@@ -451,7 +451,7 @@ class OAuth2Credentials(Credentials):
451451 def __init__ (self , access_token , client_id , client_secret , refresh_token ,
452452 token_expiry , token_uri , user_agent , revoke_uri = None ,
453453 id_token = None , token_response = None , scopes = None ,
454- token_info_uri = None ):
454+ token_info_uri = None , id_token_jwt = None ):
455455 """Create an instance of OAuth2Credentials.
456456
457457 This constructor is not usually called by the user, instead
@@ -474,8 +474,11 @@ def __init__(self, access_token, client_id, client_secret, refresh_token,
474474 because some providers (e.g. wordpress.com) include
475475 extra fields that clients may want.
476476 scopes: list, authorized scopes for these credentials.
477- token_info_uri: string, the URI for the token info endpoint. Defaults
478- to None; scopes can not be refreshed if this is None.
477+ token_info_uri: string, the URI for the token info endpoint.
478+ Defaults to None; scopes can not be refreshed if
479+ this is None.
480+ id_token_jwt: string, the encoded and signed identity JWT. The
481+ decoded version of this is stored in id_token.
479482
480483 Notes:
481484 store: callable, A callable that when passed a Credential
@@ -493,6 +496,7 @@ def __init__(self, access_token, client_id, client_secret, refresh_token,
493496 self .user_agent = user_agent
494497 self .revoke_uri = revoke_uri
495498 self .id_token = id_token
499+ self .id_token_jwt = id_token_jwt
496500 self .token_response = token_response
497501 self .scopes = set (_helpers .string_to_scopes (scopes or []))
498502 self .token_info_uri = token_info_uri
@@ -621,6 +625,7 @@ def from_json(cls, json_data):
621625 data ['user_agent' ],
622626 revoke_uri = data .get ('revoke_uri' , None ),
623627 id_token = data .get ('id_token' , None ),
628+ id_token_jwt = data .get ('id_token_jwt' , None ),
624629 token_response = data .get ('token_response' , None ),
625630 scopes = data .get ('scopes' , None ),
626631 token_info_uri = data .get ('token_info_uri' , None ))
@@ -786,8 +791,10 @@ def _do_refresh_request(self, http):
786791 self .token_expiry = None
787792 if 'id_token' in d :
788793 self .id_token = _extract_id_token (d ['id_token' ])
794+ self .id_token_jwt = d ['id_token' ]
789795 else :
790796 self .id_token = None
797+ self .id_token_jwt = None
791798 # On temporary refresh errors, the user does not actually have to
792799 # re-authorize, so we unflag here.
793800 self .invalid = False
@@ -2059,15 +2066,17 @@ def step2_exchange(self, code=None, http=None, device_flow_info=None):
20592066 token_expiry = delta + _UTCNOW ()
20602067
20612068 extracted_id_token = None
2069+ id_token_jwt = None
20622070 if 'id_token' in d :
20632071 extracted_id_token = _extract_id_token (d ['id_token' ])
2072+ id_token_jwt = d ['id_token' ]
20642073
20652074 logger .info ('Successfully retrieved access token' )
20662075 return OAuth2Credentials (
20672076 access_token , self .client_id , self .client_secret ,
20682077 refresh_token , token_expiry , self .token_uri , self .user_agent ,
20692078 revoke_uri = self .revoke_uri , id_token = extracted_id_token ,
2070- token_response = d , scopes = self .scope ,
2079+ id_token_jwt = id_token_jwt , token_response = d , scopes = self .scope ,
20712080 token_info_uri = self .token_info_uri )
20722081 else :
20732082 logger .info ('Failed to retrieve access token: %s' , content )
0 commit comments