googleauth 0.17.0 → 0.17.1

data/spec/googleauth/signet_spec.rb

@@ -1,142 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "apply_auth_examples"
-require "googleauth/signet"
-require "jwt"
-require "openssl"
-require "spec_helper"
-
-describe Signet::OAuth2::Client do
-  before :example do
-    @key = OpenSSL::PKey::RSA.new 2048
-    @client = Signet::OAuth2::Client.new(
-      token_credential_uri: "https://oauth2.googleapis.com/token",
-      scope:                "https://www.googleapis.com/auth/userinfo.profile",
-      issuer:               "app@example.com",
-      audience:             "https://oauth2.googleapis.com/token",
-      signing_key:          @key
-    )
-    @id_client = Signet::OAuth2::Client.new(
-      token_credential_uri: "https://oauth2.googleapis.com/token",
-      target_audience:      "https://pubsub.googleapis.com/",
-      issuer:               "app@example.com",
-      audience:             "https://oauth2.googleapis.com/token",
-      signing_key:          @key
-    )
-  end
-
-  def make_auth_stubs opts
-    body_fields = { "token_type" => "Bearer", "expires_in" => 3600 }
-    body_fields["access_token"] = opts[:access_token] if opts[:access_token]
-    body_fields["id_token"] = opts[:id_token] if opts[:id_token]
-    body = MultiJson.dump body_fields
-    blk = proc do |request|
-      params = Addressable::URI.form_unencode request.body
-      claim, _header = JWT.decode(params.assoc("assertion").last,
-                                  @key.public_key, true,
-                                  algorithm: "RS256")
-      !opts[:id_token] || claim["target_audience"] == "https://pubsub.googleapis.com/"
-    end
-    with_params = { body: hash_including(
-      "grant_type" => "urn:ietf:params:oauth:grant-type:jwt-bearer"
-    ) }
-    with_params[:headers] = { "User-Agent" => opts[:user_agent] } if opts[:user_agent]
-    stub_request(:post, "https://oauth2.googleapis.com/token")
-      .with(with_params, &blk)
-      .to_return(body:    body,
-                 status:  200,
-                 headers: { "Content-Type" => "application/json" })
-  end
-
-  it_behaves_like "apply/apply! are OK"
-
-  describe "#configure_connection" do
-    it "honors default_connection" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token, user_agent: "RubyRocks/1.0"
-      conn = Faraday.new headers: { "User-Agent" => "RubyRocks/1.0" }
-      @client.configure_connection default_connection: conn
-      md = { foo: "bar" }
-      @client.apply! md
-      want = { foo: "bar", authorization: "Bearer #{token}" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-
-    it "honors connection_builder" do
-      token = "1/abcdef1234567890"
-      stub = make_auth_stubs access_token: token, user_agent: "RubyRocks/2.0"
-      connection_builder = proc do
-        Faraday.new headers: { "User-Agent" => "RubyRocks/2.0" }
-      end
-      @client.configure_connection connection_builder: connection_builder
-      md = { foo: "bar" }
-      @client.apply! md
-      want = { foo: "bar", authorization: "Bearer #{token}" }
-      expect(md).to eq(want)
-      expect(stub).to have_been_requested
-    end
-  end
-
-  describe "#fetch_access_token!" do
-    it "retries when orig_fetch_access_token! raises Signet::RemoteServerError" do
-      mocked_responses = [:raise, :raise, "success"]
-      allow(@client).to receive(:orig_fetch_access_token!).exactly(3).times do
-        response = mocked_responses.shift
-        response == :raise ? raise(Signet::RemoteServerError) : response
-      end
-      expect(@client.fetch_access_token!).to eq("success")
-    end
-
-    it "raises when the max retry count is exceeded" do
-      mocked_responses = [:raise, :raise, :raise, :raise, :raise, :raise, "success"]
-      allow(@client).to receive(:orig_fetch_access_token!).exactly(6).times do
-        response = mocked_responses.shift
-        response == :raise ? raise(Signet::RemoteServerError) : response
-      end
-      expect { @client.fetch_access_token! }.to raise_error Signet::AuthorizationError
-    end
-
-    it "does not retry and raises right away if it encounters a Signet::AuthorizationError" do
-      allow(@client).to receive(:orig_fetch_access_token!).at_most(:once)
-        .and_raise(Signet::AuthorizationError.new("Some Message"))
-      expect { @client.fetch_access_token! }.to raise_error Signet::AuthorizationError
-    end
-
-    it "does not retry and raises right away if it encounters a Signet::ParseError" do
-      allow(@client).to receive(:orig_fetch_access_token!).at_most(:once).and_raise(Signet::ParseError)
-      expect { @client.fetch_access_token! }.to raise_error Signet::ParseError
-    end
-  end
-end

data/spec/googleauth/stores/file_token_store_spec.rb

@@ -1,57 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "googleauth"
-require "googleauth/stores/file_token_store"
-require "spec_helper"
-require "fakefs/safe"
-require "fakefs/spec_helpers"
-require "googleauth/stores/store_examples"
-
-module FakeFS
-  class File
-    # FakeFS doesn't implement. And since we don't need to actually lock,
-    # just stub out...
-    def flock *; end
-  end
-end
-
-describe Google::Auth::Stores::FileTokenStore do
-  include FakeFS::SpecHelpers
-
-  let :store do
-    Google::Auth::Stores::FileTokenStore.new file: "/tokens.yaml"
-  end
-
-  it_behaves_like "token store"
-end

data/spec/googleauth/stores/redis_token_store_spec.rb

@@ -1,50 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "googleauth"
-require "googleauth/stores/redis_token_store"
-require "spec_helper"
-require "fakeredis/rspec"
-require "googleauth/stores/store_examples"
-
-describe Google::Auth::Stores::RedisTokenStore do
-  let :redis do
-    Redis.new
-  end
-
-  let :store do
-    Google::Auth::Stores::RedisTokenStore.new redis: redis
-  end
-
-  it_behaves_like "token store"
-end

data/spec/googleauth/stores/store_examples.rb

@@ -1,58 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "spec_helper"
-
-shared_examples "token store" do
-  before :each do
-    store.store "default", "test"
-  end
-
-  it "should return a stored value" do
-    expect(store.load("default")).to eq "test"
-  end
-
-  it "should return nil for missing tokens" do
-    expect(store.load("notavalidkey")).to be_nil
-  end
-
-  it "should return nil for deleted tokens" do
-    store.delete "default"
-    expect(store.load("default")).to be_nil
-  end
-
-  it "should save overwrite values on store" do
-    store.store "default", "test2"
-    expect(store.load("default")).to eq "test2"
-  end
-end

