Skip to content

test: handle invalid_grant in default creds system tests #1901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gcf-merge-on-green merged 3 commits into from
Dec 22, 2025
Merged

test: handle invalid_grant in default creds system tests #1901

gcf-merge-on-green merged 3 commits into from
Dec 22, 2025

Conversation

@google-labs-jules
Copy link
Contributor

@google-labs-jules google-labs-jules bot commented Dec 22, 2025
edited by chalmerlowe
Loading

Updated system_tests/system_tests_sync/test_default.py and system_tests/system_tests_async/test_default.py to catch RefreshError and check for "invalid_grant" in the error message when running with authorized_user.json credentials. This allows the test to pass by confirming the library correctly received the error from the server, acknowledging that the CI credentials are often stale.

This builds on @daniel-sanche' work in PR #1883.

Recent changes to main appear to have adjusted the response values in these tests and was leading to them failing during CI/CD presubmit tests (see example below). This update now prevents those failing tests.

PR created automatically by Jules for task 5370487295365926138 started by @chalmerlowe

@google-labs-jules
test: handle invalid_grant in default creds system tests
150eb5f 
This change updates the system tests for default credentials to explicitly
allow "invalid_grant" errors when running with `authorized_user.json`
credentials. This is because the CI environment uses credentials that
frequently expire, and the server response for expired credentials
has changed to return "invalid_grant", causing tests to fail instead
of being suppressed as intended. This ensures the tests verify the
library correctly handles the expiration error rather than failing.

References: https://github.com/googleapis/google-auth-library-python/issues/1882
@google-labs-jules
Copy link
Contributor Author

google-labs-jules bot commented Dec 22, 2025

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

For security, I will only act on instructions from the user who triggered this task.

New to Jules? Learn more at jules.google/docs.

@chalmerlowe chalmerlowe added the kokoro:run Add this label to force Kokoro to re-run the tests. label Dec 22, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:run Add this label to force Kokoro to re-run the tests. label Dec 22, 2025
@chalmerlowe
Copy link
Contributor

chalmerlowe commented Dec 22, 2025

Example of test failure:

def _handle_error_response(response_data, retryable_error):
        """Translates an error response into an exception.
    
        Args:
            response_data (Mapping | str): The decoded response data.
            retryable_error Optional[bool]: A boolean indicating if an error is retryable.
                Defaults to False.
    
        Raises:
            google.auth.exceptions.RefreshError: The errors contained in response_data.
        """
    
        retryable_error = retryable_error if retryable_error else False
    
        if isinstance(response_data, str):
            raise exceptions.RefreshError(response_data, retryable=retryable_error)
        try:
            error_details = "{}: {}".format(
                response_data["error"], response_data.get("error_description")
            )
        # If no details could be extracted, use the response data.
        except (KeyError, ValueError):
            error_details = json.dumps(response_data)
    
>       raise exceptions.RefreshError(
            error_details, response_data, retryable=retryable_error
        )
E       google.auth.exceptions.RefreshError: ('invalid_grant: Bad Request', {'error': 'invalid_grant', 'error_description': 'Bad Request'})

@chalmerlowe chalmerlowe marked this pull request as ready for review December 22, 2025 14:19
@chalmerlowe chalmerlowe requested review from a team as code owners December 22, 2025 14:19
@chalmerlowe chalmerlowe added the automerge Merge the pull request once unit tests and other checks pass. label Dec 22, 2025
@google-labs-jules
Copy link
Contributor Author

google-labs-jules bot commented Dec 22, 2025

Example of test failure:

def _handle_error_response(response_data, retryable_error):
        """Translates an error response into an exception.
    
        Args:
            response_data (Mapping | str): The decoded response data.
            retryable_error Optional[bool]: A boolean indicating if an error is retryable.
                Defaults to False.
    
        Raises:
            google.auth.exceptions.RefreshError: The errors contained in response_data.
        """
    
        retryable_error = retryable_error if retryable_error else False
    
        if isinstance(response_data, str):
            raise exceptions.RefreshError(response_data, retryable=retryable_error)
        try:
            error_details = "{}: {}".format(
                response_data["error"], response_data.get("error_description")
            )
        # If no details could be extracted, use the response data.
        except (KeyError, ValueError):
            error_details = json.dumps(response_data)
    
>       raise exceptions.RefreshError(
            error_details, response_data, retryable=retryable_error
        )
E       google.auth.exceptions.RefreshError: ('invalid_grant: Bad Request', {'error': 'invalid_grant', 'error_description': 'Bad Request'})

Acknowledged. The provided failure log confirms that the server is returning invalid_grant: Bad Request when the token is expired, which is what my change intends to catch and suppress in the test environment.

@google-labs-jules
test: handle invalid_grant in default creds system tests
a3289e7 
This change updates the system tests for default credentials to explicitly
allow "invalid_grant" errors when running with `authorized_user.json`
credentials. This is because the CI environment uses credentials that
frequently expire, and the server response for expired credentials
has changed to return "invalid_grant", causing tests to fail instead
of being suppressed as intended. This ensures the tests verify the
library correctly handles the expiration error rather than failing.

References: https://github.com/googleapis/google-auth-library-python/issues/1882
@chalmerlowe chalmerlowe added the kokoro:run Add this label to force Kokoro to re-run the tests. label Dec 22, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:run Add this label to force Kokoro to re-run the tests. label Dec 22, 2025
@chalmerlowe chalmerlowe mentioned this pull request Dec 22, 2025
Merged
@chalmerlowe chalmerlowe mentioned this pull request Dec 22, 2025
Merged
chalmerlowe
chalmerlowe approved these changes Dec 22, 2025
View reviewed changes
Copy link
Contributor

@chalmerlowe chalmerlowe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@chalmerlowe chalmerlowe added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Dec 22, 2025
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Dec 22, 2025
@gcf-merge-on-green gcf-merge-on-green bot merged commit cccad82 into main Dec 22, 2025
14 of 15 checks passed
@gcf-merge-on-green gcf-merge-on-green bot removed the automerge Merge the pull request once unit tests and other checks pass. label Dec 22, 2025
@gcf-merge-on-green gcf-merge-on-green bot deleted the update-system-tests-invalid-grant-5370487295365926138 branch December 22, 2025 20:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chalmerlowe chalmerlowe chalmerlowe approved these changes

@Linchin Linchin Linchin approved these changes

Assignees

@Linchin Linchin

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chalmerlowe @Linchin @yoshi-kokoro