{ "module": "mail_intake.auth.google", "content": { "path": "mail_intake.auth.google", "docstring": "Google authentication provider implementation for Mail Intake.\n\nThis module provides a **Google OAuth–based authentication provider**\nused primarily for Gmail access.\n\nIt encapsulates all Google-specific authentication concerns, including:\n- Credential loading and persistence\n- Token refresh handling\n- Interactive OAuth flow initiation\n- Coordination with a credential persistence layer\n\nNo Google authentication details should leak outside this module.", "objects": { "os": { "name": "os", "kind": "alias", "path": "mail_intake.auth.google.os", "signature": "", "docstring": null }, "Sequence": { "name": "Sequence", "kind": "alias", "path": "mail_intake.auth.google.Sequence", "signature": "", "docstring": null }, "google": { "name": "google", "kind": "alias", "path": "mail_intake.auth.google.google", "signature": "", "docstring": null }, "Request": { "name": "Request", "kind": "alias", "path": "mail_intake.auth.google.Request", "signature": "", "docstring": null }, "InstalledAppFlow": { "name": "InstalledAppFlow", "kind": "alias", "path": "mail_intake.auth.google.InstalledAppFlow", "signature": "", "docstring": null }, "Credentials": { "name": "Credentials", "kind": "alias", "path": "mail_intake.auth.google.Credentials", "signature": "", "docstring": null }, "MailIntakeAuthProvider": { "name": "MailIntakeAuthProvider", "kind": "class", "path": "mail_intake.auth.google.MailIntakeAuthProvider", "signature": "", "docstring": "Abstract base class for authentication providers.\n\nThis interface enforces a strict contract between authentication\nproviders and mail adapters by requiring providers to explicitly\ndeclare the type of credentials they return.\n\nAuthentication providers encapsulate all logic required to:\n- Acquire credentials from an external provider\n- Refresh or revalidate credentials as needed\n- Handle authentication-specific failure modes\n- Coordinate with credential persistence layers where applicable\n\nMail adapters must treat returned credentials as opaque and\nprovider-specific, relying only on the declared credential type\nexpected by the adapter.", "members": { "get_credentials": { "name": "get_credentials", "kind": "function", "path": "mail_intake.auth.google.MailIntakeAuthProvider.get_credentials", "signature": "", "docstring": "Retrieve valid, provider-specific credentials.\n\nThis method is synchronous by design and represents the sole\nentry point through which adapters obtain authentication\nmaterial.\n\nImplementations must either return credentials of the declared\ntype ``T`` that are valid at the time of return or raise an\nauthentication-specific exception.\n\nReturns:\n Credentials of type ``T`` suitable for immediate use by the\n corresponding mail adapter.\n\nRaises:\n Exception:\n An authentication-specific exception indicating that\n credentials could not be obtained or validated." } } }, "CredentialStore": { "name": "CredentialStore", "kind": "class", "path": "mail_intake.auth.google.CredentialStore", "signature": "", "docstring": "Abstract base class defining a generic persistence interface for\nauthentication credentials.\n\nThis interface separates *credential lifecycle management* from\n*credential storage mechanics*. Implementations are responsible\nonly for persistence concerns, while authentication providers\nretain full control over credential creation, validation, refresh,\nand revocation logic.\n\nThe store is intentionally agnostic to:\n- The concrete credential type being stored\n- The serialization format used to persist credentials\n- The underlying storage backend or durability guarantees", "members": { "load": { "name": "load", "kind": "function", "path": "mail_intake.auth.google.CredentialStore.load", "signature": "", "docstring": "Load previously persisted credentials.\n\nImplementations should return ``None`` when no credentials are\npresent or when stored credentials cannot be successfully\ndecoded or deserialized.\n\nThe store must not attempt to validate, refresh, or otherwise\ninterpret the returned credentials.\n\nReturns:\n An instance of type ``T`` if credentials are available and\n loadable; otherwise ``None``." }, "save": { "name": "save", "kind": "function", "path": "mail_intake.auth.google.CredentialStore.save", "signature": "", "docstring": "Persist credentials to the underlying storage backend.\n\nThis method is invoked when credentials are newly obtained or\nhave been refreshed and are known to be valid at the time of\npersistence.\n\nImplementations are responsible for:\n- Ensuring durability appropriate to the deployment context\n- Applying encryption or access controls where required\n- Overwriting any previously stored credentials\n\nArgs:\n credentials:\n The credential object to persist." }, "clear": { "name": "clear", "kind": "function", "path": "mail_intake.auth.google.CredentialStore.clear", "signature": "", "docstring": "Remove any persisted credentials from the store.\n\nThis method is called when credentials are known to be invalid,\nrevoked, corrupted, or otherwise unusable, and must ensure that\nno stale authentication material remains accessible.\n\nImplementations should treat this operation as idempotent." } } }, "MailIntakeAuthError": { "name": "MailIntakeAuthError", "kind": "class", "path": "mail_intake.auth.google.MailIntakeAuthError", "signature": "", "docstring": "Authentication and credential-related failures.\n\nRaised when authentication providers are unable to acquire,\nrefresh, or persist valid credentials." }, "MailIntakeGoogleAuth": { "name": "MailIntakeGoogleAuth", "kind": "class", "path": "mail_intake.auth.google.MailIntakeGoogleAuth", "signature": "", "docstring": "Google OAuth provider for Gmail access.\n\nThis provider implements the `MailIntakeAuthProvider` interface using\nGoogle's OAuth 2.0 flow and credential management libraries.\n\nResponsibilities:\n- Load cached credentials from a credential store when available\n- Refresh expired credentials when possible\n- Initiate an interactive OAuth flow only when required\n- Persist refreshed or newly obtained credentials via the store\n\nThis class is synchronous by design and maintains a minimal internal state.", "members": { "credentials_path": { "name": "credentials_path", "kind": "attribute", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.credentials_path", "signature": null, "docstring": null }, "store": { "name": "store", "kind": "attribute", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.store", "signature": null, "docstring": null }, "scopes": { "name": "scopes", "kind": "attribute", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.scopes", "signature": null, "docstring": null }, "get_credentials": { "name": "get_credentials", "kind": "function", "path": "mail_intake.auth.google.MailIntakeGoogleAuth.get_credentials", "signature": "", "docstring": "Retrieve valid Google OAuth credentials.\n\nThis method attempts to:\n1. Load cached credentials from the configured credential store\n2. Refresh expired credentials when possible\n3. Perform an interactive OAuth login as a fallback\n4. Persist valid credentials for future use\n\nReturns:\n A ``google.oauth2.credentials.Credentials`` instance suitable\n for use with Google API clients.\n\nRaises:\n MailIntakeAuthError: If credentials cannot be loaded, refreshed,\n or obtained via interactive authentication." } } }, "Any": { "name": "Any", "kind": "alias", "path": "mail_intake.auth.google.Any", "signature": "", "docstring": null } } } }