Im not sure why but when trying to use the following code I get ('Access blocked: This app’s request is invalid' and 'redirect_uri_mismatch') when the browser window opens:
gc = gspread.oauth(
credentials_filename='auth/oauth_creds.json'
)
I have already enabled the needed apis and download the creds for the OAuth client IDs, not sure why I am hitting this error, this is my first time using gspread, in the past I used the normal libs that gspread seems to wrap, but it has been a while.
Redirect uri miss match is one of the most common Oauth2 errors. The redirect uri you have entered in google cloud console for your app must exactly match the one that your application is sending from.
There should be an error details link you can click on it will tell you the exactly redirect uri you should enter into google developer console.
Google OAuth2: How the fix redirect_uri_mismatch error. Part 2 server sided web applications.
Related
I'm new to using Google APIs in general. Could anyone help me figure out how to set up this tasks API correctly for my python/flask/sqlalchemy application?
I got the API key, client ID (and downloaded as credentials.json), pip installed the Quickstart for python, created the quickstart.py and credentials.json with provided code but when I ran that quickstart.py file, it says
"Error 400: redirect_uri_mismatch.
The redirect URI in the request, http://localhost:51014/, does not match the ones authorized for the OAuth client. To update the authorized redirect URIs, visit: https://console.developers.google.com/apis/credentials/oauthclient/${your_client_id}?project=${your_project_number}"
When I tried each time, the port number kept changing.
On my terminal, it says
"lease visit this URL to authorize this application: https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=624465110094-oa56kshqc0vml0k2uju45ro7tjg0jo8j.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A51014%2F&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Ftasks.readonly&state=8MQQOCU8Do80dheS9iuRZJnG2E1gzx&access_type=offline"
I think I set up the wrong URI somehow. Could someone tell me the correct way of setting up the OAuth consent screen section? For my project, I ran my app on localhost:5000 then deployed it to Heroku (mysite.herokuapp.com). I'm not sure what I need to put on "Authorized domains" field and "Application homepage link". (I didn't add anything under " Add Scope".)
Also under "credentials" section, what URI I should put in the "Authorized JavaScript origins" and "Authorized redirect URIs" field? So far I put "http://localhost:5000" and it's not accepting this format. So left it blank but I got this error 400 at the end. For "type", I chose "web application". Should I choose web server instead?
Thanks!
I am trying to enable server side offline access to Google APIs where the user authenticates from an iOS app. This is to allow a server to have continual access to Google APIs outside of the iOS app.
Google documents the approach below:
https://developers.google.com/identity/sign-in/ios/offline-access
I've followed their documentation exactly with a barebones project. However, whenever I try to exchange the one-time authorization code for access and refresh tokens, I receive a 'redirect_uri_mismatch' error during the exchange.
I've searched forums and a number of folks recommended to configure the Google API project OAuth 2.0 client ID (from Google developer console) with no redirect URIs. However this causes the error 'Missing property "redirect_uris" in a client type of "web"'
I've also tried other OAuth 2.0 client ID types (e.g., Other) but with no luck.
Has anyone been able to get this flow to work? Any help would be greatly appreciated!
I've bumped into this also. Google's example is wrong or at least incomplete. You have to set a redirect uri on the developer console and pass it to the oauth client like so:
credentials = client.credentials_from_clientsecrets_and_code(
CLIENT_SECRET_FILE,
['https://www.googleapis.com/auth/drive.appdata', 'profile', 'email'],
auth_code, None, "your redirect uri")
Full documentation here http://oauth2client.readthedocs.io/en/latest/source/oauth2client.client.html
Set redirect_uri to urn:ietf:wg:oauth:2.0:oob in your code, it is used for installed app. As mentioned by #oravecz over here. This worked for me.
Working on a small app that takes a Spotify track URL submitted by a user in a messaging application and adds it to a public Spotify playlist. The app is running with the help of spotipy python on a Heroku site (so I have a valid /callback) and listens for the user posting a track URL.
When I run the app through command line, I use util.prompt_for_user_token. A browser opens, I move through the auth flow successfully, and I copy-paste the provided callback URL back into terminal.
When I run this app and attempt to add a track on the messaging application, it does not open a browser for the user to authenticate, so the auth flow never completes.
Any advice on how to handle this? Can I auth once via terminal, capture the code/token and then handle the refreshing process so that the end-user never has to authenticate?
P.S. can't add the tag "spotipy" yet but surprised it was not already available
Unfortunately, the spotipy util function only returns the access_token, not the all-important refresh_token. The access_token will expire after a limited amount of time. At that point, you'll need to create a new access_token using a refresh_token.
I did not see any public functions in spotipy that allow you to grab the refresh_token. However, you can always create a new access_token with the following components:
Your Spotify client id (found on your app page)
Your Spotify client secret (found on your app page)
Your Spotify refresh token - See here for a way to get that ONCE -
https://developer.spotify.com/web-api/tutorial/
Word to the wise, when debugging I requested a new access_token using POSTMAN to POST to https://accounts.spotify.com/api/token - it only worked after specifying in the headers
'Content-Type': 'application/x-www-form-urlencoded'
I once ran into a similar issue with Google's Calendar API. The app was pretty low-importance so I botched a solution together by running through the auth locally in my browser, finding the response token, and manually copying it over into an environment variable on Heroku. The downside of course was that tokens are set to auto-expire (I believe Google Calendar's was set to 30 days), so periodically the app stopped working and I had to run through the auth flow and copy the key over again. There might be a way to automate that.
Good luck!
I'm trying to setup Pythonic control of Google Compute Engine following this tutorial: https://developers.google.com/compute/docs/api/python-guide. When I run the script they give in that tutorial I get directed to a website where I auth my google account and then get a page that says:
That’s an error.
Error: redirect_uri_mismatch
The redirect URI in the request: urn:ietf:wg:oauth:2.0:oob did not match a registered redirect URI
I think the URI needs to be something that's specific to my app but I can't for the life of me figure out where to get that URI in the developer console. Does anyone know where I can find it?
I've created a project in Google Cloud Console, and I'm pretty sure my AppEngine project is associated with it (clicking on the AppEngine link in the project shows an overview of my AppEngine project).
I've uploaded my project to run on appspot.com.
I've properly copied and pasted the console project's OAuth2 client secret and id to be used by the Python library.
I've properly setup the consent screen.
I've added the callback urls.
I've made sure that the appropriate API's are turned "ON" and green (Google Drive).
But I'm still getting Error: invalid_client when trying to authenticate.
What did I miss?
EDIT: Here's the url where it goes wrong
https://accounts.google.com/o/oauth2/auth?state=https%3A%2F%2Fmy-app-id.appspot.com%2Fspreadsheet%2Fview%2F0Ao7HHtqOGzZ7dDNneTg0b1R0bnVJNzRvWk9DVVhIVXc%3A9wi8bS1R7fejjVuDd9IdPjoxMzg0NjgyNDU5&redirect_uri=https%3A%2F%2Fmy-app-id.appspot.com%2Foauth2callback&response_type=code&client_id=abcxyz123.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.readonly&access_type=offline
and the following text (with an image of a broken robot):
Request Details
cookie_policy_enforce=false
response_type=code
scope=https://www.googleapis.com/auth/drive.readonly
redirect_uri=https://my-app-id.appspot.com/oauth2callback
access_type=offline
state=https://my-app-id.appspot.com/spreadsheet/view/0Ao7HHtqOGzZ7dDNneTg0b1R0bnVJNzRvWk9DVVhIVXc:9wi8bS1R7fejjVuDd9IdPjoxMzg0NjgyNDU5
client_id=abcxyz123.apps.googleusercontent.com
Have you enabled the Drive API? The link to do this is more obvious if you use the old form of the API Console (see the faint grey link at the bottom of the new API Console page).
Otherwise, if you did what you said you did, you haven't missed anything.
For any Oauth problems such as this, it is immensely helpful to paste the http request and response into your question. This page tells you how to do that https://developers.google.com/api-client-library/python/guide/logging
A really good debugging technique is to put your code to one side and use the Oauth2 Playground (with your own application credentials configured). You can compare the http traffic from the Oauth playground with the traffic from your app, and play spot-the-difference.