diff options
author | arithmetic1728 <58957152+arithmetic1728@users.noreply.github.com> | 2021-09-07 16:24:45 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-07 16:24:45 -0700 |
commit | 13aed5ffe3ba435004ab48202462452f04d7cb29 (patch) | |
tree | a4fb9a2c7e6ba9bb52a81e71add05b26afac310d /google/oauth2/reauth.py | |
parent | 45c4491fb971c9edf590b27b9e271b7a23a1bba6 (diff) | |
download | google-auth-library-python-13aed5ffe3ba435004ab48202462452f04d7cb29.tar.gz |
fix: add SAML challenge to reauth (#819)
* fix: add SAML challenge to reauth
* add enable_reauth_refresh flag
* address comments
* fix unit test
* address comments
* update
* update
* update
* update
* 🦉 Updates from OwlBot
See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md
Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Tres Seaver <tseaver@palladion.com>
Diffstat (limited to 'google/oauth2/reauth.py')
-rw-r--r-- | google/oauth2/reauth.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/google/oauth2/reauth.py b/google/oauth2/reauth.py index fc2629e..1e496d1 100644 --- a/google/oauth2/reauth.py +++ b/google/oauth2/reauth.py @@ -275,6 +275,7 @@ def refresh_grant( client_secret, scopes=None, rapt_token=None, + enable_reauth_refresh=False, ): """Implements the reauthentication flow. @@ -292,6 +293,9 @@ def refresh_grant( token has a wild card scope (e.g. 'https://www.googleapis.com/auth/any-api'). rapt_token (Optional(str)): The rapt token for reauth. + enable_reauth_refresh (Optional[bool]): Whether reauth refresh flow + should be used. The default value is False. This option is for + gcloud only, other users should use the default value. Returns: Tuple[str, Optional[str], Optional[datetime], Mapping[str, str], str]: The @@ -324,6 +328,11 @@ def refresh_grant( or response_data.get("error_subtype") == _REAUTH_NEEDED_ERROR_RAPT_REQUIRED ) ): + if not enable_reauth_refresh: + raise exceptions.RefreshError( + "Reauthentication is needed. Please run `gcloud auth login --update-adc` to reauthenticate." + ) + rapt_token = get_rapt_token( request, client_id, client_secret, refresh_token, token_uri, scopes=scopes ) |