Sourcetree Oauth Not Working

  1. Sourcetree Oauth Github Not Working
  2. Sourcetree Oauth Not Working Video

SourceTree 2.1.2.5 Windows 10 Home 64-bit I connect to several Git repositories on GitHub, and several Git and Mercurial repositories on Bitbucket, using SourceTree. Roughly every 10 minutes, SourceTree asks me to enter my username and password for Bitbucket, even though these are already saved in t. These versions of SourceTree fully support OAuth 2.0. Users with Two-Factor Authentication (2FA) enabled can connect to both services via OAuth and be guided through the standard two-factor login flow. Navigate to the Account Management screen to update your already connected accounts from Basic to OAuth today! Refreshing OAuth for Bitbucket redirects to localhost. XML Word Printable. Sourcetree.log 9 kB 10/Jan/2019 3:57 AM; Startup-Authentication-issue.png. It does not supplant the security advice given in, and, but complements those documents. Structure The remainder of this document is organized as follows: The next section summarizes the most important recommendations of the OAuth working group for every OAuth implementor. Afterwards, the updated the OAuth attacker model is presented. # OAuth # 'oauth2provider.ext.restframework.OAuth2Authentication', # django-oauth-toolkit oauth-toolkit = 1.0.0 'drfsocialoauth2.authentication.SocialAuthentication',) Listed below are a few examples of supported backends that can be used for social.

Latest version

Released:

python-social-auth and oauth2 support for django-rest-framework

Project description

This module provides OAuth2 social authentication support for applications in Django REST Framework.

Sourcetree Oauth Github Not Working

The aim of this package is to help set up social authentication for your REST API. It also helps setting up your OAuth2provider.

This package relies on python-social-auth anddjango-oauth-toolkit.You should probably read their docs if you were to go further than what is done here.If you have some hard time understanding OAuth2, you can read a simple explanationhere.

Installation

This framework is published at the PyPI, install it with pip:

Add the following to your INSTALLED_APPS:

Include social auth urls to your urls.py:

Add these context processors to your TEMPLATE_CONTEXT_PROCESSORS:

NB: since Django version 1.8, the TEMPLATE_CONTEXT_PROCESSORS is deprecated, set the 'context_processors' optionin the 'OPTIONS' of a DjangoTemplates backend instead:

You can then enable the authentication classes for Django REST Framework by default or per view (add or update theREST_FRAMEWORK and AUTHENTICATION_BACKENDS entries in your settings.py)

The settings of this app are:

  • DRFSO2_PROPRIETARY_BACKEND_NAME: name of your OAuth2 social backend (e.g 'Facebook'), defaults to 'Django'
  • DRFSO2_URL_NAMESPACE: namespace for reversing URLs
  • ACTIVATE_JWT: If set to True the access and refresh tokens will be JWTed. Default is False.

Setting Up a New Application

Go to Django admin and add a new Application with the following configuration:

  • client_id and client_secret should be left unchanged
  • user should be your superuser
  • redirect_uris should be left blank
  • client_type should be set to confidential
  • authorization_grant_type should be set to 'Resource owner password-based'
  • name can be set to whatever you’d like

The installation is done, you can now test the newly configured application.

It is recommended that you read the docs from python-social-auth and django-oauth-toolkit if you would like to gofurther. If you want to enable a social backend (e.g. Facebook), check the docs of python-social-auth onsupported backendsand django-social-auth on backend configuration.

Testing the Setup

Now that the installation is done, let’s try out the various functionality.We will assume for the following examples that the REST API is reachable on http://localhost:8000.

  • Retrieve a token for a user using curl:

<client_id> and <client_secret> are the keys generated automatically. you can find in the model Application you created.

  • Refresh token:

  • Exchange an external token for a token linked to your app:

<backend> here needs to be replaced by the name of an enabled backend (e.g. “Facebook”). Note that PROPRIETARY_BACKEND_NAMEis a valid backend name, but there is no use to do that here.<backend_token> is for the token you got from the service utilizing an iOS app for example.

  • Revoke tokens:

    Revoke a single token:

    Revoke all tokens for a user:

Authenticating Requests

As you have probably noticed, we enabled a default authentication backend called SocialAuthentication.This backend lets you register and authenticate your users seamlessly with your REST API.

The class simply retrieves the backend name and token from the Authorization header and tries to authenticate the userusing the corresponding external provider. If the user was not yet registered on your app, it will automatically createa new user for this purpose.