data/spec/googleauth/user_authorizer_spec.rb

@@ -1,343 +0,0 @@
-# Copyright 2015, Google Inc.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-#     * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-# copyright notice, this list of conditions and the following disclaimer
-# in the documentation and/or other materials provided with the
-# distribution.
-#     * Neither the name of Google Inc. nor the names of its
-# contributors may be used to endorse or promote products derived from
-# this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-spec_dir = File.expand_path File.join(File.dirname(__FILE__))
-$LOAD_PATH.unshift spec_dir
-$LOAD_PATH.uniq!
-
-require "googleauth"
-require "googleauth/user_authorizer"
-require "uri"
-require "multi_json"
-require "spec_helper"
-
-describe Google::Auth::UserAuthorizer do
-  include TestHelpers
-
-  let(:client_id) { Google::Auth::ClientId.new "testclient", "notasecret" }
-  let(:scope) { %w[email profile] }
-  let(:token_store) { DummyTokenStore.new }
-  let(:callback_uri) { "https://www.example.com/oauth/callback" }
-  let :authorizer do
-    Google::Auth::UserAuthorizer.new(client_id,
-                                     scope,
-                                     token_store,
-                                     callback_uri)
-  end
-
-  shared_examples "valid authorization url" do
-    it "should have a valid base URI" do
-      expect(uri).to match %r{https://accounts.google.com/o/oauth2/auth}
-    end
-
-    it "should request offline access" do
-      expect(URI(uri).query).to match(/access_type=offline/)
-    end
-
-    it "should request response type code" do
-      expect(URI(uri).query).to match(/response_type=code/)
-    end
-
-    it "should force approval" do
-      expect(URI(uri).query).to match(/approval_prompt=force/)
-    end
-
-    it "should include granted scopes" do
-      expect(URI(uri).query).to match(/include_granted_scopes=true/)
-    end
-
-    it "should include the correct client id" do
-      expect(URI(uri).query).to match(/client_id=testclient/)
-    end
-
-    it "should not include a client secret" do
-      expect(URI(uri).query).to_not match(/client_secret/)
-    end
-
-    it "should include the redirect_uri" do
-      expect(URI(uri).query).to match(
-        %r{redirect_uri=https://www.example.com/oauth/callback}
-      )
-    end
-
-    it "should include the scope" do
-      expect(URI(uri).query).to match(/scope=email%20profile/)
-    end
-  end
-
-  context "when generating authorization URLs and callback_uri is 'postmessage'" do
-    let(:callback_uri) { "postmessage" }
-    let :authorizer do
-      Google::Auth::UserAuthorizer.new(client_id,
-                                       scope,
-                                       token_store,
-                                       callback_uri)
-    end
-    let :uri do
-      authorizer.get_authorization_url login_hint: "user1", state: "mystate"
-    end
-
-    it "should include the redirect_uri 'postmessage'" do
-      expect(URI(uri).query).to match(
-        %r{redirect_uri=postmessage}
-      )
-    end
-  end
-
-  context "when generating authorization URLs with user ID & state" do
-    let :uri do
-      authorizer.get_authorization_url login_hint: "user1", state: "mystate"
-    end
-
-    it_behaves_like "valid authorization url"
-
-    it "includes a login hint" do
-      expect(URI(uri).query).to match(/login_hint=user1/)
-    end
-
-    it "includes the app state" do
-      expect(URI(uri).query).to match(/state=mystate/)
-    end
-  end
-
-  context "when generating authorization URLs with user ID and no state" do
-    let(:uri) { authorizer.get_authorization_url login_hint: "user1" }
-
-    it_behaves_like "valid authorization url"
-
-    it "includes a login hint" do
-      expect(URI(uri).query).to match(/login_hint=user1/)
-    end
-
-    it "does not include the state parameter" do
-      expect(URI(uri).query).to_not match(/state/)
-    end
-  end
-
-  context "when generating authorization URLs with no user ID and no state" do
-    let(:uri) { authorizer.get_authorization_url }
-
-    it_behaves_like "valid authorization url"
-
-    it "does not include the login hint parameter" do
-      expect(URI(uri).query).to_not match(/login_hint/)
-    end
-
-    it "does not include the state parameter" do
-      expect(URI(uri).query).to_not match(/state/)
-    end
-  end
-
-  context "when retrieving tokens" do
-    let :token_json do
-      MultiJson.dump(
-        access_token:           "accesstoken",
-        refresh_token:          "refreshtoken",
-        expiration_time_millis: 1_441_234_742_000
-      )
-    end
-
-    context "with a valid user id" do
-      let :credentials do
-        token_store.store "user1", token_json
-        authorizer.get_credentials "user1"
-      end
-
-      it "should return an instance of UserRefreshCredentials" do
-        expect(credentials).to be_instance_of(
-          Google::Auth::UserRefreshCredentials
-        )
-      end
-
-      it "should return credentials with a valid refresh token" do
-        expect(credentials.refresh_token).to eq "refreshtoken"
-      end
-
