According to this article, I should enable the Google Sheets API (done), copy and paste a blob of code into file quickstart.php and in terminal on the server run
$ php quickstart.php
This then prompts:
$ php quickstart.php
Open the following link in your browser:
https://accounts.google.com/o/oauth2/auth?response_type=code&access_type=offline&client_id=<something>.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Fmy.website.com%2F&state&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fspreadsheets.readonly&prompt=select_account%20consent
Enter verification code:
So I open the link in my browser, accept that my.website.com gains access to my sheets, and then I'm redirected to the frontpage of my.website.com.
So what do I enter as verification code?
In your case, please check the URL of the redirected page on the browser. When you see the URL, in your situation, I think that you can see the following URL.
http://my.website.com/?code=#####&scope=https://www.googleapis.com/auth/spreadsheets.readonly
In this case, the code is ##### of code=##### which is the query parameter. Please copy the code and put to Enter verification code: of the terminal you run $ php quickstart.php. By this, token.json of $tokenPath = 'token.json'; including the access token and refresh token is created. After this, when you run $ php quickstart.php, the script uses the access token retrieved by the refresh token. By this, the authorization process is not required. About the expiration of the refresh token, please check the official document.
Reference:
Refresh token expiration
Related
I don't think this issue is specific to PyDrive, but rather Google OAuth. However, some of the solutions I've seen on stackoverflow don't seem to be transferable over to my PyDrive application, which is just a python script to upload files programmatically to a shared drive. It worked fine 2 months ago but I tried to rerun it today and it's not working. Here is the error I'm getting:
Authorisation Error
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
I am using a web application OAuth 2.0 Client ID creds on GCP. All secrets are stored in a local client_secrets.json file.
I run my script, it sends a message to the console that says
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?client_id=blahblahblah.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&access_type=offline&response_type=code
Enter verification code:
How it used to work: After I click the link above, it returns a code I paste into the console and then its authenticated. FYI: I plan on running this 24/7 on a remote server.
Now: I click the link above and get the error I posted above. I've tried to change the redirect uri to 127.0.0.1 and it does allow me to auth, then I get a code in my URL, but once I copy that and paste it into the console, I get more errors.
Anyone know the solution for this?
after successfully getting past the login page using curl in Linux (bash) with two sites that use information from the HTML-form field to accomplish this, I now also want to login to another site with my credentials that is a bit more tricky. I'm new to this and it seems that it works with OAuth so I need an access token first. With my two successfull attempts it was necessary to extract a CSRF token from the HTML code so as to prove I'm not a malicious bot. But now it's completely different and the server thinks I'm a bot (see error messages below).
Can somebody please confirm whether these are the only steps involved for logging in to an OAuth protected site:
a POST request to the server that generates the token (https://name_of_site/api/v1/auth/token)
a GET request to a password-protected part of the website using the access token from step 1
When I try step 1, I get error messages as shown below*. I inspected the website before logging in and afterwards with a browser and copied everything as cURL (bash). In the header fields of the token request I can find two more fields that look like they provide dynamic information:
x-trace-request-id
x-recaptcha-v3
I did some research and found that the request ID stays the same for some interactions that go to and from a server to facilitate identification of the client(?).
And concerning the recaptcha, I know what a recaptcha is, but I did not have to solve any captchas when accessing the site with a browser. So I'm quite unsure about these bits of information.
I strongly assume that I need to send one or both of these headers in the first step to actually get an acess token. But how could I get valid values for these parameters with cURL?
Any help is aprreciated! Please point me in the right direction. I can provide more information if needed, of course.
{"status":"ERROR","statusCode":400,"data":{"message":"Request failed with status code 400","error":"invalid_grant","error_description":"invalid credential","bot-detection-error":"MissingAdditionalAuthToken"}}
This is the error I get when I do not provide x-trace-request-id and x-recaptcha-v3
{"status":"ERROR","statusCode":400,"data":{"message":"Request failed with status code 400","error":"invalid_grant","error_description":"invalid credential","bot-detection-error":"InvalidCaptchaV3Token"}}This is the error I get when I simply use the values as copied from the old request when I used the browser
I am developing a website which need google-login button. But i failed in getting the access_token.
Here is my configuration page and curl result.
why curl doesn't work.
The problem you are having is that you have created web browser credentials and you appear to be testing with curl. Curl by itself would be run in a command prompt or shell script there for it would be installed credentials not web browser credentials.