Example authenticated request:

Integration Examples

For each authentication provider, the top portion of your REST API settings.py file should look like this:

Listed below are a few examples of supported backends that can be used for social authentication.

Facebook Example

To use Facebook as the authorization backend of your REST API, your settings.py file should look like this:

Remember to add this new Application in your Django admin (see section “Setting up Application”).

You can test these settings by running the following command:

This request returns the “access_token” that you should use with every HTTP request to your REST API. What is happeninghere is that we are converting a third-party access token (<user_access_token>) to an access token to use with yourAPI and its clients (“access_token”). You should use this token on each and further communications between yoursystem/application and your api to authenticate each request and avoid authenticating with Facebook every time.

You can get the ID (SOCIAL_AUTH_FACEBOOK_KEY) and secret (SOCIAL_AUTH_FACEBOOK_SECRET) of your app athttps://developers.facebook.com/apps/.

For testing purposes, you can use the access token <user_access_token> from https://developers.facebook.com/tools/accesstoken/.

For more information on how to configure python-social-auth with Facebook visithttp://python-social-auth.readthedocs.io/en/latest/backends/facebook.html.

Google Example

To use Google OAuth2 as the authorization backend of your REST API, your settings.py file should look like this:

Remember to add the new Application in your Django admin (see section “Setting up Application”).

You can test these settings by running the following command:

This request returns an “access_token” that you should use with every HTTP requests to your REST API.What is happening here is that we are converting a third-party access token (<user_access_token>)to an access token to use with your API and its clients (“access_token”). You should use this token oneach and further communications between your system/application and your API to authenticate each requestand avoid authenticating with Google every time.

You can get the ID (SOCIAL_AUTH_GOOGLE_OAUTH2_KEY) and secret (SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET)of your app at https://console.developers.google.com/apis/credentialsand more information on how to create one on https://developers.google.com/identity/protocols/OAuth2.

For testing purposes, you can use the access token <user_access_token> fromhttps://developers.google.com/oauthplayground/.

For more information on how to configure python-social-auth with Google visithttps://python-social-auth.readthedocs.io/en/latest/backends/google.html#google-oauth2.

Release historyRelease notifications RSS feed

1.0.9

1.0.8

1.0.7

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for drf-social-oauth2, version 1.0.9
Filename, sizeFile typePython versionUpload dateHashes
Filename, size drf-social-oauth2-1.0.9.tar.gz (16.6 kB) File type Source Python version None Upload dateHashes
Close

Hashes for drf-social-oauth2-1.0.9.tar.gz

Hashes for drf-social-oauth2-1.0.9.tar.gz
AlgorithmHash digest
SHA2562f328043e0e32809600e2ace40bc189ddb598af0ede5e1289ecdf653aaba8969
MD5867d17c9a5075e0090b47e26c78170fb
BLAKE2-256b80c265e1b38941924b97236265d78b3817724f67d670df062cbfccfd50c71d6

An OAuth 2.0 client.

Tools for interacting with OAuth 2.0 protected resources.

class oauth2client.client.AccessTokenCredentials(access_token, user_agent, revoke_uri=None)[source]

Bases: oauth2client.client.OAuth2Credentials

Credentials object for OAuth 2.0.

Credentials can be applied to an httplib2.Http object using theauthorize() method, which then signs each request from that objectwith the OAuth 2.0 access token. This set of credentials is for theuse case where you have acquired an OAuth 2.0 access_token fromanother place such as a JavaScript client or another webapplication, and wish to use it from Python. Because only theaccess_token is present it can not be refreshed and will in timeexpire.

AccessTokenCredentials objects may be safely pickled and unpickled.

Usage:

Raises:AccessTokenCredentialsExpired – raised when the access_token expires oris revoked.
classmethod from_json(json_data)[source]

Instantiate a Credentials object from a JSON description of it.

The JSON should have been produced by calling .to_json() on the object.

Parameters:json_data – string or bytes, JSON to deserialize.
Returns:An instance of a Credentials subclass.
exception oauth2client.client.AccessTokenCredentialsError[source]

Bases: oauth2client.client.Error

Having only the access_token means no refresh is possible.

class oauth2client.client.AccessTokenInfo(access_token, expires_in)

Bases: tuple

access_token

Alias for field number 0

expires_in

Alias for field number 1

exception oauth2client.client.AccessTokenRefreshError[source]

Bases: oauth2client.client.Error

Error trying to refresh an expired access token.

exception oauth2client.client.ApplicationDefaultCredentialsError[source]

Bases: oauth2client.client.Error

Error retrieving the Application Default Credentials.

class oauth2client.client.AssertionCredentials(**kwargs)[source]

Bases: oauth2client.client.GoogleCredentials

Abstract Credentials object used for OAuth 2.0 assertion grants.

