jpetrucciani
commented
5 years ago Awesome! 😄
I'll try to review this sometime today, and hopefully I can get it merged in soon!
Closed W1ldPo1nter closed 5 years ago
jpetrucciani
commented
5 years ago Awesome! 😄
I'll try to review this sometime today, and hopefully I can get it merged in soon!
jpetrucciani
commented
5 years ago This is now live on pip as version 3.2.19!
Good call on the requests dependency! Thanks again for your contributions! 😄
This PR adds the most important OAuth2 endpoints (requesting the initial tokens and refreshing tokens) as standalone methods in a dedicated client. That way, it is possible to interact with tokens explicitly (useful e.g. for the CLI) in addition to the automatic refresh.
Since this dedicated client would now exist, we also changed the auto-refreshing routine to use the new client - that way, it can also benefit from the client features like retrying on server errors, etc. Unless there was an oversight on our end, we also think that the automatic refreshing did not really work as the refresh endpoint did always require the client secret in addition to the client ID in our tests. This is why we added the client secret as an attribute/parameter to all clients so it can be provided for the automatic refreshing. For the same reason, we've also completely removed the old
refresh_tokenutility instead of just deprecating it.I've also added two methods for additional endpoints of the Ecommerce Bridge. I'm sorry for mixing this stuff up like that, but we kind of needed both things together, so it was easier this way on our end.
Side note: You could probably also remove the
auth_checkerutility since it doesn't work either: The access token would need to be set as a header instead of a query parameter. With that removal, you could probably also get rid ofrequestsas a requirement entirely, as this seems to be the last remaining place where it's used. Ifhubspot3were to offer a simple access token check function like this, I would recommend using the access token information endpoint (e.g. by implementing it in the new OAuth2 Client :wink:) instead of a contact endpoint since access tokens can have different scopes and can therefore be valid without having access to the contacts API.