This repository was archived by the owner on Mar 6, 2026. It is now read-only.
Commit 94d04e0
authored
fix: raise RefreshError for missing token in impersonated credentials (#1897)
Previously, `IDTokenCredentials.refresh` would raise a `KeyError` if the
response from the IAM server was `200 OK` but did not contain the
expected "token" field. This change wraps the token extraction in a
`try...except` block to catch `KeyError` (and `ValueError` for malformed
JSON) and raises a `google.auth.exceptions.RefreshError` instead, which
is the expected behavior for credential refresh failures.
I've added a new test `tests/test_impersonated_credentials.py` to
verify:
1. A `200 OK` response with a missing token now raises `RefreshError`.
2. Non-200 responses (e.g., 403) still raise `RefreshError` as before.
---
This PR replaces the PR #1167 from 3 years ago that addressed this
issue, but was less robust/not fully correct.
*PR created automatically by Jules for task
[3520893520890582850](https://jules.google.com/task/3520893520890582850)
started by @chalmerlowe*
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>1 parent 0e28e6f commit 94d04e0Copy full SHA for 94d04e0
2 files changed
+30-1Lines changed: 30 additions & 1 deletion
File tree
Expand file treeCollapse file tree
Open diff view settings
Filter options
- google/auth
- tests
Expand file treeCollapse file tree
Open diff view settings
Collapse file
google/auth/impersonated_credentials.py
Copy file name to clipboardExpand all lines: google/auth/impersonated_credentials.py+8-1Lines changed: 8 additions & 1 deletion
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
640 | 640 | |
641 | 641 | |
642 | 642 | |
643 | | - |
| 643 | + |
| 644 | + |
| 645 | + |
| 646 | + |
| 647 | + |
| 648 | + |
| 649 | + |
| 650 | + |
644 | 651 | |
645 | 652 | |
646 | 653 | |
|
Collapse file
tests/test_impersonated_credentials.py
Copy file name to clipboardExpand all lines: tests/test_impersonated_credentials.py+22Lines changed: 22 additions & 0 deletions
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| ||
761 | 761 | |
762 | 762 | |
763 | 763 | |
| 764 | + |
| 765 | + |
| 766 | + |
| 767 | + |
| 768 | + |
| 769 | + |
| 770 | + |
| 771 | + |
| 772 | + |
| 773 | + |
| 774 | + |
| 775 | + |
| 776 | + |
| 777 | + |
| 778 | + |
| 779 | + |
| 780 | + |
| 781 | + |
| 782 | + |
| 783 | + |
| 784 | + |
| 785 | + |
764 | 786 | |
765 | 787 | |
766 | 788 | |
|
0 commit comments