diff options
Diffstat (limited to 'google/oauth2/challenges.py')
-rw-r--r-- | google/oauth2/challenges.py | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/google/oauth2/challenges.py b/google/oauth2/challenges.py index 7756a80..0baff62 100644 --- a/google/oauth2/challenges.py +++ b/google/oauth2/challenges.py @@ -25,6 +25,9 @@ from google.auth import exceptions REAUTH_ORIGIN = "https://accounts.google.com" +SAML_CHALLENGE_MESSAGE = ( + "Please run `gcloud auth login` to complete reauthentication with SAML." +) def get_user_password(text): @@ -148,7 +151,30 @@ class SecurityKeyChallenge(ReauthChallenge): return None +class SamlChallenge(ReauthChallenge): + """Challenge that asks the users to browse to their ID Providers. + + Currently SAML challenge is not supported. When obtaining the challenge + input, exception will be raised to instruct the users to run + `gcloud auth login` for reauthentication. + """ + + @property + def name(self): + return "SAML" + + @property + def is_locally_eligible(self): + return True + + def obtain_challenge_input(self, metadata): + # Magic Arch has not fully supported returning a proper dedirect URL + # for programmatic SAML users today. So we error our here and request + # users to use gcloud to complete a login. + raise exceptions.ReauthSamlChallengeFailError(SAML_CHALLENGE_MESSAGE) + + AVAILABLE_CHALLENGES = { challenge.name: challenge - for challenge in [SecurityKeyChallenge(), PasswordChallenge()] + for challenge in [SecurityKeyChallenge(), PasswordChallenge(), SamlChallenge()] } |