my_activity.py: update to use oauth for projecthosting

auth.py

 # Copyright 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Google OAuth2 related functions."""
 
 import BaseHTTPServer
 import collections
 import datetime
 import functools
@@ skipping 30 matching lines @@
 # anyway.
 # This particular set is managed by API Console project "chrome-infra-auth".
 OAUTH_CLIENT_ID = (
     '446450136466-2hr92jrq8e6i4tnsa56b52vacp7t3936.apps.googleusercontent.com')
 OAUTH_CLIENT_SECRET = 'uBfbay2KCy9t4QveJ-dOqHtp'
 
 # List of space separated OAuth scopes for generated tokens. GAE apps usually
 # use userinfo.email scope for authentication.
 OAUTH_SCOPES = 'https://www.googleapis.com/auth/userinfo.email'
 
+# Additional OAuth scopes.
+ADDITIONAL_SCOPES = {
+  'code.google.com': 'https://www.googleapis.com/auth/projecthosting',
+}
+
 # Path to a file with cached OAuth2 credentials used by default relative to the
 # home dir (see _get_token_cache_path). It should be a safe location accessible
 # only to a current user: knowing content of this file is roughly equivalent to
 # knowing account password. Single file can hold multiple independent tokens
 # identified by token_cache_key (see Authenticator).
 OAUTH_TOKENS_CACHE = '.depot_tools_oauth2_tokens'
 
 
 # Authentication configuration extracted from command line options.
 # See doc string for 'make_auth_config' for meaning of fields.
@@ skipping 151 matching lines @@
         a cache key for token cache.
     config: AuthConfig instance.
 
   Returns:
     Authenticator object.
   """
   hostname = hostname.lower().rstrip('/')
   # Append some scheme, otherwise urlparse puts hostname into parsed.path.
   if '://' not in hostname:
     hostname = 'https://' + hostname
+  scopes = OAUTH_SCOPES
   parsed = urlparse.urlparse(hostname)
+  if parsed.netloc in ADDITIONAL_SCOPES:
+    scopes = "%s %s" % (scopes, ADDITIONAL_SCOPES[parsed.netloc])
+
   if parsed.path or parsed.params or parsed.query or parsed.fragment:
     raise AuthenticationError(
         'Expecting a hostname or root host URL, got %s instead' % hostname)
-  return Authenticator(parsed.netloc, config)
+  return Authenticator(parsed.netloc, config, scopes)
 
 
 class Authenticator(object):
   """Object that knows how to refresh access tokens when needed.
 
   Args:
     token_cache_key: string key of a section of the token cache file to use
         to keep the tokens. See hostname_to_token_cache_key.
     config: AuthConfig object that holds authentication configuration.
   """
 
-  def __init__(self, token_cache_key, config):
+  def __init__(self, token_cache_key, config, scopes):
     assert isinstance(config, AuthConfig)
     assert config.use_oauth2
     self._access_token = None
     self._config = config
     self._lock = threading.Lock()
     self._token_cache_key = token_cache_key
     self._external_token = None
+    self._scopes = scopes
     if config.refresh_token_json:
       self._external_token = _read_refresh_token_json(config.refresh_token_json)
     logging.debug('Using auth config %r', config)
 
   def login(self):
     """Performs interactive login flow if necessary.
 
     Raises:
       AuthenticationError on error or if interrupted.
     """
@@ skipping 224 matching lines @@
     # Refresh token is missing or invalid, go through the full flow.
     if not refreshed:
       # Can't refresh externally provided token.
       if self._external_token:
         raise AuthenticationError(
             'Token provided via --auth-refresh-token-json is no longer valid.')
       if not allow_user_interaction:
         logging.debug('Requesting user to login')
         raise LoginRequiredError(self._token_cache_key)
       logging.debug('Launching OAuth browser flow')
-      credentials = _run_oauth_dance(self._config)
+      credentials = _run_oauth_dance(self._config, self._scopes)
       _log_credentials_info('new token', credentials)
 
     logging.info(
         'OAuth access_token refreshed. Expires in %s.',
         credentials.token_expiry - datetime.datetime.utcnow())
     storage = self._get_storage()
     credentials.set_store(storage)
     storage.put(credentials)
     return AccessToken(str(credentials.access_token), credentials.token_expiry)
 
@@ skipping 52 matching lines @@
   if credentials:
     logging.debug('%s info: %r', title, {
         'access_token_expired': credentials.access_token_expired,
         'has_access_token': bool(credentials.access_token),
         'invalid': credentials.invalid,
         'utcnow': datetime.datetime.utcnow(),
         'token_expiry': credentials.token_expiry,
     })
 
 
-def _run_oauth_dance(config):
+def _run_oauth_dance(config, scopes):
   """Perform full 3-legged OAuth2 flow with the browser.
 
   Returns:
     oauth2client.Credentials.
 
   Raises:
     AuthenticationError on errors.
   """
   flow = client.OAuth2WebServerFlow(
       OAUTH_CLIENT_ID,
       OAUTH_CLIENT_SECRET,
-      OAUTH_SCOPES,
+      scopes,
       approval_prompt='force')
 
   use_local_webserver = config.use_local_webserver
   port = config.webserver_port
   if config.use_local_webserver:
     success = False
     try:
       httpd = _ClientRedirectServer(('localhost', port), _ClientRedirectHandler)
     except socket.error:
       pass
@@ skipping 80 matching lines @@
     self.end_headers()
     query = self.path.split('?', 1)[-1]
     query = dict(urlparse.parse_qsl(query))
     self.server.query_params = query
     self.wfile.write('<html><head><title>Authentication Status</title></head>')
     self.wfile.write('<body><p>The authentication flow has completed.</p>')
     self.wfile.write('</body></html>')
 
   def log_message(self, _format, *args):
     """Do not log messages to stdout while running as command line program."""