blame | history | raw
liyujie
2025-08-28 786ff4f4ca2374bdd9177f2e24b503d43e7a3b93 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

# Copyright 2016 Google Inc. All Rights Reserved.


#


# Licensed under the Apache License, Version 2.0 (the "License");


# you may not use this file except in compliance with the License.


# You may obtain a copy of the License at


#


#      http://www.apache.org/licenses/LICENSE-2.0


#


# Unless required by applicable law or agreed to in writing, software


# distributed under the License is distributed on an "AS IS" BASIS,


# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.


# See the License for the specific language governing permissions and


# limitations under the License.


 


"""Helpers for authentication using oauth2client or google-auth."""


 


import httplib2


 


try:


    import google.auth


    import google.auth.credentials


    HAS_GOOGLE_AUTH = True


except ImportError:  # pragma: NO COVER


    HAS_GOOGLE_AUTH = False


 


try:


    import google_auth_httplib2


except ImportError:  # pragma: NO COVER


    google_auth_httplib2 = None


 


try:


    import oauth2client


    import oauth2client.client


    HAS_OAUTH2CLIENT = True


except ImportError:  # pragma: NO COVER


    HAS_OAUTH2CLIENT = False


 


 


def default_credentials():


    """Returns Application Default Credentials."""


    if HAS_GOOGLE_AUTH:


        credentials, _ = google.auth.default()


        return credentials


    elif HAS_OAUTH2CLIENT:


        return oauth2client.client.GoogleCredentials.get_application_default()


    else:


        raise EnvironmentError(


            'No authentication library is available. Please install either '


            'google-auth or oauth2client.')


 


 


def with_scopes(credentials, scopes):


    """Scopes the credentials if necessary.


 


    Args:


        credentials (Union[


            google.auth.credentials.Credentials,


            oauth2client.client.Credentials]): The credentials to scope.


        scopes (Sequence[str]): The list of scopes.


 


    Returns:


        Union[google.auth.credentials.Credentials,


            oauth2client.client.Credentials]: The scoped credentials.


    """


    if HAS_GOOGLE_AUTH and isinstance(


            credentials, google.auth.credentials.Credentials):


        return google.auth.credentials.with_scopes_if_required(


            credentials, scopes)


    else:


        try:


            if credentials.create_scoped_required():


                return credentials.create_scoped(scopes)


            else:


                return credentials


        except AttributeError:


            return credentials


 


 


def authorized_http(credentials):


    """Returns an http client that is authorized with the given credentials.


 


    Args:


        credentials (Union[


            google.auth.credentials.Credentials,


            oauth2client.client.Credentials]): The credentials to use.


 


    Returns:


        Union[httplib2.Http, google_auth_httplib2.AuthorizedHttp]: An


            authorized http client.


    """


    from googleapiclient.http import build_http


 


    if HAS_GOOGLE_AUTH and isinstance(


            credentials, google.auth.credentials.Credentials):


        if google_auth_httplib2 is None:


            raise ValueError(


                'Credentials from google.auth specified, but '


                'google-api-python-client is unable to use these credentials '


                'unless google-auth-httplib2 is installed. Please install '


                'google-auth-httplib2.')


        return google_auth_httplib2.AuthorizedHttp(credentials,


                                                   http=build_http())


    else:


        return credentials.authorize(build_http())


 


 


def refresh_credentials(credentials):


    # Refresh must use a new http instance, as the one associated with the


    # credentials could be a AuthorizedHttp or an oauth2client-decorated


    # Http instance which would cause a weird recursive loop of refreshing


    # and likely tear a hole in spacetime.


    refresh_http = httplib2.Http()


    if HAS_GOOGLE_AUTH and isinstance(


            credentials, google.auth.credentials.Credentials):


        request = google_auth_httplib2.Request(refresh_http)


        return credentials.refresh(request)


    else:


        return credentials.refresh(refresh_http)


 


 


def apply_credentials(credentials, headers):


    # oauth2client and google-auth have the same interface for this.


    if not is_valid(credentials):


        refresh_credentials(credentials)


    return credentials.apply(headers)


 


 


def is_valid(credentials):


    if HAS_GOOGLE_AUTH and isinstance(


            credentials, google.auth.credentials.Credentials):


        return credentials.valid


    else:


        return (


            credentials.access_token is not None and


            not credentials.access_token_expired)


 


 


def get_credentials_from_http(http):


    if http is None:


        return None


    elif hasattr(http.request, 'credentials'):


        return http.request.credentials


    elif (hasattr(http, 'credentials')


          and not isinstance(http.credentials, httplib2.Credentials)):


        return http.credentials


    else:


        return None