I'm working on small python script (raspberry pi + Linux) that getting filename, as script argument, and upload it to Google drive.
In order to upload file to Google drive, I'm using this tutorial:
https://developers.google.com/drive/web/quickstart/quickstart-python
This script is basically working good, but, it's require manual authorization of the request - EACH time. This impossible when developing automated background task.
What I'm want to improve is to accept my application only once. From this time, all the file upload tasks will pass without security questions.
How to achieve this?
You want to follow server-side auth. Basically you store a refresh token that you receive the first time the user authorizes you, and you can use that to get new tokens without prompting the user.
See https://developers.google.com/drive/web/auth/web-server
Related
I am trying to create Jira issues with data populated in a row in google sheet, I plan to put a button to read the contents of the row and create Jira issues, I have figured the Jira API wrote the script for it and also the Google sheets API to read the row values to put in the Jira API.
How do I link the button to the python script in my local machine in a simple manner, I went through other similar asks here, but they are quite old and hoping now some new way might be available.
Please help me achieve this in a simple way, any help is greatly appreciated.
Thank You and Stay Safe.
Google sheets cannot run code on your local machine. That means you have a few options:
Click the button locally
Instead of clicking a button on the google sheet, you can run the script yourself from the command line. This is probably how you tested it, and not what you want.
Watch the spreadsheet
You could have your python script setup to run every few minutes. This has the benefit of being very straightforward to setup (google for cron jobs), but does not have a button, and may be slower to update. Also, it stops working if you turn off your computer.
Make script available for remote execution
You can make it so that your script can be run remotely, but it requries extra work. You could buy a website domain, and point it towards your computer (using dynamic dns), and then make the google sheet request your new url. This is a lot of work, and costs real money. This is probably not the best way
Move the script into the cloud
This is probably what you want: cut your machine out of the loop. You can use Google AppScripts, and rewrite your jira code there. You can then configure the google AppScript to run on a button click.
Unfortunately, you really can't get a button press in a Google Sheet to launch a local Python script-- Google Sheets / your browser cannot access your local files and programs in that way.
You can create a button that runs a Google Apps Script (GAS). This is some code based on JavaScript, attached to the spreadsheet, hosted/run by Google. Here's a tutorial on how to run via button press.
If you can port your script into GAS, that is one solution.
If you want to keep the script in Python, you basically need to deploy it and then use GAS to call your Python script. The simplest way I can think of (which is not super simple, but is totally doable!) is as follows:
1. Make your Python script into an API.
Use something like Flask or FastAPI to setup your own API. The aim that when a certain URL is visited, it will trigger your Python program to run a function which does all the work. With FastAPI it might look like this:
from fastapi import FastAPI
app = FastAPI()
def main():
print("Access Google Sheet via API...")
# your code here
print("Upload to JIRA via API...")
# your code here
#app.get("/")
def root():
main()
return {"message": "Done"}
Here, "/" is the API endpoint. When you visit (or make a "get" request) to the URL of the deployed app, simply ending in "/", the root function will get called, which calls your main function. (You could set up different URL endings to do different things).
We can test this locally. If you follow the setup instructions for FastAPI, you should be able to run the command uvicorn main:app --reload which launches a server at http://127.0.0.1:8000. If you visit that URL in your browser, the script should get run and the message "Done" should appear in your browser.
2. Deploy your Python app
There are many services that can host your Python program, such as Heroku or Google Cloud. They may offer free trials but this generally costs money. FastAPI has instructions for deploying to Deta which seems to currently have a free tier.
When your app is app and running, there should be an associated web address such as "https://1kip8d.deta.dev/". If you access this in the browser it will run your script and return the "Done" message.
3. Hit your Python API from Google Sheets, using GAS
The last step it to "hit" that URL using GAS, instead of visiting it manually in the browser. Following the tutorial mentioned above, create a GAS script linked to your spreadsheet, and a button which is "assigned" to your script. The script will look something like this:
function myFunction() {
var response = UrlFetchApp.fetch("https://1kip8d.deta.dev/");
Logger.log(response.getContentText());
}
Now, whenever you press the button, GAS will visit that URL, which will cause your Python script to execute.
You might want to check out Google Colaboratory. It's a service by Google that can host your Python code (called a "notebook"), connect with your Google Drive (and other Google services), and make calls out to web endpoints (which would be your Jenkins server). I think those are the three pieces you're dealing with here.
Just to be clear... your code wouldn't be local anymore (if that's really important to you). Instead, it would be hosted by Google. The notebooks are saved to your Google Drive account, so you get the security that provides.
I am currently building a web-app that requires a Spotify user to login using their credentials in order to access their playlists
I'm using the Spotipy python wrapper for Spotify's Web API and generating an access token using,
token = util.prompt_for_user_token(username,scope,client_id,client_secret,redirect_uri)
The code runs without any issues on my local machine. But, when I deploy the web-app on AWS, it does not proceed to the redirected uri and allow for user login.
