{ "module": "mail_intake.auth.google", "content": { "path": "mail_intake.auth.google", "docstring": "# Summary\n\nGoogle authentication provider implementation for Mail Intake.\n\nThis module provides a **Google OAuth–based authentication provider**\nused primarily for Gmail access.\n\nIt encapsulates all Google-specific authentication concerns, including:\n\n- Credential loading and persistence.\n- Token refresh handling.\n- Interactive OAuth flow initiation.\n- Coordination with a credential persistence layer.\n\nNo Google authentication details should leak outside this module.", "objects": { "os": { "name": "os", "kind": "alias", "path": "mail_intake.auth.google.os", "signature": "", "docstring": null }, "Sequence": { "name": "Sequence", "kind": "alias", "path": "mail_intake.auth.google.Sequence", "signature": "", "docstring": null }, "google": { "name": "google", "kind": "alias", "path": "mail_intake.auth.google.google", "signature": "", "docstring": null }, "Request": { "name": "Request", "kind": "alias", "path": "mail_intake.auth.google.Request", "signature": "", "docstring": null }, "InstalledAppFlow": { "name": "InstalledAppFlow", "kind": "alias", "path": "mail_intake.auth.google.InstalledAppFlow", "signature": "", "docstring": null }, "Credentials": { "name": "Credentials", "kind": "alias", "path": "mail_intake.auth.google.Credentials", "signature": "", "docstring": null }, "MailIntakeAuthProvider": { "name": "MailIntakeAuthProvider", "kind": "class", "path": "mail_intake.auth.google.MailIntakeAuthProvider", "signature": "", "docstring": "Abstract base class for authentication providers.\n\nThis interface enforces a strict contract between authentication\nproviders and mail adapters by requiring providers to explicitly\ndeclare the type of credentials they return.\n\nNotes:\n **Responsibilities:**\n\n - Acquire credentials from an external provider.\n - Refresh or revalidate credentials as needed.\n - Handle authentication-specific failure modes.\n - Coordinate with credential persistence layers where applicable.\n\n **Constraints:**\n\n - Mail adapters must treat returned credentials as opaque and\n provider-specific.\n - Mail adapters rely only on the declared credential type expected\n by the adapter.", "members": { "get_credentials": { "name": "get_credentials", "kind": "function", "path": "mail_intake.auth.google.MailIntakeAuthProvider.get_credentials", "signature": "", "docstring": "Retrieve valid, provider-specific credentials.\n\nReturns:\n T:\n Credentials of type `T` suitable for immediate use by the\n corresponding mail adapter.\n\nRaises:\n Exception:\n An authentication-specific exception indicating that\n credentials could not be obtained or validated.\n\nNotes:\n **Guarantees:**\n\n - This method is synchronous by design.\n - Represents the sole entry point through which adapters obtain\n authentication material.\n - Implementations must either return credentials of the declared\n type `T` that are valid at the time of return or raise an exception." } } }, "CredentialStore": { "name": "CredentialStore", "kind": "class", "path": "mail_intake.auth.google.CredentialStore", "signature": "", "docstring": "Abstract base class defining a generic persistence interface.\n\nUsed for authentication credentials across different backends.\n\nNotes:\n **Responsibilities:**\n\n - Provide persistent storage separating life-cycle management from\n storage mechanics.\n - Keep implementation focused only on persistence.\n\n **Constraints:**\n\n - The store is intentionally agnostic to:\n - The concrete credential type being stored.\n - The serialization format used to persist credentials.\n - The underlying storage backend or durability guarantees.", "members": { "load": { "name": "load", "kind": "function", "path": "mail_intake.auth.google.CredentialStore.load", "signature": "", "docstring": "Load previously persisted credentials.\n\nReturns:\n Optional[T]:\n An instance of type `T` if credentials are available and\n loadable; otherwise `None`.\n\nNotes:\n **Guarantees:**\n\n - Implementations should return `None` when no credentials are\n present or when stored credentials cannot be successfully\n decoded or deserialized.\n - The store must not attempt to validate, refresh, or otherwise\n interpret the returned credentials." }, "save": { "name": "save", "kind": "function", "path": "mail_intake.auth.google.CredentialStore.save", "signature": "", "docstring": "Persist credentials to the underlying storage backend.\n\nArgs:\n credentials (T):\n The credential object to persist.\n\nNotes:\n **Lifecycle:**\n\n - This method is invoked when credentials are newly obtained or have been refreshed and are known to be valid at the time of persistence\n\n **Responsibilities:**\n\n - Ensuring durability appropriate to the deployment context\n - Applying encryption or access controls where required\n - Overwriting any previously stored credentials" }, "clear": { "name": "clear", "kind": "function", "path": "mail_intake.auth.google.CredentialStore.clear", "signature": "", "docstring": "Remove any persisted credentials from the store.\n\nNotes:\n **Lifecycle:**\n\n - This method is called when credentials are known to be invalid, revoked, corrupted, or otherwise unusable\n - Must ensure that no stale authentication material remains accessible\n\n **Guarantees:**\n\n - Implementations should treat this operation as idempotent" } } }, "MailIntakeAuthError": { "name": "MailIntakeAuthError", "kind": "class", "path": "mail_intake.auth.google.MailIntakeAuthError", "signature": "", "docstring": "Authentication and credential-related failures.\n\nNotes:\n **Lifecycle:**\n\n - Raised when authentication providers are unable to acquire,\n refresh, or persist valid credentials." }, "MailIntakeGoogleAuth": { "name": "MailIntakeGoogleAuth", "kind": "class", "path": "mail_intake.auth.google.MailIntakeGoogleAuth", "signature": "", "docstring": "Google OAuth provider for Gmail access.\n\nThis provider implements the `MailIntakeAuthProvider` interface using\nGoogle's OAuth 2.0 flow and credential management libraries.\n\nNotes:\n **Responsibilities:**\n\n - Load cached credentials from a credential store when available.\n - Refresh expired credentials when possible.\n - Initiate an interactive OAuth flow only when required.\n - Persist refreshed or newly obtained credentials via the store.\n\n **Guarantees:**\n\n - This class is synchronous by design and maintains a minimal\n internal state.", "members": { "credentials_path": { "name": "credentials_path", "kind": "attribute", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.credentials_path", "signature": null, "docstring": null }, "store": { "name": "store", "kind": "attribute", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.store", "signature": null, "docstring": null }, "scopes": { "name": "scopes", "kind": "attribute", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.scopes", "signature": null, "docstring": null }, "get_credentials": { "name": "get_credentials", "kind": "function", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.get_credentials", "signature": "", "docstring": "Retrieve valid Google OAuth credentials.\n\nReturns:\n Credentials:\n A `google.oauth2.credentials.Credentials` instance suitable\n for use with Google API clients.\n\nRaises:\n MailIntakeAuthError:\n If credentials cannot be loaded, refreshed,\n or obtained via interactive authentication.\n\nNotes:\n **Lifecycle:**\n\n - Load cached credentials from the configured credential store.\n - Refresh expired credentials when possible.\n - Perform an interactive OAuth login as a fallback.\n - Persist valid credentials for future use." } } }, "Any": { "name": "Any", "kind": "alias", "path": "mail_intake.auth.google.Any", "signature": "", "docstring": null } } } }