I'm currently facing an issue with OAuth2 access token. Currently, my app periodically uses the google OAuth2 Tokens to get events from my personal google calendar and is able to add new events to the google calendar. However, an exception occured saying that the token expired. After searching through google, I found out that you cannot set the access token to have no expiry date, and using API key wouldn't work as I cannot then add new events to the google calendar(Is this true ?)
I am using the Credentials.from_user_authorized_files and build from the credentials to access the API. It appears that even when I provide no value in the "access_token" field it still works, that must mean that my refresh token was the one needed and it expired. I read up online that for refresh tokens to be permanent, the app needed verification from google, otherwise it will expire in 7 days. I am unsure on how to solve the issue. I generated a new refresh token and it seemed to work. How do I prevent the refresh token from expiring ? Or is this not a problem with the refresh tokens ? Are there any other way I can make this work without having to manually change the refresh token every 7 days ? Thanks in advance !
Related
So I've been trying to make a program using Python that refreshes my Discord user token once every five minutes, but most of the tutorials online are about refreshing your Oauth2 access token, so I am currently very confused. Can anyone help me on the modules and functions to use, or are the Oauth2 access token and user token same things. Thanks!
Your Discord Token change when changing the password of your account so you will need to change your password every 5 minutes using some api calls and get the current token from another specific api call. you can find the api call urls and the data you need to post / get in the browser devconsole.
I am using django-allauth in my Django application, and my registration process is handled by Twitch, using allauth's Twitch provider. As of now, users can register on the website using Twitch, log out, and later log back in using Twitch with no problem. However, for making requests to some of Twitch API endpoints, I need the user's Twitch access token to be able to make requests on their behalf (such as following a channel, etc.).
On a very old github issues page I came upon a question regarding how to access the user's access token and the answer was to query the SocialToken model and find the logged-in user and the desired provider. But in my case my SocialToken model is empty and there are no tokens to be seen there, and I have no clue how to proceed to populate the model and add every new user's access token there, so that I can make requests on their behalf, given I have the correct scope.
Is there a way to add every new user's access token in SocialToken model? And is there a way to update the access token using the refresh token?
P.S. I'm thinking about having a celery task that makes a request to Twitch API every time a new user registers, and later refreshes the access token when it expires. But that seems like a hack, and not really a viable solution, plus, I need a user to be redirected to a certain callback URI as per Twitch API docs Maybe I'm just missing something.
I have an Google Analytics Account that I want to automate some custom reports from, but I have some problems understanding what kind of Credentials I need. Most of the tutorials I have seen says I need to use OAuth client ID but the google developers console site says I need a Servide Account key.
What is the difference between the two? Using another Analytics Account I tried to setup a OAuth connection, and it worked, but I now got unsure about what kind of key I should use.
What I want to do is to just have a Python script set up to run at some times, and then to get the data I want to query for. The data is just the same as the one I can get from logging into the Google Analytics UI, so there is no need for any users to consent to giving me access to any personal data or what ever else the Consent form should be used for.
Can someone explain what the difference is between the two Credentials and what one would be the correct one to use for my project?
Both Service accounts and OAuth2 are used to access private user data. Private data is data that is accessible only by logging in. My posts on Google+ are public anyone can see them. The information in my Google Analytics is private owned by me only I can see it and those I grant access to it.
With Oauth2 access is granted at run time. The first time an application is run the user will be asked if your application can access their data. If the user accepts and grants your application access you will be given a refresh token. This refresh token can be then used to get an access token which is used to access the private user data. Access tokens are only good for about an hour. After the hour is up you use the refresh token to get access again. That's why I say access is granted at runtime. You only have to ask the user for access once to get the refresh token though.
Service accounts on the other hand are pre authenticated. Service accounts are like dummy users they have their own google drive account and google calendar account. Because if this it is possible to shire data with them like you would any other user. You take the service account email address and add it as a user under the admin section of google analytics at the ACCOUNT level it must be the ACCOUNT level. Then using the service account in your code, you will be able to access the data for that Google Analytics account without requesting authentication from a user the first time.
Service accounts are most often used by developers to grant others access to the data owned by the developer. Oauth2 on the other hand would be used to access data of your customers for whos accounts you the developer does not personally have access to.
Technically speaking you can use either for your project as long as you store the refresh token you could technically use Oauth2 for your project. However I would not recommend it refresh tokens can expire under certain circumstances, which I will not go into.
I would recommend using a service account in your case it will be much easer for you to administrate as you will only need to set it up once.
