Is your feature request related to a problem? Please describe.
When using the to_json() method of an OAuth2 credentials instance, the authorized scopes of the credentials are saved in the JSON representation:
https://github.com/googleapis/google-auth-library-python/blob/038ae1b78dc83e44ad39ef7ba15c607f62232087/google/oauth2/credentials.py#L313
However, when reading the JSON via from_authorized_user_file() (or from_authorized_user_info()), the saved scopes are being discarded and optionally replaced by the ones provided via the scopes parameter.
https://github.com/googleapis/google-auth-library-python/blob/038ae1b78dc83e44ad39ef7ba15c607f62232087/google/oauth2/credentials.py#L266
That option can potentially be a cause for confusion, however—as the scopes saved in the JSON representation are most likely the actual scopes the credentials are authorized for, whereas any manual scopes set may or may not represent the scopes that can actually be used.
Describe the solution you'd like
I think from_authorized_user_file() and from_authorized_user_info() could be changed to use the scopes as listed in the JSON representation of the credentials being loaded when the optional parameter scopes is not being provided.
This could be considered a breaking change, however currently the scopes field of a created Credentials instance are set to None in the case where they are not explicitly given as a parameter. I can't really imagine a use case where an application depends on the scopes attribute of a new Credentials object being None. But it is possible, of course.
Alternatively, the described behavior could be exposed via a new flag for both from_authorized_user_file() and from_authorized_user_info() (something along the lines of use_saved_scopes=False).
Describe alternatives you've considered
Currently I read the JSON on my own and set the extracted scopes via the scopes parameter of from_authorized_user_info(). The change suggested above would make it possible to just use from_authorized_user_file() directly.
Is your feature request related to a problem? Please describe.
When using the
to_json()method of an OAuth2 credentials instance, the authorized scopes of the credentials are saved in the JSON representation:https://github.com/googleapis/google-auth-library-python/blob/038ae1b78dc83e44ad39ef7ba15c607f62232087/google/oauth2/credentials.py#L313
However, when reading the JSON via
from_authorized_user_file()(orfrom_authorized_user_info()), the saved scopes are being discarded and optionally replaced by the ones provided via thescopesparameter.https://github.com/googleapis/google-auth-library-python/blob/038ae1b78dc83e44ad39ef7ba15c607f62232087/google/oauth2/credentials.py#L266
That option can potentially be a cause for confusion, however—as the scopes saved in the JSON representation are most likely the actual scopes the credentials are authorized for, whereas any manual scopes set may or may not represent the scopes that can actually be used.
Describe the solution you'd like
I think
from_authorized_user_file()andfrom_authorized_user_info()could be changed to use the scopes as listed in the JSON representation of the credentials being loaded when the optional parameterscopesis not being provided.This could be considered a breaking change, however currently the
scopesfield of a createdCredentialsinstance are set toNonein the case where they are not explicitly given as a parameter. I can't really imagine a use case where an application depends on thescopesattribute of a newCredentialsobject beingNone. But it is possible, of course.Alternatively, the described behavior could be exposed via a new flag for both
from_authorized_user_file()andfrom_authorized_user_info()(something along the lines ofuse_saved_scopes=False).Describe alternatives you've considered
Currently I read the JSON on my own and set the extracted scopes via the
scopesparameter offrom_authorized_user_info(). The change suggested above would make it possible to just usefrom_authorized_user_file()directly.