This credential does not require a flow to instantiate because itrepresents a two legged flow, and therefore has all of the requiredinformation to generate and refresh its own access tokens. It mustbe subclassed to generate the appropriate assertion string.

AssertionCredentials objects may be safely pickled and unpickled.

sign_blob(blob)[source]

Cryptographically sign a blob (of bytes).

Parameters:blob – bytes, Message to be signed.
Returns:tuple, A pair of the private key ID used to sign the blob andthe signed contents.
class oauth2client.client.Credentials[source]

Bases: object

Base class for all Credentials objects.

Subclasses must define an authorize() method that applies the credentialsto an HTTP transport.

Subclasses must also specify a classmethod named ‘from_json’ that takes aJSON string as input and returns an instantiated Credentials object.

NON_SERIALIZED_MEMBERS = frozenset(['store'])
apply(headers)[source]

Add the authorization to the headers.

Parameters:headers – dict, the headers to add the Authorization header to.
authorize(http)[source]

Take an httplib2.Http instance (or equivalent) and authorizes it.

Authorizes it for the set of credentials, usually by replacinghttp.request() with a method that adds in the appropriate headers andthen delegates to the original Http.request() method.

Parameters:http – httplib2.Http, an http object to be used to make the refreshrequest.
classmethod from_json(unused_data)[source]

Instantiate a Credentials object from a JSON description of it.

The JSON should have been produced by calling .to_json() on the object.

Parameters:unused_data – dict, A deserialized JSON object.
Returns:An instance of a Credentials subclass.
classmethod new_from_json(json_data)[source]

Utility class method to instantiate a Credentials subclass from JSON.

Expects the JSON string to have been produced by to_json().

Parameters:json_data – string or bytes, JSON from to_json().
Returns:An instance of the subclass of Credentials that was serialized withto_json().
refresh(http)[source]

Forces a refresh of the access_token.

Parameters:http – httplib2.Http, an http object to be used to make the refreshrequest.
Sourcetree oauth github not working
revoke(http)[source]

Revokes a refresh_token and makes the credentials void.

Parameters:http – httplib2.Http, an http object to be used to make the revokerequest.
to_json()[source]

Creating a JSON representation of an instance of Credentials.

Returns:string, a JSON representation of this instance, suitable to pass tofrom_json().
exception oauth2client.client.CryptoUnavailableError[source]

Bases: oauth2client.client.Error, exceptions.NotImplementedError

Raised when a crypto library is required, but none is available.

class oauth2client.client.DeviceFlowInfo[source]

Bases: oauth2client.client.DeviceFlowInfo

Intermediate information the OAuth2 for devices flow.

Sourcetree Oauth Not Working Video

classmethod FromResponse(response)[source]

Create a DeviceFlowInfo from a server response.

The response should be a dict containing entries as described here:

exception oauth2client.client.Error[source]

Bases: exceptions.Exception

Base error for this module.

class oauth2client.client.Flow[source]

Bases: object

Base class for all Flow objects.

exception oauth2client.client.FlowExchangeError[source]

Bases: oauth2client.client.Error

Error trying to exchange an authorization grant for an access token.

class oauth2client.client.GoogleCredentials(access_token, client_id, client_secret, refresh_token, token_expiry, token_uri, user_agent, revoke_uri='https://accounts.google.com/o/oauth2/revoke')[source]

Bases: oauth2client.client.OAuth2Credentials

Application Default Credentials for use in calling Google APIs.

The Application Default Credentials are being constructed as a function ofthe environment where the code is being run.More details can be found on this page:https://developers.google.com/accounts/docs/application-default-credentials

Here is an example of how to use the Application Default Credentials for aservice that requires authentication:

NON_SERIALIZED_MEMBERS = frozenset(['_private_key', 'store'])

Members that aren’t serialized when object is converted to JSON.

create_scoped(scopes)[source]

Create a Credentials object for the given scopes.

The Credentials type is preserved.

create_scoped_required()[source]

Whether this Credentials object is scopeless.

create_scoped(scopes) method needs to be called in order to createa Credentials object for API calls.

classmethod from_json(json_data)[source]

Instantiate a Credentials object from a JSON description of it.

