As part of being a good API citizen, instead of getting a new token at expiry, we should refresh the one we have.

* Adds token refresh using the Firebase token refresh system
* Update example to include refreshing token
* Add form enccoded post capabilities to api wrapper (although implemented in a smelly way)

Author: mattrayner

.github/workflows/push.yml

@@ -5,8 +5,6 @@ on:
     branches:
       - main
       - dev
-    tags:
-      - '*'
 
 jobs:
   tests:
@@ -39,11 +37,3 @@ jobs:
         with:
           name: code-coverage-report
           path: htmlcov/*
-      - name: Build release package
-        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-        run: make package
-      - name: Publish package
-        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/tag.yml

@@ -0,0 +1,44 @@
+name: Push actions
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  tests:
+    runs-on: "ubuntu-latest"
+    name: Test and release
+    steps:
+      - name: Check out code from GitHub
+        uses: "actions/checkout@v3"
+      - name: Setup Python
+        uses: "actions/setup-python@v4"
+        with:
+          python-version: "3.10"
+      - name: Install requirements
+        run: python3 -m pip install -r requirements_test.txt -r requirements_release.txt
+      - name: Run tests
+        run: |
+          python3 -m pytest \
+            -vv \
+            -qq \
+            --timeout=9 \
+            --durations=10 \
+            --cov podpointclient \
+            --cov-report term \
+            --cov-report html \
+            -o console_output_style=count \
+            -p no:sugar \
+            tests
+      - name: Archive code coverage results
+        uses: actions/upload-artifact@v3
+        with:
+          name: code-coverage-report
+          path: htmlcov/*
+      - name: Build release package
+        run: make package
+      - name: Publish package
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI_API_TOKEN }}

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Pod Point Client Changelog
 
+## v1.5.0
+
+* Add support for refreshing expired tokens, rather than grabbing new ones each time
+* Update example.py to demonstrate token expiry
+
 ## v1.4.3
 
 * Remove additional / from pod point api calls

Makefile

@@ -25,4 +25,4 @@ package:
 	python3 setup.py sdist
 
 publish: clean package
-	twine upload dist/* --verbose
+	twine upload dist/* --verbose

example.py

@@ -1,3 +1,4 @@
+from datetime import datetime, timedelta
 from podpointclient.client import PodPointClient
 import asyncio
 import aiohttp
@@ -19,10 +20,14 @@ async def main(username: str, password: str, http_debug: bool = False, loop=None
 
     # Verify credentials work
     verified = await client.async_credentials_verified()
-    print(f"  Credentials verified: {verified}")
+    print(f"Credentials verified: {verified}")
+    print(f"  Token expiry: {client.auth.access_token_expiry}")
+
+    print("Sleeping 2s")
+    time.sleep(2)
 
-    print("Getting user details")
     # Get user information
+    print("Getting user details")
     user = await client.async_get_user()
     print(f"  Account balance {user.account.balance}p")
 
@@ -35,7 +40,7 @@ async def main(username: str, password: str, http_debug: bool = False, loop=None
     pod = pods[0]
     print(f"Selecting first pod: {pod.ppid}")
 
-    # Get firmware information for the pod
+    # Get firmware information for the pod
     firmwares = await client.async_get_firmware(pod=pod)
     firmware = firmwares[0]
     print(f"Gettnig firmware data for {pod.ppid}")
@@ -58,6 +63,17 @@ async def main(username: str, password: str, http_debug: bool = False, loop=None
     energy_used = charges[0].kwh_used
     print(f"  kW charged: {energy_used}")
 
+    # Expire token and exchange a refresh
+    print("Expiring token and refreshing...")
+    client.auth.access_token_expiry = datetime.now() - timedelta(minutes=10)
+    updated = await client.auth.async_update_access_token()
+    print(f"  Token updated? {updated} - New expiry: {client.auth.access_token_expiry}")
+
+    # Get user information again
+    print("Getting user details with new token")
+    user = await client.async_get_user()
+    print(f"  Account balance {user.account.balance}p")
+
 if __name__ == "__main__":
     import time
     import argparse

podpointclient/endpoints.py

@@ -17,6 +17,10 @@
 """Google endpoint, used for auth"""
 GOOGLE_KEY = '?key=AIzaSyCwhF8IOl_7qHXML0pOd5HmziYP46IZAGU'
 PASSWORD_VERIFY = f"/verifyPassword{GOOGLE_KEY}"
+TOKEN = f"/token{GOOGLE_KEY}"
 