-      it "should return credentials with a valid access token" do
-        expect(credentials.access_token).to eq "accesstoken"
-      end
-
-      it "should return credentials with a valid client ID" do
-        expect(credentials.client_id).to eq "testclient"
-      end
-
-      it "should return credentials with a valid client secret" do
-        expect(credentials.client_secret).to eq "notasecret"
-      end
-
-      it "should return credentials with a valid scope" do
-        expect(credentials.scope).to eq %w[email profile]
-      end
-
-      it "should return credentials with a valid expiration time" do
-        expect(credentials.expires_at).to eq Time.at(1_441_234_742)
-      end
-    end
-
-    context "with an invalid user id" do
-      it "should return nil" do
-        expect(authorizer.get_credentials("notauser")).to be_nil
-      end
-    end
-  end
-
-  context "when saving tokens" do
-    let(:expiry) { Time.now.to_i }
-    let :credentials do
-      Google::Auth::UserRefreshCredentials.new(
-        client_id:     client_id.id,
-        client_secret: client_id.secret,
-        scope:         scope,
-        refresh_token: "refreshtoken",
-        access_token:  "accesstoken",
-        expires_at:    expiry
-      )
-    end
-
-    let :token_json do
-      authorizer.store_credentials "user1", credentials
-      token_store.load "user1"
-    end
-
-    it "should persist in the token store" do
-      expect(token_json).to_not be_nil
-    end
-
-    it "should persist the refresh token" do
-      expect(MultiJson.load(token_json)["refresh_token"]).to eq "refreshtoken"
-    end
-
-    it "should persist the access token" do
-      expect(MultiJson.load(token_json)["access_token"]).to eq "accesstoken"
-    end
-
-    it "should persist the client id" do
-      expect(MultiJson.load(token_json)["client_id"]).to eq "testclient"
-    end
-
-    it "should persist the scope" do
-      expect(MultiJson.load(token_json)["scope"]).to include("email", "profile")
-    end
-
-    it "should persist the expiry as milliseconds" do
-      expected_expiry = expiry * 1000
-      expect(MultiJson.load(token_json)["expiration_time_millis"]).to eql(
-        expected_expiry
-      )
-    end
-  end
-
-  context "with valid authorization code" do
-    let :token_json do
-      MultiJson.dump("access_token" => "1/abc123",
-                     "token_type"   => "Bearer",
-                     "expires_in"   => 3600)
-    end
-
-    before :example do
-      stub_request(:post, "https://oauth2.googleapis.com/token")
-        .to_return(body: token_json, status: 200, headers: {
-                     "Content-Type" => "application/json"
-                   })
-    end
-
-    it "should exchange a code for credentials" do
-      credentials = authorizer.get_credentials_from_code(
-        user_id: "user1", code: "code"
-      )
-      expect(credentials.access_token).to eq "1/abc123"
-      expect(credentials.redirect_uri.to_s).to eq "https://www.example.com/oauth/callback"
-    end
-
-    it "should not store credentials when get only requested" do
-      authorizer.get_credentials_from_code user_id: "user1", code: "code"
-      expect(token_store.load("user1")).to be_nil
-    end
-
-    it "should store credentials when requested" do
-      authorizer.get_and_store_credentials_from_code(
-        user_id: "user1", code: "code"
-      )
-      expect(token_store.load("user1")).to_not be_nil
-    end
-  end
-
-  context "with invalid authorization code" do
-    before :example do
-      stub_request(:post, "https://oauth2.googleapis.com/token")
-        .to_return(status: 400)
-    end
-
-    it "should raise an authorization error" do
-      expect do
-        authorizer.get_credentials_from_code user_id: "user1", code: "badcode"
-      end.to raise_error Signet::AuthorizationError
-    end
-
-    it "should not store credentials when exchange fails" do
-      expect do
-        authorizer.get_credentials_from_code user_id: "user1", code: "badcode"
-      end.to raise_error Signet::AuthorizationError
-      expect(token_store.load("user1")).to be_nil
-    end
-  end
-
-  context "when reovking authorization" do
-    let :token_json do
-      MultiJson.dump(
-        access_token:           "accesstoken",
-        refresh_token:          "refreshtoken",
-        expiration_time_millis: 1_441_234_742_000
-      )
-    end
-
-    before :example do
-      token_store.store "user1", token_json
-      stub_request(:post, "https://oauth2.googleapis.com/revoke")
-        .with(body: hash_including("token" => "refreshtoken"))
-        .to_return(status: 200)
-    end
-
-    it "should revoke the grant" do
-      authorizer.revoke_authorization "user1"
-      expect(a_request(
-        :post, "https://oauth2.googleapis.com/revoke"
-      ).with(body: hash_including("token" => "refreshtoken")))
-        .to have_been_made
-    end
-
-    it "should remove the token from storage" do
-      authorizer.revoke_authorization "user1"
-      expect(token_store.load("user1")).to be_nil
-    end
-  end
-
-  # TODO: - Test that tokens are monitored
-  # TODO - Test scope enforcement (auth if upgrade required)
-end