fix: load google credentials properly in GoogleDriveLoader (#12871)

- **Description:** - Fix #12870: set scope in `default` func (ref: https://google-auth.readthedocs.io/en/master/reference/google.auth.html) - Moved the code to load default credentials to the bottom for clarity of the logic - Add docstring and comment for each credential loading logic - **Issue:** https://github.com/langchain-ai/langchain/issues/12870 - **Dependencies:** no dependencies change - **Tag maintainer:** for a quicker response, tag the relevant maintainer (see below), - **Twitter handle:** @gymnstcs  --------- Co-authored-by: Chester Curme <chester.curme@gmail.com>
2024-11-10 01:10:59 +00:00 · 2024-07-23 02:43:33 +09:00 · 2024-07-23 02:43:33 +09:00 · 884f76e05a
commit 884f76e05a
parent a45337ea07
1 changed files with 17 additions and 11 deletions
--- a/libs/community/langchain_community/document_loaders/googledrive.py
+++ b/libs/community/langchain_community/document_loaders/googledrive.py
@ -7,7 +7,6 @@
 # 4. For service accounts visit
 #   https://cloud.google.com/iam/docs/service-accounts-create

-import os
 from pathlib import Path
 from typing import Any, Dict, List, Optional, Sequence, Union

@ -108,7 +107,13 @@ class GoogleDriveLoader(BaseLoader, BaseModel):
        return v

    def _load_credentials(self) -> Any:
-        """Load credentials."""
+        """Load credentials.
+        The order of loading credentials:
+        1. Service account key if file exists
+        2. Token path (for OAuth Client) if file exists
+        3. Credentials path (for OAuth Client) if file exists
+        4. Default credentials. if no credentials found, raise DefaultCredentialsError
+        """
        # Adapted from https://developers.google.com/drive/api/v3/quickstart/python
        try:
            from google.auth import default
@ -126,30 +131,31 @@ class GoogleDriveLoader(BaseLoader, BaseModel):
            )

        creds = None
+        # From service account
        if self.service_account_key.exists():
            return service_account.Credentials.from_service_account_file(
                str(self.service_account_key), scopes=SCOPES
            )

+        # From Oauth Client
        if self.token_path.exists():
            creds = Credentials.from_authorized_user_file(str(self.token_path), SCOPES)

        if not creds or not creds.valid:
            if creds and creds.expired and creds.refresh_token:
                creds.refresh(Request())
-            elif "GOOGLE_APPLICATION_CREDENTIALS" not in os.environ:
-                creds, project = default()
-                creds = creds.with_scopes(SCOPES)
-                # no need to write to file
-                if creds:
-                    return creds
-            else:
+            elif self.credentials_path.exists():
                flow = InstalledAppFlow.from_client_secrets_file(
                    str(self.credentials_path), SCOPES
                )
                creds = flow.run_local_server(port=0)
-            with open(self.token_path, "w") as token:
-                token.write(creds.to_json())
+            if creds:
+                with open(self.token_path, "w") as token:
+                    token.write(creds.to_json())
+
+        # From Application Default Credentials
+        if not creds:
+            creds, _ = default(scopes=SCOPES)

        return creds