Error when logging to Jupyterhub with Google Oauth - google-oauth

So i am trying to deploy Jupyterhub to teach students about EEG processing. I have succesfully deployed a jupyterhub installation using this guide; https://pythonforundergradengineers.com/add-google-oauth-and-system-service-to-jupyterhub.html on https://lab.golembio.com but i am stuck at google oauth stage.
I have followed the instructions step by step, and added this code to my jupyterhub_config.py:
from oauthenticator.google import LocalGoogleOAuthenticator
c.JupyterHub.authenticator_class = LocalGoogleOAuthenticator
c.LocalGoogleOAuthenticator.create_system_users = True
c.LocalGoogleOAuthenticator.hosted_domain = ['https://lab.golembio.com', 'https://golembio.com']
c.LocalGoogleOAuthenticator.login_service = 'Google Login'
c.LocalGoogleOAuthenticator.oauth_callback_url = 'https://lab.golembio.com/hub/oauth_callback'
c.LocalGoogleOAuthenticator.oauth_client_id = 'xxxx'
c.LocalGoogleOAuthenticator.oauth_client_secret = 'xxxxx'
#c.JupyterHub.cookie_secret_file = '/srv/jupyterhub/jupyterhub_cookie_secret'
c.Authenticator.add_user_cmd = ['adduser', '-q', '--gecos', '""', '--disabled-password', '--force-badname']
ps: I copy and paste correct oauth client id and oauth client secret to the code...
Now when i open lab.golembio.com there is an option to log in with google but after i click it it returns an error:
Error 400: invalid_request
Missing required parameter: client_id
I could not figure out what is the problem?

Related

Unable to set scope games::prime for Login with Amazon

I've been tryin to setup an external login with amazon to integrate prime gaming for my web app in asp net core 3.1. I've been following this Amazon Prime Gaming Integration. I have been successfully stored the amazon userId, its token, refresh token and expires in into my database. However, I'm unable to call a post API request to /api/account/link to sync up my account according to this document. I am getting an error with message: Not all permissions are authorized. I did a bit research and it mentioned in another document link (Tips-Troubleshoot) that I need to set both scopes to games::prime and profile (I only had profile set before).
However, when adding games::prime scope, I get an exception for invalid scope: invalid_scope;Description=An unknown scope was requested
I'm using AspNet.Security.OAuth.Amazon to help with the external login with amazon, and this is the code that I have in my Startup.cs file
services.AddAuthentication()
.AddAmazon(o =>
{
o.ClientId = clientId;
o.ClientSecret = clientSecret;
o.Scope.Add("profile");
o.Scope.Add("games::prime");
o.SaveTokens = true; // get access token and refresh token
o.AccessDeniedPath = new PathString("/Home/WebAppSetting");
})
If I remove games::prime from the scope, then everything works but then I will get an error message Not all permissions are authorized
Can anyone please tell me what I'm missing and not doing correct in here ? I have been searching for amazon documents on their sites, but seems like there is nothing useful there.
Thank you
It turned out that in order to use scope games::prime, you need to contact amazon team to have them unblock that for you. This is not mentioned at all in the push integration documentation.

How to get access token and access secret after getting client id and and client secret on LinkedIn using python?

I have created an API application in linkedIn, so I got client-id and client-secret key. I am however not able to get access token and secret key from LinkedIn.
I have used the below python code to do the job. Everything works well and I get the 'authorization_url', but when I paste it in my browser I get error: "invalid redirect_uri. This value must match a URL registered with the API Key."
*** Note that at the moment the "Authorized Redirect URLs" section in my application is blank and my question is what I should put there? I understand that it should be the same as what I feed in OAuth2Session function (instead of "arbitrary_url" such as 'http://127.0.0.1') in my below code. But have no clue on where to get this url?
Snapshot of my authorization_url page
*** To clarify on what I exactly do step by step:
1) add a url in "Authorized Redirect URLs" textbox in my API application and click on "Add".
2) Then I replace "arbitrary_url" in my code with exactly the same url.
3) Continue to run my code to get the "redirect_response".
4) Try the "redirect_response" in my browser; So far I always got the error: "invalid redirect_uri. This value must match a URL registered with the API Key."
Would appreciate any help on this.
# Import packages
from requests_oauthlib import OAuth2Session
from requests_oauthlib.compliance_fixes import linkedin_compliance_fix
# Credentials you get from registering a new application
client_id = '<my client id>'; client_secret = '<my client secret>'
# Redirect user to LinkedIn for authorization
linkedin = OAuth2Session(client_id, redirect_uri='<arbitrary_url>')
linkedin = linkedin_compliance_fix(linkedin)
authorization_url, state = linkedin.authorization_url('https://www.linkedin.com/uas/oauth2/authorization')
print(authorization_url)
Finally I got my mistake in the first phase! What I was missing was that I needed to click on "update" after clicking "Add" in my application to get that addition be actually performed!
However, still haven't got the client id and and client secret, as I get error after authorization!
Please refer to samples https://github.com/ozgur/python-linkedin. I see that you are missing to match redirect_url in your code. And more samples and explanation here http://requests-oauthlib.readthedocs.io/en/latest/examples/linkedin.html