My tutorials on the subject:
Google Developer console service account
Google Developer Console Oauth2 credentials
I wish to get a listing of all my posts as well as of any and all shares sent to me on my Google+ page, I want to do that from a python script that has no html or other front end.However I am confused as to how I can get access to the content.
According to the google developers site I can not get an OAuth token for google plus if there isn't a graphical front end,, but I just want to get to my own stuff and do a bit of parsing.
Surely there must be a way to do that?
There is a Github repo that can help you
Using the Google+ Sign-In button to get an OAuth 2.0 refresh token.
Exchanging the refresh token for an access token.
Making Google+ API requests with the access token, including getting
a list of people that the user has circled.
Disconnecting the app from the user's Google account and revoking
tokens.
This post is a followup to How to do OAuth-requiring operations in a GAE cron job?, where I realized I'm mis-using the #oauth_required decorator from OAuth2DecoratorFromClientSecrets.
As described by the OAuth 2.0 explained presentation, Oauth 2.0 solves the problem of:
Building a service...
... accessed by a user...
... and accessing the user's data from a third party.
That's what #oauth_required abstracts, and it does it well (currently my app "works": if I trigger the refresh page, I'm being asked to authorize access to my youtube data to my app, and the rest follows). But that's not what I want! My app does something simpler, which is creating a youtube playlist every day with my credentials and without any user input. So to compare to the above 3-tier negociation, I want:
A service
... accessed by users
... but only accessing "server-owned" YouTube playlist data. I don't want any access to the user's YouTube data, I just want to modify a playlist I (i.e. me / a userid persisted by the server) own.
But I still need help to do that; here is my current state:
After a few searches I learned that what I want to do is called Offline Access (emphasis mine, which is almost exactly my use case):
"In some cases, your application may need to access a Google API when the user is not present. Examples of this include backup services and applications that make blogger posts exactly at 8am on Monday morning. This style of access is called offline, and web server applications may request offline access from a user. The normal and default style of access is called online."...
→ So I should keep doing what I'm doing right now, keep requesting access to my YouTube account, but do it using the type_access=offline flag to get a token, and persist/use it for subsequent requests.
The Offline Access and Using a Refresh Token sections make total sense, but stay at a general HTTP level. Being still a newbie, I don't see how to integrate those principles into my Python code, and I didn't find any sample Python code around....
→ Could anyone help me with one Python example illustrating how and where to use this flag?
... and in particular, after studying oauth2client.appengine.OAuth2Decorator.oauth_required, I'm still not sure if I can bend it to my case, or if I should do my own thing.
→ What do you think?
Thanks for your time; if needed I'm also hanging out on irc://irc.freenode.net/#appengine as ronj.
Offline access is the default when retrieving tokens; you may have noticed this in the OAuth dialog that comes up:
Perform these operations when I'm not using the application
When your user accepts the OAuth dialog in a method decorated with decorator.oauth_required the credentials for that user will be stored in the datastore, including the refresh token.
Once you have one of these credentials objects, you can use it so authorize an HTTP object for calling APIS:
import httplib2
http = credentials.authorize(httplib2.Http())
and once authorized, it will do all the work for you. So if the access_token is expired, the first API response will be a 401 and so the credentials object will use the refresh_token to get a new access_token and make the request again.
If you know the user ID, you can retrieve the credentials from the datastore as described in How to do OAuth-requiring operations in a GAE Task Queue?:
from oauth2client.appengine import CredentialsModel
from oauth2client.appengine import StorageByKeyName
credentials = StorageByKeyName(
CredentialsModel, user_id, 'credentials').get()
Note/Gotcha:
If a user has already authorized your client ID, the subsequent times you perform OAuth for these users they will not see the OAuth dialog and you won't be given a refresh token. A refresh token can only be given if they go through the OAuth dialog, but since the user had already authorized your client ID, the spec assumes you would already have a refresh token around.
This often comes up when developers are testing OAuth, since they will go through the flow multiple times with a test account and after accepting the 2nd, 3rd, 4th, ... times, they never see the refresh token. A simple way around this is to use approval_prompt=force as an argument to the OAuth2Decorator constructor. This will force the OAuth dialog to appear every time you perform OAuth for a user.
However, this will not cause the dialog to show up every time a request is served for a given user; this would be a TERRIBLE user experience. Instead, the SACSID cookie from the request can be used (by the client library and some App Engine libraries) to determine who the current user is. Once the the library knows that current user, it can get your existing stored token/credentials for that user from the datastore and no jarring dialog will be needed.