1# Copyright 2016 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15import json 16 17from google.auth import _helpers 18import google.oauth2.credentials 19 20GOOGLE_OAUTH2_TOKEN_ENDPOINT = "https://oauth2.googleapis.com/token" 21 22 23def test_refresh(authorized_user_file, http_request, token_info): 24 with open(authorized_user_file, "r") as fh: 25 info = json.load(fh) 26 27 credentials = google.oauth2.credentials.Credentials( 28 None, # No access token, must be refreshed. 29 refresh_token=info["refresh_token"], 30 token_uri=GOOGLE_OAUTH2_TOKEN_ENDPOINT, 31 client_id=info["client_id"], 32 client_secret=info["client_secret"], 33 ) 34 35 credentials.refresh(http_request) 36 37 assert credentials.token 38 39 info = token_info(credentials.token) 40 41 info_scopes = _helpers.string_to_scopes(info["scope"]) 42 43 # Canonical list of scopes at https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login 44 # or do `gcloud auth application-defaut login --help` 45 canonical_scopes = set( 46 [ 47 "https://www.googleapis.com/auth/userinfo.email", 48 "https://www.googleapis.com/auth/cloud-platform", 49 "openid", 50 ] 51 ) 52 # When running the test locally, we always have an additional "accounts.reauth" scope. 53 canonical_scopes_with_reauth = canonical_scopes.copy() 54 canonical_scopes_with_reauth.add("https://www.googleapis.com/auth/accounts.reauth") 55 assert set(info_scopes) == canonical_scopes or set(info_scopes) == canonical_scopes_with_reauth 56