feat: default redirect when use_local_webserver = False (#62)

* add oauth logic and webapp default handling * updates logic * feat: adds decision logic to handle multiple oauth use cases * lint the files and remove f-string
pydata · Jan 24, 2023 · 41852ce · 41852ce
1 parent 1d55d53
commit 41852ce
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 6 deletions.
diff --git a/docs/source/_static/js/authcodescripts.js b/docs/source/_static/js/authcodescripts.js
@@ -0,0 +1,30 @@
+function onloadoauthcode() {
+    const PARAMS = new Proxy(new URLSearchParams(window.location.search), {
+        get: (searchParams, prop) => searchParams.get(prop),
+    });
+    const AUTH_CODE = PARAMS.code;
+
+    document.querySelector('.auth-code').textContent = AUTH_CODE;
+
+    setupCopyButton(document.querySelector('.copy'), AUTH_CODE);
+}
+
+function setupCopyButton(button, text) {
+    button.addEventListener('click', () => {
+        navigator.clipboard.writeText(text);
+        button.textContent = "Verification Code Copied";
+        setTimeout(() => {
+            // Remove the aria-live label so that when the
+            // button text changes back to "Copy", it is
+            // not read out.
+            button.removeAttribute("aria-live");
+            button.textContent = "Copy";
+        }, 1000);
+
+        // Re-Add the aria-live attribute to enable speech for
+        // when button text changes next time.
+        setTimeout(() => {
+            button.setAttribute("aria-live", "assertive");
+        }, 2000);
+    });
+}
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -184,6 +184,10 @@
 #
 # html_extra_path = []
 
+html_js_files = [
+    "js/authcodescripts.js",
+]
+
 # If not None, a 'Last updated on:' timestamp is inserted at every page
 # bottom, using the given strftime format.
 # The empty string is equivalent to '%b %d, %Y'.

diff --git a/docs/source/oauth.rst b/docs/source/oauth.rst
@@ -0,0 +1,39 @@
+.. image:: https://lh3.googleusercontent.com/n4u3LcbRm3yvTK-EzYqGGtqHBf83KnfY14-3z9mIPRCrIKv-K4ieqJVLYl-yVM7H5EM
+   :alt: pydata logo
+   :class: logo
+
+Sign in to BigQuery
+===================
+
+You are seeing this page because you are attempting to access BigQuery via one 
+of several possible methods, including: 
+
+  * the ``pydata-google-auth`` library
+
+  OR a ``pandas`` library helper function such as:
+
+  * ``pandas.DataFrame.to_gbq()``
+  * ``pandas.read_gbq()``
+
+from this or another machine. If this is not the case, close this tab.
+
+Enter the following verification code in the CommandLine Interface (CLI) on the
+machine you want to log into. This is a credential **similar to your password**
+and should not be shared with others.
+
+
+.. raw:: html
+
+   <script type="text/javascript">
+     window.addEventListener( "load", onloadoauthcode )
+   </script>
+
+   <div>
+      <code class="auth-code"></code>
+   </div>
+   <br>
+   <button class="copy" aria-live="assertive">Copy</button>
+
+.. hint::
+
+   You can close this tab when you’re done.
diff --git a/pydata_google_auth/auth.py b/pydata_google_auth/auth.py
@@ -16,8 +16,17 @@
 
 logger = logging.getLogger(__name__)
 
-CLIENT_ID = "262006177488-3425ks60hkk80fssi9vpohv88g6q1iqd.apps.googleusercontent.com"
-CLIENT_SECRET = "JSF-iczmzEgbTR-XK-2xaWAc"
+DESKTOP_CLIENT_ID = (
+    "262006177488-3425ks60hkk80fssi9vpohv88g6q1iqd.apps.googleusercontent.com"
+)
+DESKTOP_CLIENT_SECRET = "JSF-iczmzEgbTR-XK-2xaWAc"
+
+# webapp CID/CS to enable a redirect uri/client id/secret that is not OOB.
+WEBAPP_REDIRECT_URI = "https://pydata-google-auth.readthedocs.io/en/latest/oauth.html"
+WEBAPP_CLIENT_ID = (
+    "262006177488-ka1m0ue4fptfmt9siejdd5lom7p39upa.apps.googleusercontent.com"
+)
+WEBAPP_CLIENT_SECRET = "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"
 
 GOOGLE_AUTH_URI = "https://accounts.google.com/o/oauth2/auth"
 GOOGLE_TOKEN_URI = "https://oauth2.googleapis.com/token"
@@ -279,10 +288,26 @@ def get_user_credentials(
     # aren't included in the docs. A string of bytes isn't useful for the
     # documentation and might encourage the values to be used outside of this
     # library.
-    if client_id is None:
-        client_id = CLIENT_ID
-    if client_secret is None:
-        client_secret = CLIENT_SECRET
+
+    if use_local_webserver:
+        if client_id is None:
+            client_id = DESKTOP_CLIENT_ID
+        if client_secret is None:
+            client_secret = DESKTOP_CLIENT_SECRET
+
+    elif not use_local_webserver and not redirect_uri:
+        if client_id is None:
+            client_id = WEBAPP_CLIENT_ID
+        if client_secret is None:
+            client_secret = WEBAPP_CLIENT_SECRET
+        redirect_uri = WEBAPP_REDIRECT_URI
+
+    elif not use_local_webserver and redirect_uri:
+        if (client_id is None) or (client_secret is None):
+            raise exceptions.PyDataCredentialsError(
+                """Unable to get valid credentials: please provide a
+valid client_id and/or client_secret."""
+            )
 
     credentials = credentials_cache.load()