OAuth2Token.update_token always expects OpenID scope to be used

[sromero84]

The OAuth2Token.refresh_access_token() code does exactly this:

    ...
    new_token = self.fetch_access_token(token_api)
    self.update_token(**new_token)
    ...

And the update_token() method always expects an id_token token to be passed, which is false if the original scope did not contain the openid scope.

If the openid is not requested (which is very common), the code throws an exception:

  File ".../env/lib/python3.7/site-packages/xero_python/api_client/__init__.py", line 186, in __call_api
    self.update_params_for_auth(header_params, query_params, auth_settings)
  File ".../env/lib/python3.7/site-packages/xero_python/api_client/__init__.py", line 579, in update_params_for_auth
    auth_setting = auth_setting(api_client=self)
  File ".../env/lib/python3.7/site-packages/xero_python/api_client/oauth2.py", line 109, in create_auth_settings
    self.update_token(**api_client.get_oauth2_token())
TypeError: update_token() missing 1 required positional argument: 'id_token'

I believe that the code should optionally expect an id_token argument. I'd like to confirm this, before working on an pull request.

[SidneyAllen]

@sromero84 - I've confirmed that you are correct. We've not included the option to omit the openid scopes for token refresh.

We'd welcome a PR to address this if you're available to contribute. 😄

[sromero84]

@SidneyAllen Thanks for confirming. Sure, will try to create a pull request next week.

[sromero84]

@SidneyAllen I've created the PR, let me know if you think I'm missing something. Feel free to edit/add test if you consider as well.

I've tested locally and now I'm able to migrate from OAuth1 and refresh the tokens successfully.

[sromero84]

@SidneyAllen Did you have any chance to look at this one?