fix(auth): add offline_access scope

to include refresh_token in auth response

Author: mathiazom

podme_api/auth/client.py

@@ -212,7 +212,7 @@ async def authorize(self, user_credentials: PodMeUserCredentials) -> SchibstedCr
                 "client_id": CLIENT_ID,
                 "redirect_uri": "https://podme.com/auth/handleSchibstedLogin",
                 "response_type": "code",
-                "scope": "openid email",
+                "scope": "openid email offline_access",
                 "state": json.dumps(
                     {
                         "returnUrl": PODME_AUTH_RETURN_URL,

podme_api/auth/models.py

@@ -21,19 +21,11 @@ class SchibstedCredentials(BaseDataClassORJSONMixin):
     """Represents Schibsted authentication credentials."""
 
     scope: str
-    user_id: str
-    is_admin: bool
     token_type: str
     access_token: str
     refresh_token: str
     expires_in: int
     id_token: str
-    server_time: datetime = field(
-        metadata=field_options(
-            deserialize=datetime.fromtimestamp,
-            serialize=lambda v: int(datetime.timestamp(v)),
-        )
-    )
     expiration_time: datetime = field(
         metadata=field_options(
             deserialize=datetime.fromtimestamp,

tests/fixtures/default_credentials.json

@@ -1 +1 @@
-{"scope":"openid email","user_id":"123456","is_admin":false,"token_type":"Bearer","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3BheW1lbnQuc2NoaWJzdGVkLm5vLyIsImlhdCI6MTcyODUxODQwMCwiZXhwIjo0MTAyNDQ0ODAwLCJhdWQiOiJodHRwczovL3BvZG1lLmNvbSIsInN1YiI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwZmZmZiIsInVzZXJfaWQiOiIxMjM0NTYiLCJjbGFzcyI6InRva2VuLk9BdXRoVXNlckFjY2Vzc1Rva2VuIiwianRpIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMGZmIiwic2NvcGUiOiJvcGVuaWQgZW1haWwiLCJhenAiOiI2NmZkMjZjZGFlNmJkZTU3ZWYyMDZiMzUiLCJjbGllbnRfaWQiOiI2NmZkMjZjZGFlNmJkZTU3ZWYyMDZiMzUifQ.eXMqS6ymgIthKCDKgGK3ZzFZaY0P-B-2z5QjuZlsIzc","refresh_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3BheW1lbnQuc2NoaWJzdGVkLm5vLyIsImlhdCI6MTcyODUxODQwMCwiZXhwIjo0MTAyNDQ0ODAwLCJhdWQiOiJodHRwczovL3BvZG1lLmNvbSIsInN1YiI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwZmZmZiIsInVzZXJfaWQiOiIxMjM0NTYiLCJjbGFzcyI6InRva2VuLk9BdXRoVXNlclJlZnJlc2hUb2tlbiIsImp0aSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDBmZiIsInNjb3BlIjoib3BlbmlkIGVtYWlsIiwiYXpwIjoiNjZmZDI2Y2RhZTZiZGU1N2VmMjA2YjM1IiwiY2xpZW50X2lkIjoiNjZmZDI2Y2RhZTZiZGU1N2VmMjA2YjM1IiwiYWp0aSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDBkZCJ9.M_oRHsskpt0ODJIZJ4x9VlMWIFpTsXkbLucyH1Oj3_Q","expires_in":600,"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3BheW1lbnQuc2NoaWJzdGVkLm5vLyIsImlhdCI6MTcyODUxODQwMCwiZXhwIjo0MTAyNDQ0ODAwLCJhdWQiOlsiNjZmZDI2Y2RhZTZiZGU1N2VmMjA2YjM1IiwiaHR0cHM6Ly9wb2RtZS5jb20iXSwic3ViIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDBmZmZmIiwibGVnYWN5X3VzZXJfaWQiOiIxMjM0NTYiLCJjbGFzcyI6InRva2VuLklEVG9rZW4iLCJhenAiOiI2NmZkMjZjZGFlNmJkZTU3ZWYyMDZiMzUiLCJlbWFpbCI6InRlc3R1c2VyQGV4YW1wbGUuY29tIn0.N-7DexoBVhvLdPLP75cxZrXm0ToiFVCmouV2Ixynp6k","server_time":1704067200,"expiration_time":1704067800,"account_created":null,"email":null}
+{"scope":"openid email offline_access","token_type":"Bearer","access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3BheW1lbnQuc2NoaWJzdGVkLm5vLyIsImlhdCI6MTcyODUxODQwMCwiZXhwIjo0MTAyNDQ0ODAwLCJhdWQiOiJodHRwczovL3BvZG1lLmNvbSIsInN1YiI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwZmZmZiIsInVzZXJfaWQiOiIxMjM0NTYiLCJjbGFzcyI6InRva2VuLk9BdXRoVXNlckFjY2Vzc1Rva2VuIiwianRpIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMGZmIiwic2NvcGUiOiJvcGVuaWQgZW1haWwiLCJhenAiOiI2NmZkMjZjZGFlNmJkZTU3ZWYyMDZiMzUiLCJjbGllbnRfaWQiOiI2NmZkMjZjZGFlNmJkZTU3ZWYyMDZiMzUifQ.eXMqS6ymgIthKCDKgGK3ZzFZaY0P-B-2z5QjuZlsIzc","refresh_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3BheW1lbnQuc2NoaWJzdGVkLm5vLyIsImlhdCI6MTcyODUxODQwMCwiZXhwIjo0MTAyNDQ0ODAwLCJhdWQiOiJodHRwczovL3BvZG1lLmNvbSIsInN1YiI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwZmZmZiIsInVzZXJfaWQiOiIxMjM0NTYiLCJjbGFzcyI6InRva2VuLk9BdXRoVXNlclJlZnJlc2hUb2tlbiIsImp0aSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDBmZiIsInNjb3BlIjoib3BlbmlkIGVtYWlsIiwiYXpwIjoiNjZmZDI2Y2RhZTZiZGU1N2VmMjA2YjM1IiwiY2xpZW50X2lkIjoiNjZmZDI2Y2RhZTZiZGU1N2VmMjA2YjM1IiwiYWp0aSI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDBkZCJ9.M_oRHsskpt0ODJIZJ4x9VlMWIFpTsXkbLucyH1Oj3_Q","expires_in":600,"id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3BheW1lbnQuc2NoaWJzdGVkLm5vLyIsImlhdCI6MTcyODUxODQwMCwiZXhwIjo0MTAyNDQ0ODAwLCJhdWQiOlsiNjZmZDI2Y2RhZTZiZGU1N2VmMjA2YjM1IiwiaHR0cHM6Ly9wb2RtZS5jb20iXSwic3ViIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDBmZmZmIiwibGVnYWN5X3VzZXJfaWQiOiIxMjM0NTYiLCJjbGFzcyI6InRva2VuLklEVG9rZW4iLCJhenAiOiI2NmZkMjZjZGFlNmJkZTU3ZWYyMDZiMzUiLCJlbWFpbCI6InRlc3R1c2VyQGV4YW1wbGUuY29tIn0.N-7DexoBVhvLdPLP75cxZrXm0ToiFVCmouV2Ixynp6k","server_time":1704067200,"expiration_time":1704067800,"account_created":null,"email":null}

tests/test_auth.py

@@ -101,7 +101,6 @@ async def test_get_set_credentials(podme_default_auth_client, default_credential
 
         # Set credentials using a dictionary
         new_creds_dict = default_credentials.to_dict()
-        new_creds_dict["user_id"] = "123456"
         auth_client.set_credentials(new_creds_dict)
         retrieved_new_credentials = auth_client.get_credentials()
         assert retrieved_new_credentials == new_creds_dict