Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add reauth feature to user credentials #727

Merged
merged 4 commits into from
Apr 14, 2021
Merged

feat: add reauth feature to user credentials #727

merged 4 commits into from
Apr 14, 2021

Conversation

arithmetic1728
Copy link
Contributor

@arithmetic1728 arithmetic1728 commented Mar 30, 2021
edited
Loading

googlers see: go/guac-python-reauth

This PR does 2 things:

1. Integrated google-reauth-python into google-auth library

Main APIs:

# API for getting rapt token
google.oauth2.reauth.get_rapt_token(request, client_id, client_secret, refresh_token, token_uri, scopes=None)

# API for refresh grant
google.oauth2.reauth.refresh_grant(request, token_uri, refresh_token, client_id, client_secret, scopes=None, rapt_token=None)

Supported challenge types: PASSWORD, SECURITY_KEY. To use SECURITY_KEY type, pyu2f dependency is required (either run pip install pyu2f or pip install google-auth[reauth].

2. Added reauth feature to user credentials (google.oauth2.credentials.Credentials)

If users opts in reauth (outside the scope of this lib), current google-auth version's refresh method will fail. With the added reauth feature, reauth flow will be triggered and the refresh method will work.
if users don't opt in reauth, then there is no difference w/o reauth feature because reauth won't be triggered.

Future PR will add reauth to async version of the credentials.

@google-cla google-cla bot added the cla: yes This human has signed the Contributor License Agreement. label Mar 30, 2021
@arithmetic1728 arithmetic1728 force-pushed the reauth branch 2 times, most recently from 7d5dbd1 to 65ec98d Compare April 7, 2021 23:04
@arithmetic1728 arithmetic1728 changed the title feat: add reauth feature feat: add reauth feature to user credentials Apr 7, 2021
@arithmetic1728 arithmetic1728 marked this pull request as ready for review April 7, 2021 23:35
@arithmetic1728 arithmetic1728 requested a review from a team as a code owner April 7, 2021 23:35
busunkim96
busunkim96 suggested changes Apr 14, 2021
View reviewed changes
Copy link
Contributor

@busunkim96 busunkim96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is pyu2f owned by a team? It looks like it hasn't been touched since last October. https://github.com/google/pyu2f, https://github.com/google/pyu2f

google/auth/_helpers.py Outdated Show resolved Hide resolved
google/oauth2/challenges.py Outdated Show resolved Hide resolved
google/oauth2/_client.py Outdated Show resolved Hide resolved
google/oauth2/challenges.py Outdated Show resolved Hide resolved
google/oauth2/challenges.py Outdated Show resolved Hide resolved
google/oauth2/challenges.py Show resolved Hide resolved
google/oauth2/credentials.py Show resolved Hide resolved
google/oauth2/reauth.py Outdated Show resolved Hide resolved
@arithmetic1728
Copy link
Contributor Author

Is pyu2f owned by a team? It looks like it hasn't been touched since last October. https://github.com/google/pyu2f, https://github.com/google/pyu2f

Yes gnubby team owns it.

@arithmetic1728 arithmetic1728 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 14, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 14, 2021
@busunkim96 busunkim96 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 14, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 14, 2021
@arithmetic1728 arithmetic1728 added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 14, 2021
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Apr 14, 2021
@arithmetic1728 arithmetic1728 merged commit 82293fe into master Apr 14, 2021
@arithmetic1728 arithmetic1728 deleted the reauth branch April 14, 2021 18:22
@arithmetic1728 arithmetic1728 mentioned this pull request Apr 22, 2021
Merged
@jay0lee
Copy link
Contributor

jay0lee commented Apr 26, 2021

Note that it doesn't seem like it's currently possible for GCP projects to enable the reauth API in the cloud console making it impossible to use reauth. See:

#742

@tseaver tseaver mentioned this pull request May 4, 2021
Closed
@arithmetic1728 arithmetic1728 mentioned this pull request Apr 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@busunkim96 busunkim96 busunkim96 approved these changes

Assignees
No one assigned
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@arithmetic1728 @jay0lee @busunkim96 @yoshi-kokoro