I went through the instructions on for the Google Glass Python Quick Start. I deployed the app and the app supposedly finished deploying successfully. I then went to the main URL for the app and attempted to open the page. The page asked me which Google Account I wanted to use to access the app, and I chose one. It went through some type of redirect and then came back to my app and tried to open up the openauth2callback page at which time nothing else happened. It just stopped on the openauth2callback page and sat there whitescreened.
I assume that the app is supposed to look like the sample app that was posted where I should see timeline cards and be able to send messages, but I don't see any of that.
I checked my oauth callbacks and they look exactly like the quick start instructions said to make them. What am I missing?
A couple of things that are standard debugging practices, and you may want to update the original question to clarify:
Did OAuth actually fail? What information do you have that it failed? Can you verify from web server logs that the callback URL was hit and that it contained non-error return values?
Can you check your web server and app server logs to see if there are any error messages or exceptions logged?
Related
Three days ago, I was able to access my website deployed onto Google App Engine with no issues. Since that time I haven't changed anything in the files for my project, but when I deployed recently I was given a site can't provide a secure connection error, and the website was sent an invalid response.
I'm not sure whether this is an issue on App Engine or my code, as this only occurs with the most recently deployed instance of the website on App Engine. For example, I have deployed once, been given this error, then deployed again a couple minutes later, and that initial instance that is now second in line (with 0% traffic) works fine, while the new most recent (active) instance with 100% traffic, has the same error.
I am working with a Flask framework with the correct file structure, including static & templates folders, app.yaml and main.py files. I'm happy to post specific code snippets as requested in comments, I just don't know what code would be helpful to diagnose since there haven't been any changes since it was working fine a couple days ago with the same code.
Any ideas and advice is greatly appreciated.
UPDATE:
Removing the 's' from https takes me to the following page... clicking 'proceed anyway' takes me to the website just fine though
Couple of things to try to diagnose:
Check for errors locally, on your dev server. May have a 5xx error in your new code.
Navigate to http(without the 's')://your-app-and-version.appspot.com to see if that loads.
I created a Flask-Webservice with Python that runs independently inside a docker container. I then uploaded the docker image to an Azure Container Registry. From there I can create a WebService (for Containers) with some few clicks in the Azure Portal, that runs this container. So far so good. It behaves just as I want it to.
But of course I don't want anyone to access the service. So I need some kind if authentication. Luckily (or so I thought) there is a built-in authentication-mechanism (I think it is based on OAuth ... I am not that well versed in security issues). Its documentation is a bit sparse on what actually happens and also concentrates on solutions in C#.
I first created a project with Google as described here and then configured the WebApp-Authentication with the Client-Id and Secret. I of course gave Google a java script source and callback-url, too.
When I now log off my Google account and try a GET-Request to my Webservice in the Browser (the GET should just return a "hello world"-String), I am greeted with a Login Screen ... just as I expected.
When I now login to Google again, I am redirected to the callback-url in the browser with some kind of information in the parameters.
a token perhaps? It looks something like this:
https://myapp.azurewebsites.net/.auth/login/google/callback?state=redirxxx&code=xxx&authuser=xxx&session_state=xxx&prompt=xxx).
Here something goes wrong, because an error appears.
An error occurred.
Sorry, the page you are looking for is currently unavailable.
Please try again later.
If you are the system administrator of this resource then you should check the error log for details.
Faithfully yours, nginx.
As far as I now, nginx is a server software that hosts my code. I can imagine that it also should handle the authentication process. It obviously lets all requests through to my code when authentication is turned off, but blocks un-authenticated accesses otherwise and redirects to the google login. Google then checks if your account is authorized for the application and redirects you to the callback with the access token along with it. This then returns a cookie which should grant my browser access to the app. (I am just reproducing the documentation here).
So my question is: What goes wrong. Does my Browser not accept the cookie. Did I something wrong when configuring Google+ or the Authentication in the WebApp. Do I have to use a certain development stack to use the authentication. Is it not supported for any of the technologies I use (Python, Flask...).
EDIT
#miknik:
In Microsofts documentation of the authentication/authorization it says
The authentication and authorization module runs in the same sandbox
as your application code. When it's enabled, every incoming HTTP
request passes through it before being handled by your application
code.
