3 L(ÌYã@sBdZddlmZddlmZddlmZGdd„dejejƒZdS)aéOAuth 2.0 Credentials. This module provides credentials based on OAuth 2.0 access and refresh tokens. These credentials usually access resources on behalf of a user (resource owner). Specifically, this is intended to use access tokens acquired using the `Authorization Code grant`_ and can refresh those tokens using a optional `refresh token`_. Obtaining the initial access and refresh token is outside of the scope of this module. Consult `rfc6749 section 4.1`_ for complete details on the Authorization Code grant flow. .. _Authorization Code grant: https://tools.ietf.org/html/rfc6749#section-1.3.1 .. _refresh token: https://tools.ietf.org/html/rfc6749#section-6 .. _rfc6749 section 4.1: https://tools.ietf.org/html/rfc6749#section-4.1 é)Ú_helpers)Ú credentials)Ú_clientcs~eZdZdZd‡fdd„ Zedd„ƒZedd„ƒZed d „ƒZed d „ƒZ ed d„ƒZ edd„ƒZ e j ejƒdd„ƒZ‡ZS)Ú Credentialsz6Credentials using OAuth 2.0 access and refresh tokens.Ncs<tt|ƒjƒ||_||_||_||_||_||_||_ dS)a“ Args: token (Optional(str)): The OAuth 2.0 access token. Can be None if refresh information is provided. refresh_token (str): The OAuth 2.0 refresh token. If specified, credentials can be refreshed. id_token (str): The Open ID Connect ID Token. token_uri (str): The OAuth 2.0 authorization server's token endpoint URI. Must be specified for refresh, can be left as None if the token can not be refreshed. client_id (str): The OAuth 2.0 client ID. Must be specified for refresh, can be left as None if the token can not be refreshed. client_secret(str): The OAuth 2.0 client secret. Must be specified for refresh, can be left as None if the token can not be refreshed. scopes (Sequence[str]): The scopes that were originally used to obtain authorization. This is a purely informative parameter that can be used by :meth:`has_scopes`. OAuth 2.0 credentials can not request additional scopes after authorization. N) ÚsuperrÚ__init__ÚtokenÚ_refresh_tokenÚ _id_tokenZ_scopesÚ _token_uriÚ _client_idÚ_client_secret)ÚselfrÚ refresh_tokenÚid_tokenÚ token_uriÚ client_idÚ client_secretZscopes)Ú __class__©úH/private/tmp/pip-build-nl73fm5q/google-auth/google/oauth2/credentials.pyr*szCredentials.__init__cCs|jS)z+Optional[str]: The OAuth 2.0 refresh token.)r )rrrrrJszCredentials.refresh_tokencCs|jS)zOOptional[str]: The OAuth 2.0 authorization server's token endpoint URI.)r )rrrrrOszCredentials.token_uricCs|jS)adOptional[str]: The Open ID Connect ID Token. Depending on the authorization server and the scopes requested, this may be populated when credentials are obtained and updated when :meth:`refresh` is called. This token is a JWT. It can be verified and decoded using :func:`google.oauth2.id_token.verify_oauth2_token`. )r )rrrrrUs zCredentials.id_tokencCs|jS)z'Optional[str]: The OAuth 2.0 client ID.)r )rrrrr`szCredentials.client_idcCs|jS)z+Optional[str]: The OAuth 2.0 client secret.)r )rrrrreszCredentials.client_secretcCsdS)zvFalse: OAuth 2.0 credentials have their scopes set when the initial token is requested and can not be changed.Fr)rrrrÚrequires_scopesjszCredentials.requires_scopescCsDtj||j|j|j|jƒ\}}}}||_||_||_|jdƒ|_ dS)Nr) rZ refresh_grantr r r r rÚexpiryÚgetr )rÚrequestZ access_tokenrrZgrant_responserrrÚrefreshpszCredentials.refresh)NNNNNN)Ú__name__Ú __module__Ú __qualname__Ú__doc__rÚpropertyrrrrrrrZcopy_docstringrrrÚ __classcell__rr)rrr's     rN)rZ google.authrrZ google.oauth2rZReadOnlyScopedrrrrrÚ s