The JSON should have been produced by calling .to_json() on the object.

Parameters:json_data – string or bytes, JSON to deserialize.
Returns:An instance of a Credentials subclass.
static from_stream(credential_filename)[source]

Create a Credentials object by reading information from a file.

It returns an object of type GoogleCredentials.

Parameters:credential_filename – the path to the file from where thecredentials are to be read
Raises:ApplicationDefaultCredentialsError – raised when the credentialsfail to be retrieved.
static get_application_default()[source]

Get the Application Default Credentials for the current environment.

Raises:ApplicationDefaultCredentialsError – raised when the credentialsfail to be retrieved.
serialization_data

Get the fields and values identifying the current credentials.

exception oauth2client.client.HttpAccessTokenRefreshError(*args, **kwargs)[source]

Bases: oauth2client.client.AccessTokenRefreshError

Error (with HTTP status) trying to refresh an expired access token.

exception oauth2client.client.NonAsciiHeaderError[source]

Bases: oauth2client.client.Error

Header names and values must be ASCII strings.

class oauth2client.client.OAuth2Credentials(**kwargs)[source]

Bases: oauth2client.client.Credentials

Credentials object for OAuth 2.0.

Working

Credentials can be applied to an httplib2.Http object using the authorize()method, which then adds the OAuth 2.0 access token to each request.

OAuth2Credentials objects may be safely pickled and unpickled.

access_token_expired

True if the credential is expired or invalid.

If the token_expiry isn’t set, we assume the token doesn’t expire.

apply(headers)[source]

Add the authorization to the headers.

Parameters:headers – dict, the headers to add the Authorization header to.
authorize(http)[source]

Authorize an httplib2.Http instance with these credentials.

The modified http.request method will add authentication headers toeach request and will refresh access_tokens when a 401 is received on arequest. In addition the http.request method has a credentialsproperty, http.request.credentials, which is the Credentials objectthat authorized it.

Parameters:http – An instance of httplib2.Http or something that actslike it.
Returns:A modified instance of http that was passed in.

Example:

You can’t create a new OAuth subclass of httplib2.Authenticationbecause it never gets passed the absolute URI, which is needed forsigning. So instead we have to overload ‘request’ with a closurethat adds in the Authorization header and then calls the originalversion of ‘request()’.

classmethod from_json(json_data)[source]

Instantiate a Credentials object from a JSON description of it.

The JSON should have been produced by calling .to_json() on the object.

Parameters:json_data – string or bytes, JSON to deserialize.
Returns:An instance of a Credentials subclass.
get_access_token(http=None)[source]

Return the access token and its expiration information.

If the token does not exist, get one.If the token expired, refresh it.

has_scopes(scopes)[source]

Verify that the credentials are authorized for the given scopes.

Returns True if the credentials authorized scopes contain all of thescopes given.

Parameters:scopes – list or string, the scopes to check.

Notes

There are cases where the credentials are unaware of which scopesare authorized. Notably, credentials obtained and stored beforethis code was added will not have scopes, AccessTokenCredentials donot have scopes. In both cases, you can use refresh_scopes() toobtain the canonical set of scopes.

refresh(http)[source]

Forces a refresh of the access_token.

Parameters:http – httplib2.Http, an http object to be used to make the refreshrequest.
retrieve_scopes(http)[source]

Retrieves the canonical list of scopes for this access token.

Gets the scopes from the OAuth2 provider.

Parameters:http – httplib2.Http, an http object to be used to make the refreshrequest.
Returns:A set of strings containing the canonical list of scopes.
revoke(http)[source]

Revokes a refresh_token and makes the credentials void.

Parameters:http – httplib2.Http, an http object to be used to make the revokerequest.
set_store(store)[source]

Set the Storage for the credential.

Parameters:store – Storage, an implementation of Storage object.This is needed to store the latest access_token if ithas expired and been refreshed. This implementation useslocking to check for updates before updating theaccess_token.
exception oauth2client.client.OAuth2DeviceCodeError[source]

Bases: oauth2client.client.Error

Error trying to retrieve a device code.

class oauth2client.client.OAuth2WebServerFlow(**kwargs)[source]

Bases: oauth2client.client.Flow

Does the Web Server Flow for OAuth 2.0.

OAuth2WebServerFlow objects may be safely pickled and unpickled.

step1_get_authorize_url(**kwargs)[source]

Returns a URI to redirect to the provider.

