fix: add SAML challenge to reauth (#819)
* fix: add SAML challenge to reauth
* add enable_reauth_refresh flag
* address comments
* fix unit test
* address comments
* update
* update
* update
* update
* 🦉 Updates from OwlBot
See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Tres Seaver <tseaver@palladion.com>
diff --git a/tests/oauth2/test_credentials.py b/tests/oauth2/test_credentials.py
index 4a7f66e..b6a80e3 100644
--- a/tests/oauth2/test_credentials.py
+++ b/tests/oauth2/test_credentials.py
@@ -51,6 +51,7 @@
client_id=cls.CLIENT_ID,
client_secret=cls.CLIENT_SECRET,
rapt_token=cls.RAPT_TOKEN,
+ enable_reauth_refresh=True,
)
def test_default_state(self):
@@ -149,6 +150,7 @@
self.CLIENT_SECRET,
None,
self.RAPT_TOKEN,
+ True,
)
# Check that the credentials have the token and expiry
@@ -219,6 +221,7 @@
self.CLIENT_SECRET,
None,
self.RAPT_TOKEN,
+ False,
)
# Check that the credentials have the token and expiry
@@ -422,6 +425,7 @@
scopes=scopes,
default_scopes=default_scopes,
rapt_token=self.RAPT_TOKEN,
+ enable_reauth_refresh=True,
)
# Refresh credentials
@@ -436,6 +440,7 @@
self.CLIENT_SECRET,
scopes,
self.RAPT_TOKEN,
+ True,
)
# Check that the credentials have the token and expiry
@@ -484,6 +489,7 @@
client_secret=self.CLIENT_SECRET,
default_scopes=default_scopes,
rapt_token=self.RAPT_TOKEN,
+ enable_reauth_refresh=True,
)
# Refresh credentials
@@ -498,6 +504,7 @@
self.CLIENT_SECRET,
default_scopes,
self.RAPT_TOKEN,
+ True,
)
# Check that the credentials have the token and expiry
@@ -549,6 +556,7 @@
client_secret=self.CLIENT_SECRET,
scopes=scopes,
rapt_token=self.RAPT_TOKEN,
+ enable_reauth_refresh=True,
)
# Refresh credentials
@@ -563,6 +571,7 @@
self.CLIENT_SECRET,
scopes,
self.RAPT_TOKEN,
+ True,
)
# Check that the credentials have the token and expiry
@@ -615,6 +624,7 @@
client_secret=self.CLIENT_SECRET,
scopes=scopes,
rapt_token=self.RAPT_TOKEN,
+ enable_reauth_refresh=True,
)
# Refresh credentials
@@ -632,6 +642,7 @@
self.CLIENT_SECRET,
scopes,
self.RAPT_TOKEN,
+ True,
)
# Check that the credentials have the token and expiry
@@ -731,6 +742,7 @@
assert creds.refresh_token == info["refresh_token"]
assert creds.token_uri == credentials._GOOGLE_OAUTH2_TOKEN_ENDPOINT
assert creds.scopes is None
+ assert creds.rapt_token is None
scopes = ["email", "profile"]
creds = credentials.Credentials.from_authorized_user_file(
@@ -742,6 +754,18 @@
assert creds.token_uri == credentials._GOOGLE_OAUTH2_TOKEN_ENDPOINT
assert creds.scopes == scopes
+ def test_from_authorized_user_file_with_rapt_token(self):
+ info = AUTH_USER_INFO.copy()
+ file_path = os.path.join(DATA_DIR, "authorized_user_with_rapt_token.json")
+
+ creds = credentials.Credentials.from_authorized_user_file(file_path)
+ assert creds.client_secret == info["client_secret"]
+ assert creds.client_id == info["client_id"]
+ assert creds.refresh_token == info["refresh_token"]
+ assert creds.token_uri == credentials._GOOGLE_OAUTH2_TOKEN_ENDPOINT
+ assert creds.scopes is None
+ assert creds.rapt_token == "rapt"
+
def test_to_json(self):
info = AUTH_USER_INFO.copy()
expiry = datetime.datetime(2020, 8, 14, 15, 54, 1)