PyDrive2 icon indicating copy to clipboard operation
PyDrive2 copied to clipboard

Published 20 hours ago verified publisher icon iterative

Migrate to google-auth from oauth2client which is now deprecated

Open shcheklein opened this issue 3 years ago • 8 comments

More info here https://google-auth.readthedocs.io/en/latest/oauth2client-deprecation.html

shcheklein avatar Feb 21 '21 20:02 shcheklein

hey @shcheklein, I would like to help migrate to google-auth & google-auth-oauthlib

What are the plans for using oauth2client.Storage in the future for persisting credentials in a thread-safe manner? Storage is not implemented in google-auth (see googleapis/google-auth-library-python#33)

I'm not familiar with what multi-threading but is there a way to share credentials across threads and handle the token refresh, reading, writing, etc from the shared credentials object?

junpeng-jp avatar May 02 '22 18:05 junpeng-jp

@junpeng-jp there is more than MT to this. PyDrive2 is relying on this implementation https://github.com/googleapis/oauth2client/blob/master/oauth2client/file.py to save / read credentials from a file (that is specified in the settings.yaml).

My take on this that initially we can get the whole Storage (abstract class) and the file implementation into the PyDrive2 itself. They are small. Add tests to cover the file based impl.

Next step would be to is check how this object is implemented now https://github.com/googleapis/oauth2client/blob/master/oauth2client/client.py#L441 .

It interacts with the storage instance to keep updating credentials in it. It might turn out we would need to write a wrapper for the new credentials abstraction. Or it has some param (store) to pass.

shcheklein avatar May 03 '22 01:05 shcheklein

Driveby-ing here, but perhaps you could look at https://github.com/burnash/gspread and see what they do. These two projects seem to be very related, perhaps you could share the load and come up with something that both libraries could use.

NickCrews avatar May 05 '22 17:05 NickCrews

@shcheklein Took a look at the Storage class and I think I can just update the refresh method for the google Credential object to have the above locked file read/write behaviour. This should allow AuthorizedSession / AuthorizedHttp to handle the storing of tokens using a re-implemented Storage object within the self.credential.before_request calls.

junpeng-jp avatar May 07 '22 13:05 junpeng-jp

@junpeng-jp could you please put some links so that we are on the same page on what specific calls / classes we are talking about?

shcheklein avatar May 07 '22 22:05 shcheklein

@shcheklein Scratch what I said previously. I found that the old google oauth2client's Storage is used for post-refresh token read / write in Client. To replicate this, I think we need 2 things:

  • a copy of the Storage object with the same file locking capabilities
  • a custom Credential object that has self.store & modify the refresh method (see here) to save the new access & refresh tokens every time a refresh occurs

The Credential's refresh method is called in in 2 places within the self.request method of AuthorizedSession and AuthorizedHttp:

  • first refresh can happen via the self.credential.before_request call
  • subsequent refreshes can happen later in the method with up to 2 retries

junpeng-jp avatar May 08 '22 05:05 junpeng-jp

@junpeng-jp yep, it makes sense, thanks.

shcheklein avatar May 08 '22 21:05 shcheklein