Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add downscoping to ouath2 credentials #309

Merged
merged 16 commits into from
May 22, 2019
Merged

Add downscoping to ouath2 credentials #309

merged 16 commits into from
May 22, 2019

Conversation

eugenewf
Copy link
Contributor

No description provided.

@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

What to do if you already signed the CLA

Individual signers
Corporate signers

@googlebot googlebot added the cla: no This human has *not* signed the Contributor License Agreement. label Nov 27, 2018
@eugenewf eugenewf closed this Nov 27, 2018
@eugenewf eugenewf reopened this Nov 27, 2018
@eugenewf eugenewf closed this Nov 27, 2018
@eugenewf eugenewf reopened this Nov 27, 2018
@eugenewf
Copy link
Contributor Author

fixed cla (theoretically)

@googlebot
Copy link

CLAs look good, thanks!

@googlebot googlebot added cla: yes This human has signed the Contributor License Agreement. and removed cla: no This human has *not* signed the Contributor License Agreement. labels Nov 27, 2018
tseaver
tseaver suggested changes Nov 27, 2018
View reviewed changes
docs/reference/google.auth.app_engine.rst Outdated
google.auth.app_engine module
=============================
google.auth.app\_engine module
==============================

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

docs/reference/google.auth.compute_engine.credentials.rst Outdated Show resolved Hide resolved
docs/reference/google.auth.compute_engine.rst Outdated Show resolved Hide resolved
docs/reference/google.auth.crypt.rst
google.auth.crypt module
========================
google.auth.crypt package
=========================

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

docs/reference/google.auth.environment_vars.rst Outdated Show resolved Hide resolved
docs/reference/google.oauth2.id_token.rst Outdated Show resolved Hide resolved
docs/reference/google.oauth2.service_account.rst Outdated Show resolved Hide resolved
google/oauth2/credentials.py Outdated
downscope (bool): Whether to reduce the requested scopes from those
of the refresh token to those listed in scopes. Useful if
refresh token has a wild card scope (e.g.
'https://www.googleapis.com/auth/any-api').

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@tseaver
Copy link
Contributor

tseaver commented Nov 27, 2018

@eugenewf Note that the tests are passing on CI, so you don't have any work to do to get Python 3.4 working.

@eugenewf
Copy link
Contributor Author

@theacodes Are there any further actions you'd like me to take here? (e.g. with regards to #309 (comment) or #309 (comment))

@theacodes
Copy link
Contributor

theacodes commented Dec 3, 2018 via email

theacodes
theacodes reviewed Dec 14, 2018
View reviewed changes
google/oauth2/credentials.py Outdated
@@ -71,6 +71,10 @@ def __init__(self, token, refresh_token=None, id_token=None,
to obtain authorization. This is a purely informative parameter
that can be used by :meth:`has_scopes`. OAuth 2.0 credentials
can not request additional scopes after authorization.
downscope (bool): Whether to reduce the requested scopes from those

This comment was marked as spam.

Sign in to view

This comment was marked as spam.

Sign in to view

@JustinBeckwith JustinBeckwith added the 🚨 This issue needs some love. label Feb 7, 2019
@yoshi-automation yoshi-automation added 🚨 This issue needs some love. and removed 🚨 This issue needs some love. labels Feb 7, 2019
@eugenewf
Copy link
Contributor Author

eugenewf commented May 9, 2019

Apologies for dropping this for so long, I've been rather ill.

I had a conversation with Thea back in February resulting in a recommendation to always explicitly request the scopes if they have been provided. I've written that up and added a failure message for the case where the server only grants some of the scopes requested (which is allowed by the oauth spec). Comments appreciated if anyone thinks there's a better way to handle that case :)

@theacodes theacodes merged commit 49a18c4 into googleapis:master May 22, 2019
@yoshi-automation yoshi-automation removed the 🚨 This issue needs some love. label Apr 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tseaver tseaver tseaver approved these changes

@theacodes theacodes theacodes approved these changes

Assignees
No one assigned
Labels
cla: yes This human has signed the Contributor License Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@eugenewf @googlebot @tseaver @theacodes @JustinBeckwith @yoshi-automation