From 9e2dd11617e3977c546085bb7f1624fa90211fdc Mon Sep 17 00:00:00 2001
From: Ross Scroggs <ross.scroggs@gmail.com>
Date: Mon, 27 May 2019 07:25:38 -0700
Subject: [PATCH] Handle missing credentials, e.g., two gam oauth deletes in a
 row (#938)

* Handle missing credentials, e.g., two gam oauth deletes in a row

* Add scopes back to oauth2.txt

If scopes are in oauth2.txt, an advanced gam user can use it unchanged. My code does preemptive error checking to detect API scope mismatches early on.

* Suppress token details unless requested

* Bring on the details

* Update scopes used to make oauth2.txt
---
 src/GamCommands.txt | 2 +-
 src/gam.py          | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/GamCommands.txt b/src/GamCommands.txt
index 00a65432..d33999c8 100644
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -820,7 +820,7 @@ gam print projects [<EmailAddress>] [all|gam|<ProjectID>|(filter <String>)] [tod
 
 gam oauth|oauth2 create|request [<EmailAddress>]
 gam oauth|oauth2 delete|revoke
-gam oauth|oauth2 info|verify [accesstoken <AccessToken>] [idtoken <IDToken>] showsecret
+gam oauth|oauth2 info|verify [accesstoken <AccessToken>] [idtoken <IDToken>] [showsecret]
 gam oauth|oauth2 refresh
 
 gam <UserTypeEntity> check serviceaccount
diff --git a/src/gam.py b/src/gam.py
index 5a748916..54bf669f 100755
--- a/src/gam.py
+++ b/src/gam.py
@@ -7474,8 +7474,8 @@ def _run_oauth_flow(client_id, client_secret, scopes, access_type, login_hint=No
       'client_id': client_id,
       'client_secret': client_secret,
       'redirect_uris': ['http://localhost', 'urn:ietf:wg:oauth:2.0:oob'],
-      'auth_uri': 'https://accounts.google.com/o/oauth2/auth',
-      'token_uri': 'https://accounts.google.com/o/oauth2/token',
+      'auth_uri': 'https://accounts.google.com/o/oauth2/v2/auth',
+      'token_uri': 'https://oauth2.googleapis.com/token',
       }
     }
   flow = google_auth_oauthlib.flow.InstalledAppFlow.from_client_config(client_config, scopes)
@@ -12868,6 +12868,8 @@ def OAuthInfo():
 
 def doDeleteOAuth():
   credentials = getOauth2TxtStorageCredentials()
+  if credentials is None:
+    return
   simplehttp = httplib2.Http()
   params = {'token': credentials.refresh_token}
   revoke_uri = 'https://accounts.google.com/o/oauth2/revoke?%s' % urlencode(params)
@@ -12894,6 +12896,7 @@ def writeCredentials(creds):
     'client_secret': creds.client_secret,
     'id_token': creds.id_token,
     'token_expiry': creds.expiry.strftime('%Y-%m-%dT%H:%M:%SZ'),
+    'scopes': sorted(creds.scopes),
     }
   expected_iss = ['https://accounts.google.com', 'accounts.google.com']
   if _getValueFromOAuth('iss', creds) not in expected_iss: