fix: rename internal refresh token attribute to _refresh_token_val and add _refresh_token wrapper

Rename the stored refresh token attribute from _refresh_token to _refresh_token_val to avoid a name collision with a newly added _refresh_token(request) wrapper that delegates to refresh(request). Update all references and tests accordingly to match changes in fix test_aws_based_external_account system test
Fixes #1279

Author: mikeedjones

google/oauth2/credentials.py

@@ -139,7 +139,7 @@ def __init__(
         super(Credentials, self).__init__()
         self.token = token
         self.expiry = expiry
-        self._refresh_token = refresh_token
+        self._refresh_token_val = refresh_token
         self._id_token = id_token
         self._scopes = scopes
         self._default_scopes = default_scopes
@@ -178,7 +178,7 @@ def __setstate__(self, d):
         all the attributes."""
         self.token = d.get("token")
         self.expiry = d.get("expiry")
-        self._refresh_token = d.get("_refresh_token")
+        self._refresh_token_val = d.get("_refresh_token_val")
         self._id_token = d.get("_id_token")
         self._scopes = d.get("_scopes")
         self._default_scopes = d.get("_default_scopes")
@@ -203,7 +203,7 @@ def __setstate__(self, d):
     @property
     def refresh_token(self):
         """Optional[str]: The OAuth 2.0 refresh token."""
-        return self._refresh_token
+        return self._refresh_token_val
 
     @property
     def scopes(self):
@@ -350,6 +350,9 @@ def with_universe_domain(self, universe_domain):
     def _metric_header_for_usage(self):
         return metrics.CRED_TYPE_USER
 
+    def _refresh_token(self, request):
+        return self.refresh(request)
+
     @_helpers.copy_docstring(credentials.Credentials)
     def refresh(self, request):
         if self._universe_domain != credentials.DEFAULT_UNIVERSE_DOMAIN:
@@ -368,7 +371,7 @@ def refresh(self, request):
         # available. This is useful in general when tokens are obtained by calling
         # some external process on demand. It is particularly useful for retrieving
         # downscoped tokens from a token broker.
-        if self._refresh_token is None and self.refresh_handler:
+        if self._refresh_token_val is None and self.refresh_handler:
             token, expiry = self.refresh_handler(request, scopes=scopes)
             # Validate returned data.
             if not isinstance(token, str):
@@ -389,7 +392,7 @@ def refresh(self, request):
             return
 
         if (
-            self._refresh_token is None
+            self._refresh_token_val is None
             or self._token_uri is None
             or self._client_id is None
             or self._client_secret is None
@@ -409,7 +412,7 @@ def refresh(self, request):
         ) = reauth.refresh_grant(
             request,
             self._token_uri,
-            self._refresh_token,
+            self._refresh_token_val,
             self._client_id,
             self._client_secret,
             scopes=scopes,
@@ -419,7 +422,7 @@ def refresh(self, request):
 
         self.token = access_token
         self.expiry = expiry
-        self._refresh_token = refresh_token
+        self._refresh_token_val = refresh_token
         self._id_token = grant_response.get("id_token")
         self._rapt_token = rapt_token
 

tests/test__oauth2client.py

@@ -52,7 +52,7 @@ def test__convert_oauth2_credentials():
     new_credentials = _oauth2client._convert_oauth2_credentials(old_credentials)
 
     assert new_credentials.token == old_credentials.access_token
-    assert new_credentials._refresh_token == old_credentials.refresh_token
+    assert new_credentials._refresh_token_val == old_credentials.refresh_token
     assert new_credentials._client_id == old_credentials.client_id
     assert new_credentials._client_secret == old_credentials.client_secret
     assert new_credentials._token_uri == old_credentials.token_uri