Skip to content
This repository has been archived by the owner on Nov 5, 2019. It is now read-only.

Commit

Permalink
Stop sending scopes in token requests on GCE.
Browse files Browse the repository at this point in the history 
The scopes on the instance are the only ones that matter.
  • Loading branch information
@dhermes
dhermes committed Feb 17, 2016
1 parent a31f512 commit 212c485
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 8 deletions.
6 changes: 2 additions & 4 deletions oauth2client/contrib/gce.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@

# URI Template for the endpoint that returns access_tokens.
META = ('http://metadata.google.internal/computeMetadata/v1/instance/'
'service-accounts/default/token{?scope}')
'service-accounts/default/token')


class AppAssertionCredentials(AssertionCredentials):
Expand Down Expand Up @@ -83,10 +83,8 @@ def _refresh(self, http_request):
Raises:
HttpAccessTokenRefreshError: When the refresh fails.
"""
query = '?scope=%s' % urllib.parse.quote(self.scope, '')
uri = META.replace('{?scope}', query)
response, content = http_request(
uri, headers={'Metadata-Flavor': 'Google'})
META, headers={'Metadata-Flavor': 'Google'})
content = _from_bytes(content)
if response.status == http_client.OK:
try:
Expand Down
6 changes: 2 additions & 4 deletions tests/contrib/test_gce.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,8 @@ def _refresh_success_helper(self, bytes_response=False):
base_metadata_uri = (
'http://metadata.google.internal/computeMetadata/v1/instance/'
'service-accounts/default/token')
escaped_scopes = urllib.parse.quote(' '.join(scopes), safe='')
request_uri = base_metadata_uri + '?scope=' + escaped_scopes
http.request.assert_called_once_with(
request_uri, headers={'Metadata-Flavor': 'Google'})
base_metadata_uri, headers={'Metadata-Flavor': 'Google'})

def test_refresh_success(self):
self._refresh_success_helper(bytes_response=False)
Expand Down Expand Up @@ -162,7 +160,7 @@ def test_get_access_token(self):

http.request.assert_called_once_with(
'http://metadata.google.internal/computeMetadata/v1/instance/'
'service-accounts/default/token?scope=dummy_scope',
'service-accounts/default/token',
headers={'Metadata-Flavor': 'Google'})

def test_save_to_well_known_file(self):
Expand Down

0 comments on commit 212c485

Please sign in to comment.