce an interface for defining client authentication credentials based on RFC 6749 section 2.3.1. This will expose the following capabilities:

  • Ability to support basic authentication via request header.

  • Ability to support bearer token authentication via request header.

  • Ability to support client ID / secret authentication via request body.

class ClientAuthType(value)[source]

Bases: Enum

An enumeration.

class ClientAuthentication(client_auth_type, client_id, client_secret=None)[source]

Bases: object

Defines the client authentication credentials for basic and request-body types based on https://tools.ietf.org/html/rfc6749#section-2.3.1.

Instantiates a client authentication object containing the client ID and secret credentials for basic and response-body auth.

Parameters:
  • client_auth_type (google.oauth2.oauth_utils.ClientAuthType) – The client authentication type.

  • client_id (str) – The client ID.

  • client_secret (Optional [ str ]) – The client secret.

class OAuthClientAuthHandler(client_authentication=None)[source]

Bases: object

Abstract class for handling client authentication in OAuth-based operations.

Instantiates an OAuth client authentication handler.

Parameters:

client_authentication (Optional [ google.oauth2.utils.ClientAuthentication ]) – The OAuth client authentication credentials if available.

apply_client_authentication_options(headers, request_body=None, bearer_token=None)[source]

Applies client authentication on the OAuth request’s headers or POST body.

Parameters:
  • headers (Mapping [ str, str ]) – The HTTP request header.

  • request_body (Optional [ Mapping [ str, str ] ]) – The HTTP request body dictionary. For requests that do not support request body, this is None and will be ignored.

  • bearer_token (Optional [ str ]) – The optional bearer token.

handle_error_response(response_body)[source]

Translates an error response from an OAuth operation into an OAuthError exception.

Parameters:

response_body (str) – The decoded response data.

Raises:

google.auth.exceptions.OAuthError