New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add warnings and helpers for prompt='consent'. #572

Merged
merged 1 commit into from Jul 27, 2016
Jump to file or symbol
Failed to load files and symbols.
+48 −11
Diff settings

Always

Just for now

Add warnings and helpers for prompt='consent'.

  • Loading branch information...
theacodes committed Jul 27, 2016
commit e9bcd2d9d779c462386f523ecc6419477d6fed2c
View
@@ -1762,6 +1762,33 @@ def FromResponse(cls, response):
return cls(**kwargs)
def _oauth2_web_server_flow_params(kwargs):
"""Configures redirect URI parameters for OAuth2WebServerFlow."""
params = {
'access_type': 'offline',
'response_type': 'code',
}
params.update(kwargs)
# Check for the presence of the deprecated approval_prompt param and
# warn appropriately.
approval_prompt = params.get('approval_prompt')
if approval_prompt is not None:
logger.warning(
'The approval_prompt parameter for OAuth2WebServerFlow is '
'deprecated. Please use the prompt parameter instead.')
if approval_prompt == 'force':
logger.warning(
'approval_prompt="force" has been adjusted to '
'prompt="consent"')
params['prompt'] = 'consent'
del params['approval_prompt']
return params
class OAuth2WebServerFlow(Flow):
"""Does the Web Server Flow for OAuth 2.0.
@@ -1785,7 +1812,7 @@ def __init__(self, client_id,
"""Constructor for OAuth2WebServerFlow.
The kwargs argument is used to set extra query parameters on the
auth_uri. For example, the access_type and approval_prompt
auth_uri. For example, the access_type and prompt
query parameters can be set via kwargs.
Args:
@@ -1837,11 +1864,7 @@ def __init__(self, client_id,
self.device_uri = device_uri
self.token_info_uri = token_info_uri
self.authorization_header = authorization_header
self.params = {
'access_type': 'offline',
'response_type': 'code',
}
self.params.update(kwargs)
self.params = _oauth2_web_server_flow_params(kwargs)
@util.positional(1)
def step1_get_authorize_url(self, redirect_uri=None, state=None):
@@ -2001,7 +2024,7 @@ def step2_exchange(self, code=None, http=None, device_flow_info=None):
if not refresh_token:
logger.info(
'Received token response with no refresh_token. Consider '
"reauthenticating with approval_prompt='force'.")
"reauthenticating with prompt='consent'.")
token_expiry = None
if 'expires_in' in d:
delta = datetime.timedelta(seconds=int(d['expires_in']))
@@ -840,15 +840,15 @@ def test_kwargs_are_passed_to_underlying_flow(self):
decorator = appengine.OAuth2Decorator(
client_id='foo_client_id', client_secret='foo_client_secret',
user_agent='foo_user_agent', scope=['foo_scope', 'bar_scope'],
access_type='offline', approval_prompt='force',
access_type='offline', prompt='consent',
revoke_uri='dummy_revoke_uri')
request_handler = MockRequestHandler()
decorator._create_flow(request_handler)
self.assertEqual('https://example.org/oauth2callback',
decorator.flow.redirect_uri)
self.assertEqual('offline', decorator.flow.params['access_type'])
self.assertEqual('force', decorator.flow.params['approval_prompt'])
self.assertEqual('consent', decorator.flow.params['prompt'])
self.assertEqual('foo_user_agent', decorator.flow.user_agent)
self.assertEqual('dummy_revoke_uri', decorator.flow.revoke_uri)
self.assertEqual(None, decorator.flow.params.get('user_agent', None))
@@ -911,8 +911,8 @@ def test_decorator_from_client_secrets_kwargs(self):
decorator = appengine.OAuth2DecoratorFromClientSecrets(
datafile('client_secrets.json'),
scope=['foo_scope', 'bar_scope'],
approval_prompt='force')
self.assertTrue('approval_prompt' in decorator._kwargs)
prompt='consent')
self.assertIn('prompt', decorator._kwargs)
def test_decorator_from_cached_client_secrets(self):
cache_mock = CacheMock()
View
@@ -1679,6 +1679,20 @@ def test_override_flow_via_kwargs(self):
self.assertEqual(client.OOB_CALLBACK_URN, q['redirect_uri'][0])
self.assertEqual('online', q['access_type'][0])
def test__oauth2_web_server_flow_params(self):
params = client._oauth2_web_server_flow_params({})
self.assertEqual(params['access_type'], 'offline')
self.assertEqual(params['response_type'], 'code')
params = client._oauth2_web_server_flow_params({
'approval_prompt': 'force'})
self.assertEqual(params['prompt'], 'consent')
self.assertNotIn('approval_prompt', params)
params = client._oauth2_web_server_flow_params({
'approval_prompt': 'other'})
self.assertEqual(params['approval_prompt'], 'other')
@mock.patch('oauth2client.client.logger')
def test_step1_get_authorize_url_redirect_override(self, logger):
flow = client.OAuth2WebServerFlow('client_id+1', scope='foo',
ProTip! Use n and p to navigate between commits in a pull request.