diff options
author | Clancy Childs <clancychilds@users.noreply.github.com> | 2016-11-28 19:09:30 +0000 |
---|---|---|
committer | Jon Wayne Parrott <jonwayne@google.com> | 2016-11-28 11:09:30 -0800 |
commit | f7f656d6aa0ac111a6692ded3eaaa7b1caf1fedc (patch) | |
tree | 1bc48780b38f534cd06f37612a12b725e60508e6 | |
parent | 2da8ccde3f74507990cb551fe48f6d25820e6ab3 (diff) | |
download | oauth2client-f7f656d6aa0ac111a6692ded3eaaa7b1caf1fedc.tar.gz |
Store original encoded and signed identity JWT in OAuth2Credentials (#680)
-rw-r--r-- | oauth2client/client.py | 17 | ||||
-rw-r--r-- | tests/test_client.py | 2 |
2 files changed, 15 insertions, 4 deletions
diff --git a/oauth2client/client.py b/oauth2client/client.py index 0a1aff9..de2a314 100644 --- a/oauth2client/client.py +++ b/oauth2client/client.py @@ -451,7 +451,7 @@ class OAuth2Credentials(Credentials): def __init__(self, access_token, client_id, client_secret, refresh_token, token_expiry, token_uri, user_agent, revoke_uri=None, id_token=None, token_response=None, scopes=None, - token_info_uri=None): + token_info_uri=None, id_token_jwt=None): """Create an instance of OAuth2Credentials. This constructor is not usually called by the user, instead @@ -474,8 +474,11 @@ class OAuth2Credentials(Credentials): because some providers (e.g. wordpress.com) include extra fields that clients may want. scopes: list, authorized scopes for these credentials. - token_info_uri: string, the URI for the token info endpoint. Defaults - to None; scopes can not be refreshed if this is None. + token_info_uri: string, the URI for the token info endpoint. + Defaults to None; scopes can not be refreshed if + this is None. + id_token_jwt: string, the encoded and signed identity JWT. The + decoded version of this is stored in id_token. Notes: store: callable, A callable that when passed a Credential @@ -493,6 +496,7 @@ class OAuth2Credentials(Credentials): self.user_agent = user_agent self.revoke_uri = revoke_uri self.id_token = id_token + self.id_token_jwt = id_token_jwt self.token_response = token_response self.scopes = set(_helpers.string_to_scopes(scopes or [])) self.token_info_uri = token_info_uri @@ -621,6 +625,7 @@ class OAuth2Credentials(Credentials): data['user_agent'], revoke_uri=data.get('revoke_uri', None), id_token=data.get('id_token', None), + id_token_jwt=data.get('id_token_jwt', None), token_response=data.get('token_response', None), scopes=data.get('scopes', None), token_info_uri=data.get('token_info_uri', None)) @@ -786,8 +791,10 @@ class OAuth2Credentials(Credentials): self.token_expiry = None if 'id_token' in d: self.id_token = _extract_id_token(d['id_token']) + self.id_token_jwt = d['id_token'] else: self.id_token = None + self.id_token_jwt = None # On temporary refresh errors, the user does not actually have to # re-authorize, so we unflag here. self.invalid = False @@ -2059,15 +2066,17 @@ class OAuth2WebServerFlow(Flow): token_expiry = delta + _UTCNOW() extracted_id_token = None + id_token_jwt = None if 'id_token' in d: extracted_id_token = _extract_id_token(d['id_token']) + id_token_jwt = d['id_token'] logger.info('Successfully retrieved access token') return OAuth2Credentials( access_token, self.client_id, self.client_secret, refresh_token, token_expiry, self.token_uri, self.user_agent, revoke_uri=self.revoke_uri, id_token=extracted_id_token, - token_response=d, scopes=self.scope, + id_token_jwt=id_token_jwt, token_response=d, scopes=self.scope, token_info_uri=self.token_info_uri) else: logger.info('Failed to retrieve access token: %s', content) diff --git a/tests/test_client.py b/tests/test_client.py index 786b818..18b7df4 100644 --- a/tests/test_client.py +++ b/tests/test_client.py @@ -1479,6 +1479,7 @@ class BasicCredentialsTests(unittest.TestCase): http = self.credentials.authorize(http) resp, content = transport.request(http, 'http://example.com') self.assertEqual(self.credentials.id_token, body) + self.assertEqual(self.credentials.id_token_jwt, jwt.decode()) class AccessTokenCredentialsTests(unittest.TestCase): @@ -2085,6 +2086,7 @@ class OAuth2WebServerFlowTest(unittest.TestCase): credentials = self.flow.step2_exchange(code='some random code', http=http) self.assertEqual(credentials.id_token, body) + self.assertEqual(credentials.id_token_jwt, jwt.decode()) class FlowFromCachedClientsecrets(unittest.TestCase): |