I have tried transferring the ".cache-username" file via SCP to my AWS machine instance and gotten it to work in limited fashion.
Is there a solution to this issue? I'm fairly new to AWS and hence don't have much to go on or any idea where to look. Any help would be greatly appreciated. Thanks in advance!!
The quick way
Run the script locally so the user can sign in once
In the local project folder, you will find a file .cache-{userid}
Copy this file to your project folder on AWS
It should work
The database way
There is currently an open feature request on Github that suggests to store tokens in a DB. Feel free to subscribe to the issue or to contribute https://github.com/plamere/spotipy/issues/51
It's also possible to write a bit of code to persist new tokens into a DB and then read from it. That's what I'm doing as part of an AWS Lambda using DynamoDB, it's not very nice but it works perfectly https://github.com/resident-archive/resident-archive/blob/a869b73f1f64538343be1604d43693b6165cc58a/functions/to-spotify/main.py#L129..L157
The API way
This is probably the best way, as it allows multiple users to sign in simultaneously. However it is a bit more complex and requires you host a server that's accessible by URL.
This example uses Flask but one could adapt it to Django for example https://github.com/plamere/spotipy/blob/master/examples/app.py
I want to write a python script that can connect to Google Drive API without having to manually authenticate on every device the script is run on.
I am writing some python code for a research study that is going to be run at various study locations. For data privacy reasons, we cannot store data locally and need to write it to the cloud (ideally Google Drive). A member of our team will not present at all locations the software is being run, and thus any sort of initial manual authentication (entering username and password at the different sites for OAuth) is really off of the table for us.
I've looked into the Google Drive API (Python), and am wondering if there is a way for a device running my script to get a Refresh token (and subsequent Access tokens) to modify a Google Sheet without needling to manually authenticate on each device.
Is there any way to make this possible with the Google Drive API (by having some sort of 'secret' that the code could store)? If not, are there any other cloud services that may be able to accommodate this?
Additionally, the python script is being run as part of an executable (produced from Vizard, probably irrelevant but mentioning it just in case)
Yes it can be done - see How do I authorise an app (web or installed) without user intervention?
However, it's probably a bad idea for two reasons. if you distribute code with embedded secrets (technically the secret is a Refresh Token), they tend not to stay secret for long. Secondly, there is the chance that the Refresh Token will expire and your users will be dead in the water.
I would suggest that you consider:-
A Service Account
Writing an OAuth proxy, which you can host for free on Google AppEngine, which puts all of the secret stuff on a server and from which your app can fetch Access Tokens as they are needed.
I'm new to OAuth and API's but have been trying to figure out the upload_video.py script that is provided by Google (https://developers.google.com/youtube/v3/guides/uploading_a_video) to upload videos to my channel via Python.
My problem is I can't figure the OAuth, so I'm calling the script with the necessary arguments, but then getting re-directed to an authentication page in my browser.
This script needs to be run completely invisibly from command line and so, that doesn't work for me.
Can anybody point me in the right direction for not having to authenticate the script manually each time it's running?
I was hoping there would be an option for this in the Google dev console, to allow this kind of thing, but it doesn't appear so.
Your program will have to at some point use a browser to complete the OAuth2 flow - it's unavoidable. The script google provides on that page does store the token in a local file, so that your program won't need to go through the process again every time it runs, as long as the token is still valid. You can also get your program to ask for a new token when the one it has expires, though I'm not sure if that script actually does that or not.
See: https://developers.google.com/accounts/docs/OAuth2ForDevices for information about the OAuth2 flow on devices that aren't capable of launching a browser themselves.
I have the django application, which needs refresh some data. This data should be downloaded from my dropbox account (file name and path is the same each time). How can I implement this?
I start with using dropbox api, create application, etc - but this method has one big defect - it needs user go to the generated link and authorize to dropbox account. But I need automatic work, script should be executed by cron each day without userinteraction.
I think about using Selenium to open this link, enter login and password, confirm using application. But I also think this is hard way, should be another way:-)
Or maybe I can simply generate link to file one time and then use it every time I want to download file?
You could use the API and connect with pre-authorized access token which you authorized manually once (as opposed to having the user authorize their own account). You could then download the file from your account, but be sure not to revoke the access token, e.g. via https://www.dropbox.com/account/applications .
If you do just need to download files though, using a shared link may be easier:
https://www.dropbox.com/help/167/en
https://www.dropbox.com/help/201/en
They don't expire, but they can be revoked via https://www.dropbox.com/links .
Or if you prefer to use the Public folder, same idea:
https://www.dropbox.com/help/16/en