Parameters:
  • redirect_uri – string, Either the string ‘urn:ietf:wg:oauth:2.0:oob’for a non-web-based application, or a URI thathandles the callback from the authorization server.This parameter is deprecated, please move to passingthe redirect_uri in via the constructor.
  • state – string, Opaque state string which is passed through theOAuth2 flow and returned to the client as a query parameterin the callback.
Returns:

A URI as a string to redirect the user to begin the authorizationflow.

step1_get_device_and_user_codes(**kwargs)[source]

Returns a user code and the verification URL where to enter it

Returns:A user code as a string for the user to authorize the applicationAn URL as a string where the user has to enter the code
step2_exchange(**kwargs)[source]

Exchanges a code for OAuth2Credentials.

Parameters:
  • code – string, a dict-like object, or None. For a non-deviceflow, this is either the response code as a string, or adictionary of query parameters to the redirect_uri. For adevice flow, this should be None.
  • http – httplib2.Http, optional http instance to use when fetchingcredentials.
  • device_flow_info – DeviceFlowInfo, return value from step1 in thecase of a device flow.
Returns:

An OAuth2Credentials object that can be used to authorize requests.

Raises:
  • FlowExchangeError – if a problem occurred exchanging the code for arefresh_token.
  • ValueError – if code and device_flow_info are both provided or bothmissing.
class oauth2client.client.SETTINGS[source]

Bases: object

Settings namespace for globally defined values.

env_name = None
class oauth2client.client.Storage(lock=None)[source]

Bases: object

Base class for all Storage objects.

Store and retrieve a single credential. This class supports lockingsuch that multiple processes and threads can operate on a singlestore.

acquire_lock()[source]

Acquires any lock necessary to access this Storage.

This lock is not reentrant.

Converter

delete()[source]

Delete credential.

Frees any resources associated with storing the credential.The Storage lock must not be held when this is called.

Returns:None
get()[source]

Retrieve credential.

The Storage lock must not be held when this is called.

Returns:oauth2client.client.Credentials
locked_delete()[source]

Delete a credential.

The Storage lock must be held when this is called.

locked_get()[source]

Retrieve credential.

The Storage lock must be held when this is called.

Returns:oauth2client.client.Credentials
locked_put(credentials)[source]

Write a credential.

The Storage lock must be held when this is called.

Parameters:credentials – Credentials, the credentials to store.
put(credentials)[source]

Write a credential.

The Storage lock must be held when this is called.

Parameters:credentials – Credentials, the credentials to store.
release_lock()[source]

Release the Storage lock.

Trying to release a lock that isn’t held will result in aRuntimeError in the case of a threading.Lock or multiprocessing.Lock.

exception oauth2client.client.TokenRevokeError[source]

Bases: oauth2client.client.Error

Error trying to revoke a token.

exception oauth2client.client.UnknownClientSecretsFlowError[source]

Bases: oauth2client.client.Error

The client secrets file called for an unknown type of OAuth 2.0 flow.

exception oauth2client.client.VerifyJwtTokenError[source]

Bases: oauth2client.client.Error

Could not retrieve certificates for validation.

oauth2client.client.credentials_from_clientsecrets_and_code(*args, **kwargs)[source]

Returns OAuth2Credentials from a clientsecrets file and an auth code.

Will create the right kind of Flow based on the contents of theclientsecrets file or will raise InvalidClientSecretsError for unknowntypes of Flows.

Parameters:
  • filename – string, File name of clientsecrets.
  • scope – string or iterable of strings, scope(s) to request.
  • code – string, An authorization code, most likely passed down fromthe client
  • message – string, A friendly string to display to the user if theclientsecrets file is missing or invalid. If message isprovided then sys.exit will be called in the case of an error.If message in not provided thenclientsecrets.InvalidClientSecretsError will be raised.
  • redirect_uri – string, this is generally set to ‘postmessage’ to matchthe redirect_uri that the client specified
  • http – httplib2.Http, optional http instance to use to do the fetch
  • cache – An optional cache service client that implements get() and set()methods. See clientsecrets.loadfile() for details.
  • device_uri – string, OAuth 2.0 device authorization endpoint
  • pkce – boolean, default: False, Generate and include a “Proof Keyfor Code Exchange” (PKCE) with your authorization and tokenrequests. This adds security for installed applications thatcannot protect a client_secret. See RFC 7636 for details.
  • code_verifier – bytestring or None, default: None, parameter passedas part of the code exchange when pkce=True. IfNone, a code_verifier will automatically begenerated as part of step1_get_authorize_url(). SeeRFC 7636 for details.
Returns:

An OAuth2Credentials object.

