Skip to content
This repository has been archived by the owner on Nov 5, 2019. It is now read-only.

Commit

Permalink
Add warnings and helpers for prompt='consent'.
Browse files Browse the repository at this point in the history
  • Loading branch information
Jon Wayne Parrott committed Jul 27, 2016
1 parent bb2386e commit ccddbc2
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 11 deletions.
37 changes: 30 additions & 7 deletions oauth2client/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1762,6 +1762,33 @@ def FromResponse(cls, response):
return cls(**kwargs)


def _oauth2_web_server_flow_params(kwargs):
"""Configures redirect URI parameters for OAuth2WebServerFlow."""
params = {
'access_type': 'offline',
'response_type': 'code',
}

params.update(kwargs)

# Check for the presence of the deprecated approval_prompt param and
# warn appropriately.
approval_prompt = params.get('approval_prompt')
if approval_prompt is not None:
logger.warning(
'The approval_prompt parameter for OAuth2WebServerFlow is '
'deprecated. Please use the prompt parameter instead.')

if approval_prompt == 'force':
logger.warning(
'approval_prompt="force" has been adjusted to '
'prompt="consent"')
params['prompt'] = 'consent'
del params['approval_prompt']

return params


class OAuth2WebServerFlow(Flow):
"""Does the Web Server Flow for OAuth 2.0.
Expand All @@ -1785,7 +1812,7 @@ def __init__(self, client_id,
"""Constructor for OAuth2WebServerFlow.
The kwargs argument is used to set extra query parameters on the
auth_uri. For example, the access_type and approval_prompt
auth_uri. For example, the access_type and prompt
query parameters can be set via kwargs.
Args:
Expand Down Expand Up @@ -1837,11 +1864,7 @@ def __init__(self, client_id,
self.device_uri = device_uri
self.token_info_uri = token_info_uri
self.authorization_header = authorization_header
self.params = {
'access_type': 'offline',
'response_type': 'code',
}
self.params.update(kwargs)
self.params = _oauth2_web_server_flow_params(kwargs)

@util.positional(1)
def step1_get_authorize_url(self, redirect_uri=None, state=None):
Expand Down Expand Up @@ -2001,7 +2024,7 @@ def step2_exchange(self, code=None, http=None, device_flow_info=None):
if not refresh_token:
logger.info(
'Received token response with no refresh_token. Consider '
"reauthenticating with approval_prompt='force'.")
"reauthenticating with prompt='consent'.")
token_expiry = None
if 'expires_in' in d:
delta = datetime.timedelta(seconds=int(d['expires_in']))
Expand Down
8 changes: 4 additions & 4 deletions tests/contrib/test_appengine.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -840,15 +840,15 @@ def test_kwargs_are_passed_to_underlying_flow(self):
decorator = appengine.OAuth2Decorator(
client_id='foo_client_id', client_secret='foo_client_secret',
user_agent='foo_user_agent', scope=['foo_scope', 'bar_scope'],
access_type='offline', approval_prompt='force',
access_type='offline', prompt='consent',
revoke_uri='dummy_revoke_uri')
request_handler = MockRequestHandler()
decorator._create_flow(request_handler)

self.assertEqual('https://example.org/oauth2callback',
decorator.flow.redirect_uri)
self.assertEqual('offline', decorator.flow.params['access_type'])
self.assertEqual('force', decorator.flow.params['approval_prompt'])
self.assertEqual('consent', decorator.flow.params['prompt'])
self.assertEqual('foo_user_agent', decorator.flow.user_agent)
self.assertEqual('dummy_revoke_uri', decorator.flow.revoke_uri)
self.assertEqual(None, decorator.flow.params.get('user_agent', None))
Expand Down Expand Up @@ -911,8 +911,8 @@ def test_decorator_from_client_secrets_kwargs(self):
decorator = appengine.OAuth2DecoratorFromClientSecrets(
datafile('client_secrets.json'),
scope=['foo_scope', 'bar_scope'],
approval_prompt='force')
self.assertTrue('approval_prompt' in decorator._kwargs)
prompt='consent')
self.assertIn('prompt', decorator._kwargs)

def test_decorator_from_cached_client_secrets(self):
cache_mock = CacheMock()
Expand Down
10 changes: 10 additions & 0 deletions tests/test_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1679,6 +1679,16 @@ def test_override_flow_via_kwargs(self):
self.assertEqual(client.OOB_CALLBACK_URN, q['redirect_uri'][0])
self.assertEqual('online', q['access_type'][0])

def test__check_for_approval_prompt(self):
self.flow.params['approval_prompt'] = 'force'
self.flow._check_for_approval_prompt()
self.assertEqual(self.flow.params['prompt'], 'consent')
self.assertNotIn('approval_prompt', self.flow.params)

self.flow.params['approval_prompt'] = 'other'
self.flow._check_for_approval_prompt()
self.assertEqual(self.flow.params['approval_prompt'], 'other')

@mock.patch('oauth2client.client.logger')
def test_step1_get_authorize_url_redirect_override(self, logger):
flow = client.OAuth2WebServerFlow('client_id+1', scope='foo',
Expand Down

0 comments on commit ccddbc2

Please sign in to comment.