...
The module runs separately from your application code and is
configured using app settings. No SDKs, specific languages, or changes
to your application code are required.
So while you are probably right that the information in the callback-redirect is the authorization grant/code and that after that this code should now be used to get an access token from Google, I don't quite understand how this would work in my situation.
As far as I can see it Microsofts WebApp for Container-Resource on Azure should take care of getting the token automatically and return it as part of the response to the callback-request. The documentation states 4 steps:
Sign user in: Redirects client to /.auth/login/.
Post-authentication: Provider redirects client to /.auth/login//callback.
Establish authenticated session: App Service adds authenticated cookie to response.
Serve authenticated content: Client includes authentication cookie in subsequent requests (automatically handled by browser).
It seems to me that step 2 fails and that that would be exactly what you wrote: that the authorization grant is to be used by the server to get the access token but isn't.
But I also don't have any control over that. Perhaps someone could clear things up by correcting me on some other things:
First I can't quite figure out which parts of my problem represent which role in the OAuth-scheme.
I think I am the Owner, and by adding users to the list in the Google+-Project I authorize them to use my service.
Google is obviously the authorization server
my WebService (or better yet my WebApp for Containers) is the resource server
and finally an application or postman that does the requests is the Client
In the descriptions of OAuth I read the problematic step boils down to: the resource server gets the access token from the authorization server and passes it along to the client. And Azures WebApps Resource is prompted (and enabled) to do so by being called with the callback-url. Am I right somewhere in this?
Alas, I agree that I don't quite understand the whole protocol. But I find most descriptions on the net less than helpful because they are not specific to Azure. If anyone knows a good explanation, general or Azure-specific, please make a comment.
I found a way to make it work and I try to explain what went wrong as good as I can. Please correct me if I go wrong or use the wrong words.
As I suspected the problem wasn't so much that I didn't understand OAuth (or at least how Azure manages it) but the inner workings of the Azure WebApp Service (plus some bad programming on my part). Azure runs an own Server and is not using the built-in server of flask. The actual problem was that my flask-program didn't implement a WSGI-Interface. As I could gather this is another standard for python scripts to interact with any server. So while rudimentary calls from the server (I think Azure uses nginx) were possible, more elaborate calls, like the redirect to the callback url went to dev/null.
I build a new app following this tutorial and then secured it by following the authentication/authorization-tutorial and everything worked fine. The code in the tutorial implements WSGI and is probably more conform to what Azure expects. My docker solution was too simple.
My conclusion: read up on this WSGI-standard that flask always warned me about and I didn't listen and implement it in any code that goes beyond fiddeling around in development.
I've created a project in Google Cloud Console, and I'm pretty sure my AppEngine project is associated with it (clicking on the AppEngine link in the project shows an overview of my AppEngine project).
I've uploaded my project to run on appspot.com.
I've properly copied and pasted the console project's OAuth2 client secret and id to be used by the Python library.
I've properly setup the consent screen.
I've added the callback urls.
I've made sure that the appropriate API's are turned "ON" and green (Google Drive).
But I'm still getting Error: invalid_client when trying to authenticate.
What did I miss?
EDIT: Here's the url where it goes wrong
https://accounts.google.com/o/oauth2/auth?state=https%3A%2F%2Fmy-app-id.appspot.com%2Fspreadsheet%2Fview%2F0Ao7HHtqOGzZ7dDNneTg0b1R0bnVJNzRvWk9DVVhIVXc%3A9wi8bS1R7fejjVuDd9IdPjoxMzg0NjgyNDU5&redirect_uri=https%3A%2F%2Fmy-app-id.appspot.com%2Foauth2callback&response_type=code&client_id=abcxyz123.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.readonly&access_type=offline
and the following text (with an image of a broken robot):
Request Details
cookie_policy_enforce=false
response_type=code
scope=https://www.googleapis.com/auth/drive.readonly
redirect_uri=https://my-app-id.appspot.com/oauth2callback
access_type=offline
state=https://my-app-id.appspot.com/spreadsheet/view/0Ao7HHtqOGzZ7dDNneTg0b1R0bnVJNzRvWk9DVVhIVXc:9wi8bS1R7fejjVuDd9IdPjoxMzg0NjgyNDU5
client_id=abcxyz123.apps.googleusercontent.com
Have you enabled the Drive API? The link to do this is more obvious if you use the old form of the API Console (see the faint grey link at the bottom of the new API Console page).
