Introduction

This page is to address how to generate a Google access_token of test user, and pass it to an authorization API (for example, verify/login APIs) to do authorization, then after token is verified and user is authorized, test user is successful to login to your web application and execute test cases in your web automation framework.

Assume web app url is: https://www.yourweb.com/

Preparation

Web app resource

client_id: unique identity of your web app generated by Google Cloud Platform Console
client_secret: client secret to access your web app
json file: a json file to include client_id and client_secret and other info of your web app

These resources will be used in script to get token by calling Google API.

client_id and client_secret can be retrieved from your web app settings on Google Cloud Console, please contact with your web app owner to get them.

Then once you have client_id and client_secret, make a json file to contain both of them.

The contents of json file are below (just replace <client_id> and <client_secret> with actual values). Assume you have generated json file as my_web_app.json

 

{"web":{"client_id":<clinet_id>,"project_id":"acquired-cargo-380503","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":<client_secret>,"javascript_origins":["http://localhost:3000","http://localhost"]}}

Warning: client_id, client_secret and json file are important for web app, they should be treated with extreme care, because anyone who knows them can use your app's identity to gain access to user information. So, please do NOT share them to others for security concern!

Script

First of all, please install required libs to run scripts

pip install google-auth==2.26.2
pip install google-auth-oauthlib==1.2.0

script to open login page to login Google as test user (open_login.py)

from google.auth.transport.requests import Request 
from google.oauth2.credentials import Credentials 
from oauthlib import oauth2 

client_id = <client_id> 
client_secret = <client_secret>

client = oauth2.WebApplicationClient(client_id=client_id, client_secret=client_secret) 
redirect_uri = 'https://www.yourweb.com/' # Redirect URI，same with the one configured on Google Cloud Platform Console 
scopes = ['email'] # Access scope, configured by web app 
authorization_url = client.prepare_request_uri('https://accounts.google.com/o/oauth2/v2/auth', redirect_uri=redirect_uri, scope=scopes, access_type='offline', prompt='consent') 

print("Please open below url in browser: ")
print(authorization_url)

This script will open a page to ask user login Google service

script to get Google refresh token (get_refresh_token.py)

from google_auth_oauthlib.flow import Flow 
from google.oauth2.credentials import Credentials 


flow = Flow.from_client_secrets_file(
         <json file>, # the json file you have made in preparation section, which contains client_id, client_secret 
         scopes=['https://www.googleapis.com/auth/userinfo.email', 'openid'], 
         redirect_uri='https://www.yourweb.com/' ) 

flow.fetch_token(code=<code>, access_type='offline', prompt='consent')
token = flow.credentials.id_token print(flow.credentials.refresh_token)

json file is the one you have made in preparation section, which contains client_id, client_secret and other info
Actual value of code can be got after user login Google on login page.
Note: code can only be used once, if there is any error when running this script, you must run script #1 again to get a new code.

script to get Google access token (get_access_token.py)

from google.auth.transport.requests import Request
from google.oauth2.credentials import Credentials 


client_id = <client_id> 
client_secret = <client_secret>
refresh_token = <refresh_token> # this is got from script #2 
credentials = Credentials(None, refresh_token=refresh_token, token_uri='https://oauth2.googleapis.com/token', client_id=client_id, client_secret=client_secret) 

# Request Google API to get access token
request = Request() 
credentials.refresh(request) 

# Now you can use this access token to test login to web app 
access_token = credentials.token
print(access_token)
# print(credentials.to_json())

Actual value of refresh_token can be got by script #2

put my_web_app.json and above scripts in the same folder

Steps to run scripts

modify the first script #1 open_login.py, input actual values of <client_id> and <client_secret>
run open_login.py
open this url in Browser (Chrome Incognito Window is better, because you are going to login test user), and then open Developer Tools to monitor network(otherwise you may not find code)
test user is <your_user>@gmail.com, so please login it with password
after login successfully, click Continue
check Network tab in Developer Tools, find a request contains "code="
get the value of code, remember to replace "%2F" with "/" ("/" is translated in url)
modify script #2, get_refresh_token.py, input actual values of <json file> and <code>
run get_refresh_token.py

The highlighted string is refresh token
modify script #3, get_access_token.py, input actual values for <client_id>, <client_secret> and <refresh_token>
run get_access_token,py, you will get access_token
use this access_token, you can call your authorization API https://www.yourweb.com/id/service/v1/verify to authorize test user to login your web app

Comment

Google refresh_token will be available for a very long time, unless some exceptions, please refer to https://developers.google.com/identity/protocols/oauth2?hl=zh-cn#expiration

So, in general, we can consider refresh_token always workable, then we only need to add script #3 get_access_token.py to your web automation framework to get access_token each time, no need to add all of the 3 scripts into automation framework.

Only when refresh_token is not available, we can follow above steps to generate a new one.

posted on 2025-02-13 16:34 forwill 阅读(92) 评论(0) 收藏举报

刷新页面返回顶部