I am currently trying to create and populate a collection automatically via Python. As mentioned the DB that I've chosen is Arango. The issue that I am having is that I get an error:
[HTTP 401][ERR 11] not authorized to execute this request
I've turned off fire walls and tried reinstalling Arango to check if I messed up something with setting up the admin profile but everything seems to be fine. The only similar question I've found so far is this one but it's still somehow irrelevant to my issue.
In regards to the builder, this is how I've set it up:
config={
"database": 'exampleDB',
"host":'localhost',
"protocol":'http',
"port":'8529',
"username":'someone',
"password":'xxxx'
}
Is there anything else that I am missing for setting up the permissions config? Or the issue might be somewhere else.
I am not posting my full code because it's company owned software.
In case of pyArango you need to provide the credentials when you instantiate the Connection class:
from pyArango.connection import *
conn = Connection(username=config['username'], password=config['password'])
Documentation: https://bioinfo.iric.ca/~daoudat/pyArango/connection.html
In case of python-arango you first need a client object, then call the db() method and provide the database name and the credentials:
from arango import ArangoClient
client = ArangoClient(protocol='http', host='localhost', port=8529)
db = client.db('_system', username=config['username'], password=config['password'])
Documentation: https://python-driver-for-arangodb.readthedocs.io/en/master/overview.html
The original repository of arango-python is abandoned since five years, it does not support any 2.x or 3.x server versions and I could not find anything for authentication (search on GitHub yielded no results for "auth", "password", "user", "cred"). The docs site is even more stale.
The ArangoPy project appears to be pretty dead as well, it supports ArangoDB 2.2 through 2.6 according to the readme. There is no example given for authentication. The Client constructor does take a parameter called auth, but the usage remains unclear (<username>:<password>?).
Related
I am evaluating different options for authentication in a python App Engine flex environment, for apps that run within a G Suite domain.
I am trying to put together the OpenID Connect "Server flow" instructions here with how google-auth-library-python implements the general OAuth2 instructions here.
I kind of follow things up until 4. Exchange code for access token and ID token, which looks like flow.fetch_token, except it says "response to this request contains the following fields in a JSON array," and it includes not just the access token but the id token and other things. I did see this patch to the library. Does that mean I could use some flow.fetch_token to create an IDTokenCredentials (how?) and then use this to build an OpenID Connect API client (and where is that API documented)? And what about validating the id token, is there a separate python library to help with that or is that part of the API library?
It is all very confusing. A great deal would be cleared up with some actual "soup to nuts" example code but I haven't found anything anywhere on the internet, which makes me think (a) perhaps this is not a viable way to do authentication, or (b) it is so recent the python libraries have not caught up? I would however much rather do authentication on the server than in the client with Google Sign-In.
Any suggestions or links to code are much appreciated.
It seems Google's python library contains a module for id token validation. This can be found at google.oauth2.id_token module. Once validated, it will return the decoded token which you can use to obtain user information.
from google.oauth2 import id_token
from google.auth.transport import requests
request = requests.Request()
id_info = id_token.verify_oauth2_token(
token, request, 'my-client-id.example.com')
if id_info['iss'] != 'https://accounts.google.com':
raise ValueError('Wrong issuer.')
userid = id_info['sub']
Once you obtain user information, you should follow authentication process as described in Authenticate the user section.
OK, I think I found my answer in the source code now.
google.oauth2.credentials.Credentials exposes id_token:
Depending on the authorization server and the scopes requested, this may be populated when credentials are obtained and updated when refresh is called. This token is a JWT. It can be verified and decoded [as #kavindu-dodanduwa pointed out] using google.oauth2.id_token.verify_oauth2_token.
And several layers down the call stack we can see fetch_token does some minimal validation of the response JSON (checking that an access token was returned, etc.) but basically passes through whatever it gets from the token endpoint, including (i.e. if an OpenID Connect scope is included) the id token as a JWT.
EDIT:
And the final piece of the puzzle is the translation of tokens from the (generic) OAuthSession to (Google-specific) credentials in google_auth_oauthlib.helpers, where the id_token is grabbed, if it exists.
Note that the generic oauthlib library does seem to implement OpenID Connect now, but looks to be very recent and in process (July 2018). Google doesn't seem to use any of this at the moment (this threw me off a bit).
I'm trying to figure out how to authenticate and create an entry on quickbooks online through Python. Currently, when I try to click auth link in their API Explorer, I get 404 page.
What I'm trying to do is creating invoice through Python. However, it seems like their documentation is not complete. I contacted their support, and I haven't heard from them yet.
The python-quickbooks library is probably the correct choice now, as it is a "complete rework of quickbooks-python". It has pretty comprehensive instructions on getting and using the auth keys, though I wouldn't call it "simple", since the process is by definition somewhat complex. The instructions are "for Django", but the Django-specific code simply gets parameters out of a URL string.
We're using it to great effect, because the syntax is as easy as:
auth_client = AuthClient(
client_id = CLIENT_ID # from QB website
,client_secret = CLIENT_SECRET # from QB website
,environment = 'sandbox' # or 'production'
,redirect_uri = REDIRECT_URI
)
client = QuickBooks(
auth_client = auth_client
,refresh_token = REFRESH_TOKEN
,company_id = COMPANY_ID
)
account = Account.get(qbid, qb=client) # qbid can be retrieved from the AccountList
return account.CurrentBalance
This library will get the job done https://github.com/HaPsantran/quickbooks-python
It works in JSON so you would construct the Invoice based off of docs at https://developer.intuit.com/docs/0025_quickbooksapi/0050_data_services/030_entity_services_reference/invoice using the JSON examples.
The library doesn't support sandbox mode** so if you are going to use the development consumer key and secret than you would change this code.
base_url_v3 = "https://quickbooks.api.intuit.com/v3"
to
base_url_v3 = "https://sandbox-quickbooks.api.intuit.com/v3"
while in that mode.
** Sandbox mode only applies currently to U.S. QBO
Having written a lot of the module #Minimul mentions — with a very helpful start by simonv3, who figured out how to get it working first and then I just built on it — I am fairly confident that this will not support the oauth workflow of getting the request token, prompting the user to authenticate out of band, and then getting and storing the access token. It presumes you already have an access token.
Simon (or another Python developer) may be able to comment on how he gets the access token with Python, and if so, it'd be great if he (or they) could add it to the module for all to enjoy.
I had this same problem. I just figured it out and posed the step-by-step process here:
python with Quickbooks Online API v3
Hope this helps.
I looked at the existing python clients for quickbooks and found them to be either outdated or not having all the features. So i created a new python client for quickbooks which can be found at https://pypi.python.org/pypi/quickbooks-py
If there is someone out there who has already worked with SOLR and a python library to index/query solr, would you be able to try and answer the following question.
I am using the mySolr python library but there are others out (like pysolr) there and I don't think the problem is related to the library itself.
I have a default multicore SOLR setup, so no authentication required normally. Don't need it to access the admin page at http://localhost:8080/solr/testcore/admin/ either
from mysolr import Solr
solr = Solr('http://localhost:8080/solr/testcore/')
response = solr.search(q='*:*')
print("response")
print(response)
This code used to work but now I get a 401 reply from SOLR ... just like that, no changes have been made to the python virtual env containing mysolr or the SOLR setup. Still...something must have changed somewhere but I'm out of clues.
What could be the causes of a SOLR 401 reponse?
Additional info: This script and mor advanced script do work on another PC, just not on the one I am working on. Also, adding "/select?q=:" behind the url in the browser does return the correct results. So the SOLR is setup correctly, it has probably something to do with my computer itself. Could windows settings (of any kind) have an impact on how SOLR responds to requests from python? The python env itself has been reinstalled several times to no avail.
Thanks in advance!
The problem was: proxy.
If this exact situation was ever to occur to someone and you are behind a proxy, check if your HTTP and HTTPS environmental variables are not set. If they are... this might cause the python session to try using the proxy while it shouldn't (connecting to localhost via proxy).
It didn't cause any trouble for months but out of the blue it did so whether you encounter this or not might be dependent on how your IT setup your proxy or made some other changes...somewhere.
thank you everyone!
I've worked out how OAuth2 works (via https://developers.google.com/api-client-library/python/guide/aaa_oauth) and now have an OAuth2Credentials object (let's call the object credentials) that I want to use for Google Apps provisioning purposes (the example here is using sites, but could be any of the gdata apis)
If I try:
client = gdata.sites.client.SitesClient(site="test-site",domain='my.domain')
client = credentials.authorize(client)
I get
TypeError: new_request() got an unexpected keyword argument 'http_request'
when I try to do anything
If I try
client = gdata.sites.client.SitesClient(site="test-site",domain='my.domain', auth_token=credentials)
or
client = gdata.sites.client.SitesClient(site="test-site",domain='my.domain', auth_token=credentials.access_token)
I get an AttributeError that the relevant object (credentials or credentials.access_token) has no attribute 'modify_request'
Any ideas what I can try?
I'm not entirely sure about Google's client code, but you could always try (shameless plug) sanction. It's an OAuth 2.0 client I wrote a while ago available on Github and PyPI.
The upsides:
Being a whopping 55 LOC, it's tremendously easy to grok. If something goes wrong, you won't have to ask questions here.. You should be able to just understand what's going on ;)
It has been tested with 8 different providers (including Google)
The downsides:
Obviously would require a refactor of your current code
Doesn't assume (and therefore provide) persistence implementations
Doesn't provide API implementations (you have to have a basic understanding of the OAuth 2.0-exposed API that you're dealing with)
This answer says you have to monkeypatch the OAuth2Credentials object, before passing it to the SitesClient(auth_token=credentials). It has an answer showing you how to do the monkey patching
I am working on a python web application based on the pyramid framework. I am trying to add session authentication to it. By that I understand that:
users can log in/out (security is desirable); user data are kept in a database
authentication is handled via the session (request.session)
First off: Is session authentication a good option or are there better ones?
Secondly: I can't really make heads or tails of the documentation and examples.
So far, I've followed http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/tutorials/wiki2/authorization.html#adding-login-and-logout-views so far that I have a login/logout form. However, my authn_policy is a http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.SessionAuthenticationPolicy
As the session factory in pyramid is insecure (see http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/sessions.html), I use *pyramid_beaker* instead.
The configuration is:
in __init__.py: session_factory = session_factory_from_settings(settings)
in the .ini file:
beaker.session.lock_dir = %(here)s/data/sessions/lock
beaker.session.type = ext:database
beaker.session.sa.url = mysql://user:pass#localhost:3306/db
beaker.session.table_name = user_session
I hope I was able to make my problem clear.
I'd say it depends on what you want to do. Session authentication works fine if you use Beaker, but I like using AuthTktAuthenticationPolicy for the additional timeout and reissue options, and the fact that your authentication doesn't disappear even if you clear the session.