Rally Pyral API Key Proxy Issue

I am trying to replace my old username/password Rally authentication with Rally API Keys.
server, user, password, workspace, proj = rallySettings(options)
rally = Rally(server, user, password)
to
rally = Rally(apikey='SECRET_KEY')
When I made the change, I started getting errors like: ('Cannot connect to proxy.', gaierror(-5, 'No address associated with hostname')).
If I switch back to the old user/password route, it works just fine.
Here's how I am setting the proxy:
proxy = "http://internal.proxy.com:port"
os.environ['HTTPS_PROXY'] = proxy
os.environ['https_proxy'] = proxy
os.environ['HTTP_PROXY'] = proxy
I'm using pyral 1.1.1 and requests 2.3.0 on a redhat server. Any ideas why switching from Username/Password to APIKeys would cause a proxy connection issue?
ApiKey replaces username/password, but it does not replace host.
This line:
rally = Rally(apikey='SECRET_KEY')
is missing host(server)
See an example here.
if apikey:
rally = Rally(server, apikey=apikey, workspace=workspace, project=project)
else:
rally = Rally(server, user=username, password=password, workspace=workspace, project=project)

API google analytics v3.0 : avec OAuth 2.0,

I'm trying to install but I get the following error:
400. That’s an error.
Error: redirect_uri_mismatch
Application: Google analitycs
You can email the developer of this application at: sextoysunivers#gmail.com
The redirect URI in the request: http://sextoysunivers.com/modules/gapi/oauth2callback.php did not match a registered redirect URI
I have tried for all shops tab, individually, with the number after the p in my google analytics browser, and with the UA code getting the same error.
You have to register the redirect_uri in the Google Developer Console. After you log in click on APIs & auth, then Credentials and enter your redirect_uri into the redirect_URIs text-area

Cannot get service account authorization to work on GCS script using Python client lib APIs

In attempting to write a python script to access GCS using service-based authorization, I have come up with the following. Note that 'key' is the contents of my p12 file.
I am attempting to just read the list of buckets on my account. I have successfully created one bucket using the web interface to GCS, and can see that with gsutil.
When I execute the code below I get a 403 error. At first I thought I was not authorized correctly, but I tried from this very useful web page (which uses web-based authorization), and it works correctly. https://developers.google.com/apis-explorer/#p/storage/v1beta1/storage.buckets.list?projectId=&_h=2&
When I look at the headers and query string and compare them to the keaders and query of the website-generated request I see that there is no authorization header, and that there is no key= tag in the query string. I suppose I thought that the credential authorization would have taken care of this for me.
What am I doing wrong?
code:
credentials = SignedJwtAssertionCredentials(
'xxx-my-long-email-from-the-console#developer.gserviceaccount.com',
key,
scope='https://www.googleapis.com/auth/devstorage.full_control')
http = httplib2.Http()
http = credentials.authorize(http)
service = build("storage", "v1beta1", http=http)
# Build the request
request = service.buckets().list(projectId="159910083329")
# Diagnostic
pprint.pprint(request.headers)
pprint.pprint(request.to_json())
# Do it!
response = request.execute()
When I try to execute I get the 403.
I got this working, however, the code I used is not fundamentally different from the snippet you posted. Just in case you'd like to diff my version with yours, attached below is a complete copy of a Python program that worked for me. I initially got a 403, just like you, which was due to inheriting your project id :). After updating that value to use my project ID, I got a correct bucket listing. Two things to check:
Make sure the project id you are using is correct and has the "Google Cloud Storage JSON API" enabled on the Google Developer Console "Services" tab (it's a different service from the other Google Cloud Storage API).
Make sure you are loading the service accounts private key exactly as it came from the developer's console. I would recommend reading it into memory from the file you downloaded, as I've done here, rather than trying to copy it into a string literal in your code.
#!/usr/bin/env python
import pprint
import oauth2client
from oauth2client.client import SignedJwtAssertionCredentials
import httplib2
from apiclient.discovery import build
f = open('key.p12', 'r')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
'REDACTED',
key,
scope='https://www.googleapis.com/auth/devstorage.full_control')
http = httplib2.Http()
http = credentials.authorize(http)
service = build("storage", "v1beta1", http=http)
# Build the request
request = service.buckets().list(projectId="REDACTED")
# Diagnostic
pprint.pprint(request.headers)
pprint.pprint(request.to_json())
# Do it!
response = request.execute()
pprint.pprint(response)