Raises:
  • FlowExchangeError – if the authorization code cannot be exchanged for anaccess token
  • UnknownClientSecretsFlowError – if the file describes an unknown kindof Flow.
  • clientsecrets.InvalidClientSecretsError – if the clientsecrets file isinvalid.
oauth2client.client.credentials_from_code(*args, **kwargs)[source]

Exchanges an authorization code for an OAuth2Credentials object.

Parameters:
  • client_id – string, client identifier.
  • client_secret – string, client secret.
  • scope – string or iterable of strings, scope(s) to request.
  • code – string, An authorization code, most likely passed down fromthe client
  • redirect_uri – string, this is generally set to ‘postmessage’ to matchthe redirect_uri that the client specified
  • http – httplib2.Http, optional http instance to use to do the fetch
  • token_uri – string, URI for token endpoint. For convenience defaultsto Google’s endpoints but any OAuth 2.0 provider can beused.
  • auth_uri – string, URI for authorization endpoint. For conveniencedefaults to Google’s endpoints but any OAuth 2.0 providercan be used.
  • revoke_uri – string, URI for revoke endpoint. For conveniencedefaults to Google’s endpoints but any OAuth 2.0 providercan be used.
  • device_uri – string, URI for device authorization endpoint. Forconvenience defaults to Google’s endpoints but any OAuth2.0 provider can be used.
  • pkce – boolean, default: False, Generate and include a “Proof Keyfor Code Exchange” (PKCE) with your authorization and tokenrequests. This adds security for installed applications thatcannot protect a client_secret. See RFC 7636 for details.
  • code_verifier – bytestring or None, default: None, parameter passedas part of the code exchange when pkce=True. IfNone, a code_verifier will automatically begenerated as part of step1_get_authorize_url(). SeeRFC 7636 for details.
Returns:

An OAuth2Credentials object.

Raises:
  • FlowExchangeError if the authorization code cannot be exchanged for an
  • access token
oauth2client.client.flow_from_clientsecrets(*args, **kwargs)[source]

Create a Flow from a clientsecrets file.

Will create the right kind of Flow based on the contents of theclientsecrets file or will raise InvalidClientSecretsError for unknowntypes of Flows.

Parameters:
  • filename – string, File name of client secrets.
  • scope – string or iterable of strings, scope(s) to request.
  • redirect_uri – string, Either the string ‘urn:ietf:wg:oauth:2.0:oob’ fora non-web-based application, or a URI that handles thecallback from the authorization server.
  • message – string, A friendly string to display to the user if theclientsecrets file is missing or invalid. If message isprovided then sys.exit will be called in the case of an error.If message in not provided thenclientsecrets.InvalidClientSecretsError will be raised.
  • cache – An optional cache service client that implements get() and set()methods. See clientsecrets.loadfile() for details.
  • login_hint – string, Either an email address or domain. Passing thishint will either pre-fill the email box on the sign-in formor select the proper multi-login session, therebysimplifying the login flow.
  • device_uri – string, URI for device authorization endpoint. Forconvenience defaults to Google’s endpoints but anyOAuth 2.0 provider can be used.
Returns:

A Flow object.

Raises:
  • UnknownClientSecretsFlowError – if the file describes an unknown kind ofFlow.
  • clientsecrets.InvalidClientSecretsError – if the clientsecrets file isinvalid.
oauth2client.client.save_to_well_known_file(credentials, well_known_file=None)[source]

Save the provided GoogleCredentials to the well known file.

Parameters:
  • credentials – the credentials to be saved to the well known file;it should be an instance of GoogleCredentials
  • well_known_file – the name of the file where the credentials are to besaved; this parameter is supposed to be used fortesting only
oauth2client.client.verify_id_token(*args, **kwargs)[source]

Verifies a signed JWT id_token.

This function requires PyOpenSSL and because of that it does not work onApp Engine.

Parameters:
  • id_token – string, A Signed JWT.
  • audience – string, The audience ‘aud’ that the token should be for.
  • http – httplib2.Http, instance to use to make the HTTP request. Callersshould supply an instance that has caching enabled.
  • cert_uri – string, URI of the certificates in JSON format toverify the JWT against.
Returns:

The deserialized JSON in the JWT.

Raises:
  • oauth2client.crypt.AppIdentityError – if the JWT fails to verify.
  • CryptoUnavailableError – if no crypto library is available.