theprnce / google-api-python-client

Automatically exported from code.google.com/p/google-api-python-client
Other
0 stars 0 forks source link

Problems revoking non-google tokens (oauth2client) #296

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
It appears that the Credentials assume that revoking a token is done by sending 
?token=[refresh_token] to the revoke-URI, but for providers other than Google, 
this won't always work. DailyMotion for example (against which the wiki pages 
claims the library has been tested...) requires that you send 
?access_token=[access_token] to the revoke-URI. Twitter requires a post (with 
basic-auth from the client-id/secret) that sends access_token=[access_token]

If there is no standardised way of handling revoke (or if there is, but 
providers aren't using it!), then having every way supported by the library 
obviously isn't going to happen, but could the class be made injectable in 
places that create OAuth2Credentials? So an extra __init__ arg, 
'credentials_class' for OAuth2WebServerFlow, so that step2_exchange uses it, 
would be useful. I'd create a DailyMotionOauth2Credentials class in my app that 
just overrides revoke/_revoke, pass it when creating my OAuth2WebServerFlow and 
then it's all taken care of at creation-time, rather than having to inspect 
credentials at revocation-time to work out what to do.

Original issue reported on code.google.com by greg.jo...@psycle.com on 15 Aug 2013 at 10:46

GoogleCodeExporter commented 9 years ago

Original comment by jcgregorio@google.com on 15 Aug 2013 at 2:02