Database Reference
In-Depth Information
If you accept, the Authorization Server then issues a redirect to a localhost
address. This is where the black magic comes in. When you called run()
on the flow object, it started up a web server on your computer. When
the Authorization Server redirects your browser to your local web server,
it provides the credential information as part of the request. The run()
operation listens for this request, and after it receives the credentials, shuts
down the web server and returns.
Everything you need to talk to BigQuery is now in the creds object, and also
saved in a file called bigquery_credentials.dat .
OAuth2 Credentials
Now that you've seen how to run an OAuth2 flow to get credentials, look at
what the credentials actually contain.
>>> import json
>>> print json.dumps(json.loads(creds.to_json()),
indent=2)
{
"_module": "oauth2client.client",
"token_expiry": "2013-08-11T18:07:59Z",
"access_token": "…",
"token_uri": "https://accounts.google.com/o/oauth2/
token",
"invalid": false,
"user_agent": null,
"client_id":
"857243983440.apps.googleusercontent.com",
"id_token": null,
"client_secret": "9z0P5eC1WjYtRug90aKiejns",
"_class": "OAuth2Credentials",
"refresh_token": "1/
_V43XWglqRtCQCJ2X_AWyajZK1i1NcpRt2DyhIBYLC4"
}
OAuth2 uses a split-token technique to keep your credentials secure. That
is, your credentials are split into two pieces: a long-lived refresh token and a
short-lived access token .
Search WWH ::




Custom Search