I am making an Web App using python and langchain toolkit called GmailToolkit which accesses the gmail account of the user. It needs to get the permission of the user to access their information. For this purpose i have used the OAuth consent screen and created Credentials for desktop app.
my credentials.json file looks like this:
{
"installed": {
"client_id": "<>",
"project_id": "project",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_secret": "<>",
"redirect_uris": ["http://localhost"]
}
}
Now this works on my local machine but when i run it on my server, after the users allows the app to access his information, on the last step where the user needs to be redirected back to the App it fails because the redirect address is localhost:. I have tried changing the redirect_uris in credentials.json file but it does not work. I have also tried the to create web app credential and provide the redirect uri but the port changes everytime i run the app, so it does not work as well.
How can i change the redirect URI. I have a public IP where i need to redirect the user.
here is the address to get to the OAuth consent screen:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=385200199539-6e6a4u9dol56k9184m8pebtodop54sff.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A36947%2F&scope=https%3A%2F%2Fmail.google.com%2F&state=9wMvVVK7Fq0TELoR2Mpf3CMKnHkgS4&code_challenge=2XKzFVA8HqJ1D8y19Qm5I2eJG7cslZ6d3Z_aeFoAkf8&code_challenge_method=S256&access_type=offline
this is the code from which i get the above address:
credentials = get_gmail_credentials(
token_file='token.json',
scopes=["https://mail.google.com/"],
client_secrets_file="credentials.json",
)
api_resource = build_resource_service(credentials=credentials)
toolkit = GmailToolkit(api_resource=api_resource)
There are several types of google clients.
Each type is designed to run on a different platform as the underlying authorization method is different. The code used to authorize these is also different.
The main difference between installed app and web is the redirect uri. This is configured with in google developer console, changing the json file is not going to do anything. Installed apps will only return the redirect uri to localhost there for they can not be used when hosting on a web server. You need to create web app credentials and use the code designed for web app credentials.
Im not sure how you would do this with gmailtoolkit you may want to check if its supported. a quick scan of the repo leads me to bereave it only supports installed flow not web flow. #L66
Personally I use flask
def get_authorization_url():
flow = get_flow()
# Generate URL for request to Google's OAuth 2.0 server.
# Use kwargs to set optional request parameters.
authorization_url, state = flow.authorization_url(
# Enable offline access so that you can refresh an access token without
# re-prompting the user for permission. Recommended for web server apps.
access_type='offline',
# Enable incremental authorization. Recommended as a best practice.
include_granted_scopes='false')
return authorization_url