Otherwise, if you did what you said you did, you haven't missed anything.
For any Oauth problems such as this, it is immensely helpful to paste the http request and response into your question. This page tells you how to do that https://developers.google.com/api-client-library/python/guide/logging
A really good debugging technique is to put your code to one side and use the Oauth2 Playground (with your own application credentials configured). You can compare the http traffic from the Oauth playground with the traffic from your app, and play spot-the-difference.
This is a direct follow up to the information provided in this question:
Enter website by logging in Google Account using Python
One of the suggestions I found, was to follow this google tutorial for python:
quick start for python
And I am having some problems because of the heavy changes in the interface.
My biggest problem is in Step 1 - 3b. Aparently I have to paste these values:
http://localhost:4567
http://mysite.example.com
https://mysite.example.com
in some place, but I have no idea where.
So I simply continued with the tutorial, and launched the application on my localhost on port 4567.
Now, the application launched fine, but when I click the login button I get an error:
Error:invalid_client
no registered origin
Request details:
scope=https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.moments.write https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/plus.profile.agerange.read https://www.googleapis.com/auth/plus.profile.language.read https://www.googleapis.com/auth/plus.circles.members.read
redirect_uri=postmessage
state=303270744|0.3942616991
origin=http://localhost:4567
display=page
request_visible_actions=http://schemas.google.com/AddActivity
cookie_policy_enforce=false
response_type=code token id_token gsession
access_type=offline
cookie_policy=single_host_origin
proxy=oauth2relay678941372
client_id=933139289991-iigr70l8u8rbjecm6vrrs3bj4fck0ptu.apps.googleusercontent.com
authuser=0
Am I getting this error because the tutorial I am following is very outdated, or because I didn't do Step 1 - 3b correctly?
How can I fix this? All I want is to log in into a google account, if there is an easier way to do it with python, feel free to let me know :S
The problem is that the tutorial tells you how to set up the project using the Google API Console (see the link in Step 1, the first item), but Google is slowly moving people to use the Cloud Console instead. So if you follow that link, you get redirected to the new Cloud Console. If you want to get back to the API Console (so you can follow the rest of the steps listed there), you should see a message at the top of that page that says:
If you click on the "Go back" link, you'll be back at the API Console and you can follow the rest of the steps listed in the tutorial.
Steps 1-3b are important, since they are how you setup a Project, indicate what API resources it has available to it, and indicate how you will be accessing the project. It also will give you the Client ID and Secret that your python program will use when connecting to Google's servers.
i have been on this for the last 2 days with no result.
i am running my facebook app on my localhost with port-forwarding method.
i know my server setup is working fine as i can see the logs on the django runserver and dyndns log as well.
django is properly responding to calls as well.
the problem is as soon as the app authorizes with my user account, it straight follows to the page that says this:
Errors while loading page from application
The URL http://amitverma.dyndns.org/facebook_sample/?auth_token=817f8fbe99eff10582b634589de17b84 is not valid.
Please try again later. We appreciate your patience as the developers of app_test and Facebook resolve this issue. Thanks!
I am making a test app learning from facebook + django tutorial from here and here.
I am still getting this error and I have no idea what i am doing wrong...
Please help me out.
This often happens with a failed authentication. I'm not sure what the Python client libraries might look like, but with the PHP ones you generally make an authorization call against the library, something like $facebook->require_login().
With the PHP library, if this call fails to verify the user's Facebook session, then it automatically outputs HTML that will redirect the browser and try to re-establish the session, hence the auth_token parameter.
I suspect you're running into something similar. Try to isolate any authentication calls you're making, and use a Firefox extension like LiveHTTPHeaders to see if you are undergoing any redirects during the requests.
When you get that error, presuming you have debug=True in the Django settings and that your application is in development mode in Facebook, you can do View Source and see the entire Django error page that would normally display, including traceback. Facebook comment it out in the HTML so it doesn't show on the front end, but you can copy and paste it into a separate HTML file and view that in your browser to see the nice friendly Django error page which will definitely give you a clue as to what's going wrong.