From 2cb6d2c482178bcd3e977dfc274a8431c38aa0e9 Mon Sep 17 00:00:00 2001
From: Pat Nadolny <patnadolny@gmail.com>
Date: Tue, 12 Mar 2024 11:21:49 -0500
Subject: [PATCH] chore: remove access token thats unnecessary (UA) (#160)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This makes the same changes as
https://github.com/MeltanoLabs/tap-google-analytics/pull/159 but on the
UA branch.

---------

Co-authored-by: Edgar Ramírez Mondragón <16805946+edgarrmondragon@users.noreply.github.com>
---
 README.md                   |  2 +-
 tap_google_analytics/tap.py | 25 +++++++------------------
 2 files changed, 8 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 3f34392..f777a11 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ pipx install tap-google-analytics
 
 If you're setting up `tap-google-analytics` for your own organization and only plan to extract from a handful of different views in the same limited set of properties, Service Account based authorization is the simplest. When you create a service account Google gives you a json file with that service account's credentials called the `client_secrets.json`, and that's all you need to pass to this tap, and you only have to do it once, so this is the recommended way of configuring `tap-google-analytics`.
 
-If you're building something where a wide variety of users need to be able to give access to their Google Analytics, `tap-google-analytics` can use an `access_token` granted by those users to authorize it's requests to Google. This `access_token` is produced by a normal Google OAuth flow, but this flow is outside the scope of `tap-google-analytics`. This is useful if you're integrating `tap-google-analytics` with another system, like Stitch Data might do to allow users to configure their extracts themselves without manual config setup. This tap expects an `access_token`, `refresh_token`, `client_id` and `client_secret` to be passed to it in order to authenticate as the user who granted the token and then access their data.
+If you're building something where a wide variety of users need to be able to give access to their Google Analytics, `tap-google-analytics` can use an `access_token` granted by those users to authorize it's requests to Google. This `access_token` is produced by a normal Google OAuth flow, but this flow is outside the scope of `tap-google-analytics`. This is useful if you're integrating `tap-google-analytics` with another system, like Arch does to allow users to configure their extracts themselves without manual config setup. This tap expects an `access_token`, `refresh_token`, `client_id` and `client_secret` to be passed to it in order to authenticate as the user who granted the token and then access their data.
 
 ## Required Analytics Reporting APIs & OAuth Scopes
 
diff --git a/tap_google_analytics/tap.py b/tap_google_analytics/tap.py
index 4b0c836..6b8ee26 100644
--- a/tap_google_analytics/tap.py
+++ b/tap_google_analytics/tap.py
@@ -5,8 +5,8 @@
 from pathlib import Path
 from typing import List, Tuple
 
+from google.oauth2.credentials import Credentials as OAuthCredentials
 from googleapiclient.discovery import build
-from oauth2client.client import GoogleCredentials
 from oauth2client.service_account import ServiceAccountCredentials
 from singer_sdk import Stream, Tap
 from singer_sdk import typing as th  # JSON schema typing helpers
@@ -53,15 +53,6 @@ class TapGoogleAnalytics(Tap):
         th.Property(
             "oauth_credentials",
             th.ObjectType(
-                th.Property(
-                    "access_token",
-                    th.StringType,
-                    description=(
-                        "Google Analytics Access Token. See "
-                        "https://developers.google.com/analytics/devguides/reporting/"
-                        "core/v4/authorization#OAuth2Authorizing."
-                    ),
-                ),
                 th.Property(
                     "refresh_token",
                     th.StringType,
@@ -107,14 +98,12 @@ class TapGoogleAnalytics(Tap):
 
     def _initialize_credentials(self):
         if self.config.get("oauth_credentials"):
-            return GoogleCredentials(
-                access_token=self.config["oauth_credentials"]["access_token"],
-                refresh_token=self.config["oauth_credentials"]["refresh_token"],
-                client_id=self.config["oauth_credentials"]["client_id"],
-                client_secret=self.config["oauth_credentials"]["client_secret"],
-                token_expiry=None,  # let the library refresh the token if it is expired
-                token_uri="https://accounts.google.com/o/oauth2/token",
-                user_agent="tap-google-analytics (via singer.io)",
+            return OAuthCredentials.from_authorized_user_info(
+                {
+                    "client_id": self.config["oauth_credentials"]["client_id"],
+                    "client_secret": self.config["oauth_credentials"]["client_secret"],
+                    "refresh_token": self.config["oauth_credentials"]["refresh_token"],
+                }
             )
         elif self.config.get("key_file_location"):
             return ServiceAccountCredentials.from_json_keyfile_name(