Source code for globus_sdk.authorizers.refresh_token

import logging

from globus_sdk.authorizers.renewing import RenewingAuthorizer

logger = logging.getLogger(__name__)


[docs]class RefreshTokenAuthorizer(RenewingAuthorizer): """ Implements Authorization using a Refresh Token to periodically fetch renewed Access Tokens. It may be initialized with an Access Token, or it will fetch one the first time that ``set_authorization_header()`` is called. Example usage looks something like this: >>> import globus_sdk >>> auth_client = globus_sdk.AuthClient(client_id=..., client_secret=...) >>> # do some flow to get a refresh token from auth_client >>> rt_authorizer = globus_sdk.RefreshTokenAuthorizer( >>> refresh_token, auth_client) >>> # create a new client >>> transfer_client = globus_sdk.TransferClient(authorizer=rt_authorizer) anything that inherits from :class:`BaseClient <globus_sdk.BaseClient>`, so at least ``TransferClient`` and ``AuthClient`` will automatically handle usage of the ``RefreshTokenAuthorizer``. :param refresh_token: Refresh Token for Globus Auth :type refresh_token: str :param auth_client: ``AuthClient`` capable of using the ``refresh_token`` :type auth_client: :class:`AuthClient <globus_sdk.AuthClient>` :param access_token: Initial Access Token to use, only used if ``expires_at`` is also set :type access_token: str, optional :param expires_at: Expiration time for the starting ``access_token`` expressed as a POSIX timestamp (i.e. seconds since the epoch) :type expires_at: int, optional :param on_refresh: A callback which is triggered any time this authorizer fetches a new access_token. The ``on_refresh`` callable is invoked on the :class:`OAuthTokenResponse <globus_sdk.auth.token_response.OAuthTokenResponse>` object resulting from the token being refreshed. It should take only one argument, the token response object. This is useful for implementing storage for Access Tokens, as the ``on_refresh`` callback can be used to update the Access Tokens and their expiration times. :type on_refresh: callable, optional """ def __init__( self, refresh_token, auth_client, access_token=None, expires_at=None, on_refresh=None, ): logger.info( ( "Setting up RefreshTokenAuthorizer with auth_client = " "instance: {}".format(id(auth_client)) ) ) # required for _get_token_data self.refresh_token = refresh_token self.auth_client = auth_client super(RefreshTokenAuthorizer, self).__init__( access_token, expires_at, on_refresh ) def _get_token_response(self): """ Make a refresh token grant """ return self.auth_client.oauth2_refresh_token(self.refresh_token) def _extract_token_data(self, res): """ Get the tokens .by_resource_server, Ensure that only one token was gotten, and return that token. If the token_data includes a "refresh_token" field, update self.refresh_token to that value. """ token_data = res.by_resource_server.values() if len(token_data) != 1: raise ValueError( "Attempting refresh for refresh token authorizer " "didn't return exactly one token. Possible service error." ) token_data = next(iter(token_data)) # handle refresh_token being present # mandated by OAuth2: https://tools.ietf.org/html/rfc6749#section-6 if "refresh_token" in token_data: self.refresh_token = token_data["refresh_token"] return token_data