clear token on oauth2.0 error

[nathangoulding]

This implements OAuth2.0 error handling as described in the RFC on refresh, and clears the token locally.

Fixes #311. BigQuery respects the OAuth2.0 RFC, so the behavior he describes is resolved without any changes to bigrquery.

Tested locally both using the local file cache and not.

[krlmlr]

This works better. On the first try, I'm seeing:

> query_exec(sql, project = project)
Auto-refreshing stale OAuth token.
No encoding supplied: defaulting to UTF-8.
Error: Invalid Credentials
In addition: Warning message:
In req$auth_token$refresh() :
  Unable to get refreshed credentials with refresh token
9: stop(out$err$message, call. = FALSE) at request.r#67
8: process_request(req) at request.r#34
7: bq_post(url, body) at jobs.r#60
6: insert_query_job(query, project, destination_table = destination_table, 
       default_dataset = default_dataset) at query.r#32
5: query_exec(sql, project = project) at oauth.R#4
4: eval(expr, envir, enclos)
3: eval(ei, envir)
2: withVisible(eval(ei, envir))
1: source("oauth.R")

Only the second try opens a browser for re-authentication. Furthermore, from RStudio, I was able to connect even after I had revoked the access from the Google console and after restarting RStudio. Then I tried from the R console, which led to the behavior above. I'm not sure if this is due to a timeout or some magic cache.

[hadley]

That should be content$error or content[["error"]]

[hadley]

But it seems like it would be safer to assume that any error implies that it failed.

[hadley]

I think the logic here could be made more clear. Maybe:

creds <- refresh_oauth2.0(self$endpoint, self$app,
  self$credentials, self$params$user_params)
if (is.null(creds) {
  remove_cached_token(self)
  warning("Unable refresh token", call. = FALSE)
} else {
  self$credentials <- creds
  self$cache()
}
self

?

[hadley]

Or maybe the warning should occur in refresh_oauth2.0()?

[nathangoulding]

Yeah, I think the warning should probably occur in refresh_oauth2.0 in thinking about it.

[nathangoulding]

PTAL

[krlmlr]

I'm now reliably seeing the following behavior (using nathangoulding/bigrquery#71):

• Initial state: Connection from bigrquery works, no service token set

• Revoke access via https://myaccount.google.com/security#connectedapps

  • I can still connect from bigrquery for a minute or so

• Eventually, I'm seeing the following as a result from query_exec():

  Auto-refreshing stale OAuth token.
  No encoding supplied: defaulting to UTF-8.
  Error: Invalid Credentials
  In addition: Warning message:
  Unable to refresh token 
  9: stop(out$err$message, call. = FALSE) at request.r#67
  8: process_request(req) at request.r#34
  7: bq_post(url, body) at jobs.r#60
  6: insert_query_job(query, project, destination_table = destination_table, 
         default_dataset = default_dataset) at query.r#32
  5: query_exec(sql, project = project) at oauth.R#5
  4: eval(expr, envir, enclos)
  3: eval(ei, envir)
  2: withVisible(eval(ei, envir))
  1: source("~/git/R/bigrquery/oauth.R", echo = TRUE)
  

• The second call of query_exec() finally opens the authentication page in the browser

[hadley]

@nathangoulding LTGM - can you please add a bullet to NEWS?

[hadley]

@krlmlr I think eliminating the second refresh will require a tweak in bigrquery

[nathangoulding]

Updated NEWS.

[hadley]

Thanks!