KazuyaHayashi/jwtutils.py

## jwtutils.py
import base64
import json
import urllib
import atom.http_core
from oauth2client import client


class Error(Exception):
    def __str__(self):
        return "Error: %s" % self.error_message

class OAuth2JWTError(Error):
    """Raised when an OAuth2 error occurs."""
    def __init__(self, error_message):
        self.error_message = error_message


def get_service_private_key():
    f = open('service_privatekey.p12','rb')
    key = f.read()
    f.close()
    return key

def get_clientSecrets():
    f = open('service_client_secrets.json')
    secrets_json = f.read()
    f.close()
    return json.loads(secrets_json)

def get_JWT(assertion):
    body = urllib.urlencode({
            'grant_type':'urn:ietf:params:oauth:grant-type:jwt-bearer',
            'assertion':assertion
        }
    )_
    headers = {}

    http_client = atom.http_core.HttpClient()
    http_request = atom.http_core.HttpRequest(uri="https://accounts.google.com/o/oauth2/token",
            method="POST", headers=headers)
    http_request.add_body_part(data=body, mime_type="application/x-www-form-urlencoded")
    response = http_client.Request(http_request)
    body = response.read()

    if response.status == 200:
        return body
    else:
        error_msg = 'Invalid response %s.' % response.status
        try:
            d = json.loads(body)
            if 'error' in d:
                error_msg = d['error']
        except:
            pass
        raise OAuth2JWTError(error_msg)

def getServiceAccountsAccessToken(user):
    client_secrets = get_clientSecrets()
    private_key = get_service_private_key()

    scope = [
            'https://mail.google.com/',
            'https://apps-apis.google.com/a/feeds/user/',
            'https://apps-apis.google.com/a/feeds/groups/',
            ]
    #jwt_client = client.SignedJwtAssertionCredentials(
    #        service_account_name=client_secrets['web']['client_email'],
    #        private_key=private_key,
    #        scope=scope,
    #        prn=user)
    jwt_client = client.SignedJwtAssertionCredentials(
            service_account_name=client_secrets['web']['client_email'],
            private_key=private_key,
            scope=scope)

    jwt = json.loads(get_JWT(jwt_client._generate_assertion()))
    access_token = jwt["access_token"]
    return access_token

def GenerateOAuth2String(username, access_token, base64_encode=True):
    """Generates an IMAP OAuth2 authentication string.

    See https://developers.google.com/google-apps/gmail/oauth2_overview

    Args:
    username: the username (email address) of the account to authenticate
    access_token: An OAuth2 access token.
    base64_encode: Whether to base64-encode the output.

    Returns:
    The SASL argument for the OAuth2 mechanism.
    """
    auth_string = 'user=%s\1auth=Bearer %s\1\1' % (username, access_token)
    if base64_encode:
        auth_string = base64.b64encode(auth_string)
    return auth_string
	import base64
	import json
	import urllib
	import atom.http_core
	from oauth2client import client


	class Error(Exception):
	def __str__(self):
	return "Error: %s" % self.error_message

	class OAuth2JWTError(Error):
	"""Raised when an OAuth2 error occurs."""
	def __init__(self, error_message):
	self.error_message = error_message


	def get_service_private_key():
	f = open('service_privatekey.p12','rb')
	key = f.read()
	f.close()
	return key

	def get_clientSecrets():
	f = open('service_client_secrets.json')
	secrets_json = f.read()
	f.close()
	return json.loads(secrets_json)

	def get_JWT(assertion):
	body = urllib.urlencode({
	'grant_type':'urn:ietf:params:oauth:grant-type:jwt-bearer',
	'assertion':assertion
	}
	)_
	headers = {}

	http_client = atom.http_core.HttpClient()
	http_request = atom.http_core.HttpRequest(uri="https://accounts.google.com/o/oauth2/token",
	method="POST", headers=headers)
	http_request.add_body_part(data=body, mime_type="application/x-www-form-urlencoded")
	response = http_client.Request(http_request)
	body = response.read()

	if response.status == 200:
	return body
	else:
	error_msg = 'Invalid response %s.' % response.status
	try:
	d = json.loads(body)
	if 'error' in d:
	error_msg = d['error']
	except:
	pass
	raise OAuth2JWTError(error_msg)

	def getServiceAccountsAccessToken(user):
	client_secrets = get_clientSecrets()
	private_key = get_service_private_key()

	scope = [
	'https://mail.google.com/',
	'https://apps-apis.google.com/a/feeds/user/',
	'https://apps-apis.google.com/a/feeds/groups/',
	]
	#jwt_client = client.SignedJwtAssertionCredentials(
	# service_account_name=client_secrets['web']['client_email'],
	# private_key=private_key,
	# scope=scope,
	# prn=user)
	jwt_client = client.SignedJwtAssertionCredentials(
	service_account_name=client_secrets['web']['client_email'],
	private_key=private_key,
	scope=scope)

	jwt = json.loads(get_JWT(jwt_client._generate_assertion()))
	access_token = jwt["access_token"]
	return access_token

	def GenerateOAuth2String(username, access_token, base64_encode=True):
	"""Generates an IMAP OAuth2 authentication string.

	See https://developers.google.com/google-apps/gmail/oauth2_overview

	Args:
	username: the username (email address) of the account to authenticate
	access_token: An OAuth2 access token.
	base64_encode: Whether to base64-encode the output.

	Returns:
	The SASL argument for the OAuth2 mechanism.
	"""
	auth_string = 'user=%s\1auth=Bearer %s\1\1' % (username, access_token)
	if base64_encode:
	auth_string = base64.b64encode(auth_string)
	return auth_string