-
Notifications
You must be signed in to change notification settings - Fork 310
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Discussion] Storage and locking #33
Comments
@jonparrott I need storage capability for a project I'm working on that needs to be code-complete by the end of next week (8/11/2017). https://github.com/GoogleCloudPlatform/google-auth-library-python/pull/165/files says that oauth2client will still be functional for the foreseeable future - I just want to make sure that's still the case before going ahead and using that. Thanks |
that is indeed the case. oauth2client is deprecated but we have no plans to remove it. |
Does this mean, "google-api-python-client" would be replaced by something else ? |
Eventually yes, but in the near-term no.
It is in maintenance mode - we will fix bugs but we will not be adding any new features. |
My current code infra depends on this library. Should i consider migrating to another library which would be there long term ? Which is the other library that i should think of moving to ?
I've been using google-api-python-client library & it's not thread-safe. So the library that you'll mention in answer to above question will be thread-safe ? |
We will continue to address issues in google-api-python-client until we formally deprecate it and then a year after that. We do not have any plans to do right now or any timeline. For cloud APIs, many of the Cloud Client Libraries are now GA and we suggest using those for new projects.
The Cloud Client Libraries are thread-safe. While I appreciate these questions and I'm happy to answer, this is the wrong project and issue to ask. I'd suggest filing issues on https://github.com/google/google-api-python-client. |
I have begun using this library on a "serverless" project where I'm making use of Google services and APIs in programs that exist within ephemeral containers. Storage would be helpful as I'm concerned there may be thousands of access tokens for a refresh token at any given time, eventually hitting a limit. I'm not super familiar with oauth flows and architecture, but here are a few things that come to my mind:
Perhaps something along these lines?
I think this is a happy compromise between collisions, load on the database, and load on the authentication server. The 5 to 10 minutes I pulled out of the air, with the lower bound being your choice of 5 minutes clock skew (PS I agree with that choice as it's what MIT kerberos and Microsoft AD Kerberos by default... a lot of people are used to that number). I'm sure we could put a bit more rigor into finding the upper bound. I do like the idea of a more generic interface for storage, however, if this is going to be part of the first-run experience working with Google APIs on one of the most popular beginner languages, perhaps there should be some batteries included for redis and certainly for cloud memory store. Let people like me contribute the AWS plugins. Thoughts? |
@theacodes, is this issue still relevant for the |
It's a discussion and we don't have storage and locking support, so yes.
…On Thu, Dec 6, 2018, 10:16 AM Solomon Duskis ***@***.***> wrote:
@theacodes <https://github.com/theacodes>, is this issue still relevant
for the google-auth-library-python repo?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#33 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAPUc0C63m6tBfZTdaywlJEHJqEkh-ioks5u2V8RgaJpZM4KaWLJ>
.
|
It doesn't look like a big deal to implement the storage outside of |
Just all of the public properties:
https://google-auth.readthedocs.io/en/latest/reference/google.oauth2.credentials.html
See
https://github.com/googleapis/google-auth-library-python-oauthlib/blob/master/google_auth_oauthlib/tool/__main__.py#L108
…On Wed, May 22, 2019 at 4:24 AM Andrew Grigorev ***@***.***> wrote:
It doesn't look like a big deal to implement the storage outside of
google.auth, but it is a bit unclear how to store the credentials object
(which fields to store? there is no explicit way to serialize it, besides
pickle of course, but ... err...) and how to integrate the storage with
their refresh cycle.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#33?email_source=notifications&email_token=AAB5I46TUDPGVB3NHWANGRTPWUUNHA5CNFSM4CTJMLE2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODV6XPRY#issuecomment-494761927>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAB5I42IGBF32WYQAQ7AK6TPWUUNHANCNFSM4CTJMLEQ>
.
|
Thanks! The evil I'll just put it here for clearness :-). import datetime
import google.auth
import google.oauth2
import google_auth_oauthlib.flow
flow = google_auth_oauthlib.flow.InstalledAppFlow.from_client_secrets_file(
'client_secret.json',
scopes=["https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile"],
)
flow.run_local_server() # or flow.run_console()
session = flow.authorized_session()
print(session.get('https://www.googleapis.com/userinfo/v2/me').json())
creds = flow.credentials
info = {
'token': creds.token,
'refresh_token': creds.refresh_token,
'token_uri': creds.token_uri,
'client_id': creds.client_id,
'client_secret': creds.client_secret,
'scopes': creds.scopes,
'expiry': creds.expiry.isoformat(),
}
# implement your storage logic here, e.g. just good old json.dump() / json.load()
creds = google.oauth2.credentials.Credentials(
token=info['token'],
refresh_token=info['refresh_token'],
token_uri=info['token_uri'],
client_id=info['client_id'],
client_secret=info['client_secret'],
scopes=info['scopes'],
)
creds.expiry = datetime.datetime.fromisoformat(info['expiry'])
if creds.expired:
# don't forget to dump one more time after the refresh
# also, some file-locking routines wouldn't be needless
creds.refresh(google.auth.transport.requests.Request()) Any remarks? |
Test comment (plz ignore, will delete in a bit) |
Closing this very old discussion. |
(post-1.0.0 discussion of implementing credential storage and locking)
/cc @bshaffer
The text was updated successfully, but these errors were encountered: