oauth token caching (#110)

* adding support to oauth token caching

* fix linter

* cleanup

* addressing PR comments

* make sure integration tests use cached token

Author: NRHelmi

.github/workflows/build.yaml

@@ -35,4 +35,5 @@ jobs:
         CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
         CLIENT_CREDENTIALS_URL: ${{ secrets.CLIENT_CREDENTIALS_URL }}
       run: |
+        mkdir -p ~/.rai
         python -m unittest

railib/credentials.py

@@ -40,10 +40,11 @@ def __init__(self, akey: str, pkey: str):
 
 # Represents an OAuth access token.
 class AccessToken:
-    def __init__(self, access_token: str, expires_in: int):
-        self.token = access_token
+    def __init__(self, access_token: str, scope: str, expires_in: int, created_on: float = time.time()):
+        self.access_token = access_token
+        self.scope = scope
         self.expires_in = expires_in
-        self.created_on = round(time.time())
+        self.created_on = created_on
 
     def is_expired(self):
         return (

railib/rest.py

@@ -19,6 +19,7 @@
 from datetime import datetime
 import hashlib
 import json
+from os import path
 from urllib.parse import urlencode, urlsplit, quote
 from urllib.request import Request, urlopen
 
@@ -40,6 +41,7 @@
 GRANT_TYPE_KEY = "grant_type"
 CLIENT_CREDENTIALS_KEY = "client_credentials"
 EXPIRES_IN_KEY = "expires_in"
+SCOPE = "scope"
 
 
 _empty = bytes("", encoding="utf8")
@@ -119,13 +121,50 @@ def _print_request(req: Request, level=0):
                 print(json.dumps(json.loads(req.data.decode("utf8")), indent=2))
 
 
+def _cache_file() -> str:
+    return path.join(path.expanduser('~'), '.rai', 'tokens.json')
+
+
+# Read oauth cache
+def _read_cache() -> dict:
+    try:
+        with open(_cache_file(), 'r') as cache:
+            return json.loads(cache.read())
+    except Exception:
+        return {}
+
+
+# Read access token from cache
+def _read_token_cache(creds: ClientCredentials) -> AccessToken:
+    try:
+        cache = _read_cache()
+        return AccessToken(**cache[creds.client_id])
+    except Exception:
+        return None
+
+
+# write access token to cache
+def _write_token_cache(creds: ClientCredentials):
+    try:
+        cache = _read_cache()
+        cache[creds.client_id] = creds.access_token
+
+        with open(_cache_file(), 'w') as f:
+            f.write(json.dumps(cache, default=vars))
+    except Exception:
+        pass
+
+
 # Returns the current access token if valid, otherwise requests new token.
 def _get_access_token(ctx: Context, url: str) -> AccessToken:
     creds = ctx.credentials
     assert isinstance(creds, ClientCredentials)
     if creds.access_token is None or creds.access_token.is_expired():
-        creds.access_token = _request_access_token(ctx, url)
-    return creds.access_token.token
+        creds.access_token = _read_token_cache(creds)
+        if creds.access_token is None or creds.access_token.is_expired():
+            creds.access_token = _request_access_token(ctx, url)
+            _write_token_cache(creds)
+    return creds.access_token.access_token
 
 
 def _request_access_token(ctx: Context, url: str) -> AccessToken:
@@ -158,7 +197,8 @@ def _request_access_token(ctx: Context, url: str) -> AccessToken:
         token = result.get(ACCESS_KEY_TOKEN_KEY, None)
         if token is not None:
             expires_in = result.get(EXPIRES_IN_KEY, None)
-            return AccessToken(token, expires_in)
+            scope = result.get(SCOPE, None)
+            return AccessToken(token, scope, expires_in)
     raise Exception("failed to get the access token")