[Findit] Use gerric scope instead of email scope to authorize findit to internal buildspec/

appengine/findit/common/http_client_appengine.py

Index: appengine/findit/common/http_client_appengine.py
diff --git a/appengine/findit/common/http_client_appengine.py b/appengine/findit/common/http_client_appengine.py
index d1edbcc0faa848c9dcc0ab45b36c9fc6415dac41..ed8b5fc538b80ae1260aa563b0c2f913ee6e72af 100644
--- a/appengine/findit/common/http_client_appengine.py
+++ b/appengine/findit/common/http_client_appengine.py
@@ -12,14 +12,17 @@ from common.retry_http_client import RetryHttpClient
 
 
 #TODO(katesonia): Move this to config.
-_INTERNAL_HOSTS = ['https://chrome-internal.googlesource.com/']
+_INTERNAL_HOSTS_TO_SCOPES = {
+    'https://chrome-internal.googlesource.com/': (
+        'https://www.googleapis.com/auth/gerritcodereview')
+}
 
 
 class HttpClientAppengine(RetryHttpClient):  # pragma: no cover
   """A http client for running on appengine."""
 
-  def _ExpandAuthorizationHeaders(self, headers):
-    headers['Authorization'] = 'Bearer ' + auth_util.GetAuthToken()
+  def _ExpandAuthorizationHeaders(self, headers, scope):
+    headers['Authorization'] = 'Bearer ' + auth_util.GetAuthToken(scope)
 
   def _ShouldLogError(self, status_code):
     if not self.no_error_logging_statuses:
@@ -33,9 +36,9 @@ class HttpClientAppengine(RetryHttpClient):  # pragma: no cover
 
     # For google internal hosts, expand Oauth2.0 token to headers to authorize
     # the requests.
-    for host in _INTERNAL_HOSTS:
+    for host, scope in _INTERNAL_HOSTS_TO_SCOPES.iteritems():
       if url.startswith(host):
-        self._ExpandAuthorizationHeaders(headers)
+        self._ExpandAuthorizationHeaders(headers, scope)
         break
 
     if method in (urlfetch.POST, urlfetch.PUT):