 GOOGLE_BASE = 'www.googleapis.com/identitytoolkit/v3/relyingparty'
 GOOGLE_BASE_URL = f"https://{GOOGLE_BASE}"
+
+GOOGLE_TOKEN_BASE = 'securetoken.googleapis.com/v1'
+GOOGLE_TOKEN_BASE_URL = f"https://{GOOGLE_TOKEN_BASE}"

podpointclient/helpers/api_wrapper.py

@@ -72,6 +72,23 @@ async def post(
             headers=headers,
             exception_class=exception_class
         )
+    async def post_form_data(
+        self,
+        url: str,
+        body: Any,
+        headers: Dict[str, Any],
+        params: Dict[str, Any] = None,
+        exception_class=APIError
+    ) -> aiohttp.ClientResponse:
+        """Make a POST request"""
+        return await self.__wrapper(
+            method="post_data",
+            url=url,
+            params=params,
+            data=body,
+            headers=headers,
+            exception_class=exception_class
+        )
 
     async def delete(
         self,
@@ -132,6 +149,16 @@ async def __wrapper(
                         json=data
                     )
 
+                # ToDo: Fix this, we need to look again at the pattern for this, maybe determine based on data type?
+                #  THIS REALLY SMELLS
+                elif method == "post_data":
+                    response = await self._session.post(
+                        url,
+                        headers=headers,
+                        params=params,
+                        data=data
+                    )
+
                 elif method == "delete":
                     response = await self._session.delete(url, headers=headers, params=params)
 

podpointclient/helpers/auth.py

@@ -7,7 +7,7 @@
 
 from ..errors import APIError, AuthError, SessionError
 from .session import Session
-from ..endpoints import GOOGLE_BASE_URL, PASSWORD_VERIFY
+from ..endpoints import GOOGLE_BASE_URL, PASSWORD_VERIFY, GOOGLE_TOKEN_BASE_URL, TOKEN
 from .functions import HEADERS
 from .api_wrapper import APIWrapper
 
@@ -61,7 +61,9 @@ async def async_update_access_token(self) -> bool:
 
         try:
             _LOGGER.debug('Updating access token')
-            access_token_updated: bool = await self.__update_access_token()
+            access_token_updated: bool = await self.__update_access_token(
+                refresh=self.access_token_expired()
+            )
 
             _LOGGER.debug(
                 "Updated access token. New expiration: %s",
@@ -90,23 +92,43 @@ async def async_update_access_token(self) -> bool:
 
     async def __update_access_token(self, refresh: bool = False) -> bool:
         return_value = False
+        id_token_response = 'idToken'
+        refresh_token_response = 'refreshToken'
+        expires_in_response = 'expiresIn'
 
         try:
             wrapper = APIWrapper(session=self._session)
-            response = await wrapper.post(
-                url=f"{GOOGLE_BASE_URL}{PASSWORD_VERIFY}",
-                body={"email": self.email, "returnSecureToken": True, "password": self.password},
-                headers=HEADERS,
-                exception_class=AuthError)
+
+            if refresh:
+                _LOGGER.debug('Refreshing access token')
+                headers = HEADERS.copy()
+                headers["Content-type"] = 'application/x-www-form-urlencoded'
+
+                id_token_response = 'id_token'
+                refresh_token_response = 'refresh_token'
+                expires_in_response = 'expires_in'
+
+                response = await wrapper.post_form_data(
+                    url=f"{GOOGLE_TOKEN_BASE_URL}{TOKEN}",
+                    body=f"grant_type=refresh_token&refresh_token={self.refresh_token}",
+                    headers=headers,
+                    exception_class=AuthError)
+            else:
+                _LOGGER.debug('Getting a new access token')
+                response = await wrapper.post(
+                    url=f"{GOOGLE_BASE_URL}{PASSWORD_VERIFY}",
+                    body={"email": self.email, "returnSecureToken": True, "password": self.password},
+                    headers=HEADERS,
+                    exception_class=AuthError)
 
             if response.status != 200:
                 await self.__handle_response_error(response, AuthError)
 
             json = await response.json()
-            self.access_token = json["idToken"]
-            self.refresh_token = json["refreshToken"]
+            self.access_token = json[id_token_response]
+            self.refresh_token = json[refresh_token_response]
             self.access_token_expiry = datetime.now() + timedelta(
-                seconds=int(json["expiresIn"]) - 10
+                seconds=int(json[expires_in_response]) - 10
             )
             return_value = True
 
@@ -134,4 +156,7 @@ async def __handle_response_error(self, response, error_class):
         status = response.status
         response = await response.text()
 
+        if self._http_debug:
+            _LOGGER.debug(response)
+
         raise error_class(status, response)

podpointclient/version.py

@@ -1,3 +1,3 @@
 """Version for the podpointclient library"""
 
-__version__ = "1.4.3"
+__version__ = "1.5.0"

tests/fixtures/refresh.json

@@ -0,0 +1,8 @@
+{
+  "access_token": "1234",
+  "id_token": "1234",
+  "refresh_token": "1234",
+  "expires_in": "1234",
+  "token_type": "Bearer",
+  "user_id": "11111111-1111-1111-1111-11111111111"
+}