Go to google developer console and create desktop app type creetinals Then you can follow the calls below in order to authorize to Google and get an access token and a refresh token.
Notice how desktop apps use urn:ietf:wg:oauth:2.0:oob for a redirect uri this means just send it back where it came from.
# Client id from Google Developer console
# Client Secret from Google Developer console
# Scope this is a space separated list of the scopes of access you are requesting.
# Authorization link. Place this in a browser and copy the code that is returned after you accept the scopes.
https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code
# Exchange Authorization code for an access token and a refresh token.
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token
code ripped from GoogleAuthenticationCurl.sh
YOu may also be interested in Which type of credentials should you create? which explains how to decide which type of Google credentials you need to use for the application you are developing.
your web application.
Redirect uri mismatch with a true web application is most often a configuration issue. If you are using a servicer sided programming language you simply need to take the redirect uri that the error message is telling you is wrong and place that in Google Developer console for your web application as a Redirect uri. Google OAuth2: How the fix redirect_uri_mismatch error. Part 2
If on the other hand you have a Client sided web application using javascript it will state that the issue is with the JavaScript origin. It is still a configuration issue. However this time you need to take the URL it is telling you is wrong and place that in the javascript origin field in Google developer console Simple solution for redirect_uri_mismatch error with JavaScript
YOu do not need both Redirect URI and Javascript origin its one or the other.
Fixed it.
The problem is that i have added two version of redirect uri in the google console:
http and https
In the first step, i redirect customer to the oauth page "https://accounts.google.com/o/oauth2/v2/auth" with http version redirect uri.
In the second step i try to got the access token with https version redirect uri, so i got this error.
i'm able to create an oAuth 2.0 credential in my project.
I download the credentials file to the same folder.
Run my code and in the termnial it asks me to visit a URL to verify. I do that (copy and paste) however it redirects to localhost and fails.
Not sure how to get by this step so I can use my API.
Can't setup SalesForce OAuth for a week with the same error. Don't have any idea anymore :(
What I did:
Create account in salesforce
Create New App, get security key and secret to use in my WebApp
Send GET request to https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=%s&redirect_uri=%s
The request above redirects me to the login page, when I log in
Got the code in my app
Send POST request to https://login.salesforce.com/services/oauth2/token with grant_type, client_id, client_secret, redirect_uri and code form parameters.
Receive HTTP 400 with JSON below:
{"error_description":"authentication failure","error":"invalid_grant"}
Guys, please, tell me what am I doing wrong?
When I use PostMan google plugin with all my credentials all works fine, but when I do requests locally - receive error: {"error_description":"authentication failure","error":"invalid_grant"}
IP relaxation set to Relax IP restrictions callback_uri is with HTTPS
May it be that my IP blocked by SalesForce? Have no idea except this :(
Step 1:
Create an account. You can create a (free) developer account at developer.salesforce.com
Step 2:
Ignore all the landing pages and getting started crap. It’s an endless marketing loop.
Step 3:
Click the “Setup” link
Step 4:
In the lefthand toolbar, under “Create”, click “Apps”
Step 5:
Under “Connected Apps” click “New”
Step 6:
Fill out the form. Important fields are marked below (you can leave the rest blank)
Step 7:
Be advised that Salesforce has crappy availability.
Step 8:
Press continue. You finally have your key (client id) and secret (client secret).
Step 9:
But wait! You’re not done yet.
Make sure IP restrictions are disabled as well, and make sure that Permitted Users is set to “All users may self-authorize.”
If you’re concerned about disabling security, don’t be for now, you just want to get this working for now so you can make API calls. Tighten permissions once you have everything working, one at a time, so you can figure out what setting is giving you authentication errors.
Step 10:
Celebrate! This curl call should succeed:
curl -v https://login.salesforce.com/services/oauth2/token -d “grant_type=password” -d “client_id=YOUR_CLIENT_ID_FROM_STEP_8″ -d “client_secret=YOUR_CLIENT_SECRET_FROM_STEP_8″ -d “username=user#wherever.com” -d “password=foo#bar.com”
Notes:
- You shouldn’t be doing password authorization if you’re building a multi-tenant app, where users need to authorize their own application. Use the Oauth2 workflow for that.
Follow This tutorial.this will solve your login queries.
http://www.calvinfroedge.com/salesforce-how-to-generate-api-credentials/