Some time ago I wrote an app in python that uses Google's python gdata api. I started following the gdata_api example, and it worked alright. At some point google turned off uid/pwd authentication, and enforced OAuth2. So i modified the app to run with OAuth2.
It has worked fine for a few years, until some day it stopped, and began to return error 400 (= bad request) when trying to request the access token (the one that comes from https://www.googleapis.com/oauth2/v3/token , to be clear). This doesn't happen the first time (meaning right after one requests a new authorization token, and uses it for the first time), but every time after that.
I have seen posts saying that they fixed the redirect uri, and then they got it working, but they didn't write what to use. I also don't know whether it would be the proper fix. The stripped down version of my OAuth2 implementation is the following (and, i repeat, it has worked alright for years):
import sys
import os
# WARNING!! you need also TLSLITE inside gdata/oauth subdir.
# This is how supported google shits are nowadays.
# See: https://github.com/google/gdata-python-client/issues/44
sys.path.append("~/gdatalib/gdata-python-client-master/src") #Quick and dirty way to get the latest version in. It doesnt make much of a difference anyway
import gdata
import gdata.contacts.data
import gdata.contacts.client
import urllib
import urllib2
import json
import subprocess
clientId = "" # your app's client ID , get one at https://console.developers.google.com/projectselector/apis/credentials?supportedpurview=project
clientSecret = "" # your app's client secret
oauthPath = ""
userAgent = "fuBar"
class OAuth2Auth(object):
def __init__(self, sUserName, sAccountPassword):
#gather all data
self.username = sUserName.split("@")[0] # remove @whatever, if any
self.password = sAccountPassword
self.clientid = clientId
self.clientsecret = clientSecret
self.rediruri = '''urn:ietf:wg:oauth:2.0:oob'''
self.authrequesturl = ("https://accounts.google.com/o/oauth2/auth?scope=https://www.google.com/m8/feeds/"
"&redirect_uri=%s"
"&response_type=code"
"&client_id=%s"
"&login_hint=%s") # % (redir_uri,client_id,sAccountName+"@gmail.com")
self.oauth2_endpoint = "https://www.googleapis.com/oauth2/v3/token"
self.tokensPath = os.path.join(oauthPath, self.username)
#print self.tokensPathata should be a b
self.accessToken = None
self.refreshToken = None
self._getTokens()
#create an OAuth2Token
print "Creating Oauth2Token...",
self.oauth2token = gdata.gauth.OAuth2Token(client_id = self.clientid,
client_secret = self.clientsecret,
scope = 'https://www.google.com/m8/feeds/',
user_agent = userAgent,
access_token = self.accessToken,
refresh_token = self.refreshToken)
print " done."
pass
def __del__(self):
#check that the access token in the OAuth2Token is the same as the read one.
if (self.accessToken != self.oauth2token.access_token):
#if not, update the file
print "Access token has been updated by gdata_api. Updating the storage."
self.accessToken = self.oauth2token.access_token
self._storeTokens()
pass
def _storeTokens(self):
if self.accessToken and self.refreshToken:
f= open(self.tokensPath,'w+');
f.seek(0);
f.truncate();
data = [ self.accessToken + '\n', self.refreshToken+'\n' ]
f.writelines(data)
f.close()
def _readTokens(self):
if not os.path.isfile(self.tokensPath):
raise Exception('Expecting to find token file, but the file is not present!')
f= open(self.tokensPath,'r')
tokenlist = [ l.rstrip('\n') for l in f.readlines() ]
f.close()
if ( len(tokenlist) < 2 ):
raise Exception('Not enough data in token file!')
self.accessToken = tokenlist[0]
self.refreshToken = tokenlist[1]
def _getTokens(self):
if not os.path.isfile(self.tokensPath):
print "TokenPath doesn't exist. requesting new tokens"
self._requestNewTokens()
self._storeTokens()
else:
print "TokenPath exists"
self._readTokens()
def _requestNewTokens(self):
#print '\nSTEP 1: Create OAuth2 request token URL.'
request_url = self.authrequesturl % (self.rediruri,self.clientid,self.username+"@gmail.com")
#print '\nSTEP 2: Spawn grob with adequate URL.'
CHROME = os.path.join('C:\\', 'Program Files (x86)', 'Google', 'Chrome', 'Application', 'chrome.exe')
CHROME = "/usr/bin/google-chrome" # for linux
#CHROME = "" # or use whatever browser
#subprocess.call([CHROME, '--incognito', request_url]) #use this the first time, after, you can also hardcode the token below
request_token = """<your request token here to avoid storing and retrieving it>""" # You can hardcode the token here, if you got, and comment the line above spawning a chrome
#print 'Request Token fetched: %s' % request_token
#print '\nSTEP 3: Exchange auth token for access and refresh OAuth2 tokens.'
request_args = { 'code':request_token,
'client_id': self.clientid ,
'client_secret': self.clientsecret,
'redirect_uri':self.rediruri,
'grant_type':'authorization_code' }
data = urllib.urlencode(request_args)
fullUrl = self.oauth2_endpoint + "/" + data
request = urllib2.Request(self.oauth2_endpoint, data)
try:
response = urllib2.urlopen(request) # ===== FAILS HERE =====
json_data = response.read()
parsed_json = json.loads(json_data)
self.accessToken = parsed_json['access_token']
self.refreshToken =parsed_json['refresh_token']
print parsed_json
except Exception, e:
print fullUrl
print request.get_full_url()
print request.get_selector()
print e
def main():
testuser="[email protected]"
testpass="somepass"
manager = OAuth2Auth(testuser,testpass)
if __name__ == '__main__':
main()
According to https://developers.google.com/identity/protocols/OAuth2WebServer#offline, one should add access_type = "offline" in requesting the access token, to also get a refresh token. However, i tried this and it doesn't work.
Turns out that both adding access_type=offline and include_granted_scopes=true to requesting the authorization code AND creating a new clientId/secret (but then also switching back was OK) helped fixing the problem.
I suppose that this parameter wasn't there back in 2012/2013..