Make it possible to get access token and refresh token

Fixes: #29

Signed-off-by: Patrick Uiterwijk <[email protected]>

flask_oidc/__init__.py

@@ -252,6 +252,40 @@ def user_getinfo(self, fields, access_token=None):
                     pass
         return info
 
+    def get_access_token(self):
+        """Method to return the current requests' access_token.
+
+        :returns: Access token or None
+        :rtype: str
+
+        .. versionadded:: 1.2
+        """
+        try:
+            credentials = OAuth2Credentials.from_json(
+                self.credentials_store[g.oidc_id_token['sub']])
+            return credentials.access_token
+        except KeyError:
+            logger.debug("Expired ID token, credentials missing",
+                         exc_info=True)
+            return None
+
+    def get_refresh_token(self):
+        """Method to return the current requests' refresh_token.
+
+        :returns: Access token or None
+        :rtype: str
+
+        .. versionadded:: 1.2
+        """
+        try:
+            credentials = OAuth2Credentials.from_json(
+                self.credentials_store[g.oidc_id_token['sub']])
+            return credentials.refresh_token
+        except KeyError:
+            logger.debug("Expired ID token, credentials missing",
+                         exc_info=True)
+            return None
+
     def _retrieve_userinfo(self, access_token=None):
         """
         Requests extra user information from the Provider's UserInfo and

tests/app.py

@@ -8,24 +8,41 @@
 from flask.ext.oidc import OpenIDConnect
 
 
+oidc = None
+
+
 def index():
     return "too many secrets", 200, {
         'Content-Type': 'text/plain; charset=utf-8'
     }
 
+def get_at():
+    return oidc.get_access_token(), 200, {
+        'Content-Type': 'text/plain; charset=utf-8'
+    }
+
+def get_rt():
+    return oidc.get_refresh_token(), 200, {
+        'Content-Type': 'text/plain; charset=utf-8'
+    }
+
 def raw_api():
     return {'token': g.oidc_token_info}
 
 def api():
     return json.dumps(raw_api())
 
 def create_app(config, oidc_overrides=None):
+    global oidc
+
     app = Flask(__name__)
     app.config.update(config)
     if oidc_overrides is None:
         oidc_overrides = {}
     oidc = OpenIDConnect(app, **oidc_overrides)
     app.route('/')(oidc.check(index))
+    app.route('/at')(oidc.check(get_at))
+    app.route('/rt')(oidc.check(get_rt))
     # Check standalone usage
     rendered = oidc.accept_token(True, ['openid'])(api)
     app.route('/api', methods=['GET', 'POST'])(rendered)

tests/test_flask_oidc.py

@@ -133,6 +133,20 @@ def test_signin():
         "Expected redirect to destination "\
         "(unexpected path {location.path})".format(location=r2location)
 
+    # Let's get the at and rt
+    r3 = test_client.get('/at')
+    assert r3.status_code == 200,\
+        "Expected access token to succeed"
+    page_text = ''.join(codecs.iterdecode(r3.response, 'utf-8'))
+    assert page_text == 'mock_access_token',\
+        "Access token expected"
+    r4 = test_client.get('/rt')
+    assert r4.status_code == 200,\
+        "Expected refresh token to succeed"
+    page_text = ''.join(codecs.iterdecode(r4.response, 'utf-8'))
+    assert page_text == 'mock_refresh_token',\
+        "Refresh token expected"
+
 
 @patch('httplib2.Http', MockHttp)
 def test_refresh():